Quote:
Originally Posted by jose_tk
My company is going to launch a Data Center which consists of 30+ Linux Servers (RH and CentOS).
|
In which case, being as this is quite a professional operation, presumably you will have asked your security specialist and your networking specialist (maybe this is one person) their preferences.
If you don't have that kind of expertise, in house, maybe you should be considering a solution like Cisco, Bay Networks, Juniper, etc, etc because without the relevant expertise you'll want something that is easy to administer.
Failing that, you might consider one of the stand-alone firewall distros, like Astaro, IPCop, whatever ClarkConnect is called these days. Even here, you would be advised to have someone who knows what they are doing, so someone should go on an appropriate course.
Failing that, there is the 'roll your own' approach Most of the GUI firewalls are just front ends to Iptables, etc, so don't add any new capabilities, but arguably make configuration easier for newbies. However, the person doing this should in no way be a newbie. We all make mistakes or do things sub-optimally the first time through and do you want to risk your entire data centre operation on the chance of how your newbie's errors affect your customers?
So, if you get to this stage, you really, really need someone who knows what they are doing, whether that means hiring an expert for a while or training your own. Given that for this you need an expert, I'm not clear why you are asking a bunch of miscellaneous strangers, some of whom may lie or indulge in black-hatted behaviour for amusement.