Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am evaluating a netscreen ssg-20 device and wondering about choices.
It's been a real nightmare switching over from watchguard to the netscreen for this eval but for the most part, things are working well. I very much wanted something which could handle multiple WANs, fail over, and do load balancing. So far, load balancing has pretty much been disabled because it seems to conflict with a lot of things but hey, fail over is there.
Support has been great for the most part but it took them a WEEK of screwing around and changing each others settings to finally hear me when I kept telling them that I had created my own policy. I kept asking them if it might be conflicting and sure enough, it was. Aside from that, they have been very good.
The unit will cost me about $1200.00 or so plus various additional things such as IDS and spam protection. The thing is, when I looked at open source projects, those things are all inclusive. For example, they will be using Kaperski (sp?) as their spam solution. Seems silly of me to put money into the Juniper pocket when I might be able to buy a killer piece of hardware for much less, use open source and pay support for that and still get the ability to call in as needed. I save money and I put money into something good, choices.
So, I'm looking for thoughts on this, from others who have gone through this process. I did try pfsense and a couple of others on commodity hardware but was never able to get things working 100%. The hardware would always screw up in some way or another and the firewall would stop responding. I have to believe it was the hardware and not the software as some of this software is so well developed and mature these days.
Now that I've gotten used to ScreenOS, is there something just like it out there that is open source? Your input is valued so that I can make the right decision.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
$1200 is ridiculously cheap for that kind of functionality. You'll spend more than that in labor to configure another solution to block spam and viruses. Be aware though, such "all in one" solutions really don't do a great job at everything. The Juniper kit is great for packet filtering and built-in IDS, but the real-time anti-virus and anti-spam functionality is a bit limited. Typically that protection is deployed as a separate solution for most organizations and provides a lot higher level of protection. However if your budget is limited, the Juniper solution could be a good way to go just to get some basic protection for e-mail.
Finally got them to give me an eval anti-spam license. After installing it, I can't believe they are charing $250.00 year for this. There's nothing there, it's just a white list and a black list with RBL!
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Quote:
Originally Posted by mlewis
Finally got them to give me an eval anti-spam license. After installing it, I can't believe they are charing $250.00 year for this. There's nothing there, it's just a white list and a black list with RBL!
Well, that's about what a yearly RBL subscription costs
Like I said, the anti-spam and anti-virus aren't that deep on devices like this because they have to scan packets in real-time and cannot afford to add latency. Dedicated devices do a much more thorough job (at much higher cost).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.