Hi Guys

I would like to secure my office growing network using a linux firewall distribution , so i have searched and reached to final decision as SmoothWall and ClearOS , so i would like to know what is your opinion about both and which one is better in your opinion , please mention why. and mention any other distro you think its better and why it is better .

Thanks in advance guys.

I chose smoothwall. I haven't tried ClearOS, but I did try a few other firewall distros. Smoothwall was the one (that for me) just worked.

HTH
Dave

I run ClearOS at home and really like it. It has good support and it based on Redhat so it's more familiar for me. I also used Endian before that and it was good, but a little harder to customize for me anyway.

ClearOS used to be called ClarkConnect years ago. It was pretty good back then but I eventually went to standalone linux/bsd firewall-only boxes...

A recent review of ClearOS at The Register (http://www.theregister.co.uk/2010/11...ear_os_review/) shows it to be a very full-featured all-in-one server for a business network. An upcoming release (6-something) is slated to include groupware support with the addition of Zarafa.

In any case, definitely try each in a pilot before you actually go live with anything in a production environment!

Every discro have the same iptables - firewall.

This is not dependent to disctro - in my opinion - it is dependent for men who write the rule in iptables.

I haven't done ClearOS but did try several a few years ago (IPCop, Smoothwall, and ClarkConnect). ClarkConnect stuck out (in a good way). Basically, it felt easier to use and had a few more features than the others.

There's another that impressed me that I used after testing the above three. It was Astaro Linux. There's another I keep hearing about that I haven't tried: PFSense.

Astaro has a free-for-home-use product, but will cost money to deploy in a business environment.

pfSense is a great FreeBSD-based firewall, very powerful, and with a good webGUI. Not based on linux, it uses *BSD's pf (packet filter) instead of iptables, so it might not be a good pick if you're actually trying to learn iptables rules.

Personally, I switched to a mix of pfSense on PC hardware and dd-wrt on supported routers. pfSense has been rock-solid-stable for me at a variety of offices (not using the beta) for years.

Good luck!

I figure since the OP has a 200-host network, he can afford to look into licensing Astaro (it's probably cheap considering the security factors involved). Plus, some managers WANT support. The OP would've discovered this as he/she researched the suggestion.

I also figured that it wouldn't matter if the *nix flavor was Linux or *BSD, which is why I mentioned pfsense. I didn't even consider if the OP wasn't familiar with *BSD or pf...that would be apparent to him/her as they researched the suggestions. About "trying to learn iptables", I'm thinking that this wouldn't be a good time to be learning things such as iptables or pf...then again, that's why most of these gateway distros have frontends.

BTW, I purposely tend not to elaborate much on the discussion matter as a way of enticing the OP to research on his/her own. I throw out names, the OP sees it, then they're supposed to investigate the suggestions...it empowers them and helps them in making an educated decision.

I must have missed something. Is this tidbit of info relayed in another post? All the OP mentioned in this thread was "growing". If this is the case, I have to agree with unixfool, good opportunity to license and possibly relieve some of the maintenance headaches (whatever the product choice ends up being).

HTH
Dave

I apologize regarding the above comment (although the rest of my comments should actually apply). I've gotten this thread confused with another that I commented on. Sorry.

The trouble with a question like this, is what you mean by 'best'; maybe it is easiest to get up and running, maybe it is the easiest to add to extra stuff to, maybe it has the 'friendliest' iptables front-end or maybe it is the most secure. Whatever you choose, my choice will slightly different.

@grzesiek
Sort of; apart from the BSDs, they will all be iptables underneath, but may well have different config tools as front-ends. And what good is it to have a hugely capable system like iptables if the front end doesn't let you use some of the the options that the underlying system has, or makes it difficult to understand? And, by the way, this is an argument that you don't need a specialist firewall distro for a firewall, but it may things easier.