Upgrading company Firewall. Sujestions.
-
I may have most of the connections as vlans in the ESX the only ones that wont be will be the cross over to the carp server and the lan to switches.
Time to brush up a little bit on the ESX vlans setup.Just waiting on hardware to show up to start. I will let you know how it goes and if any problems arise.
Thanks again for your help you cleared up the clutter in my head.
-
Well, do you really need both pfSense & Endian ? I'd try to not further complicate things which are already pretty complicated to start with.
Every product has a learning curve and even if you have some Linux background (as most IT people do these days) pfSense is based on BSD and is very different under the hood (no iptables, no tc etc). This requires some reading.
And while pfSense isn't a full blown "UTM" in the sense other products are, you should check it's packages. You might conclude they're are "good enough" for you.
-
@nez:
The Endian box will then be setup as Transparent and UTM.
I agree with dhatz, what UTM features do you need?
I think pfsense can do all.
att,
Marcello Coutinho -
With the UTM I need to be able to Filter the Web based on subnets and the list needs to be updated often. As well as Application Control.
General Motors monitors all our internet activity so the Filter list has to be updated every so often to please them.Now if i am missing something with DansGaurdian or Squid that I can do this with out messing up the QoS or use something else that is better I am all game.
-
I was looking around endian website and they seem to use a lot of the same things as pfsense. Like snort, openvpn, and so on. I could not find it on their website, but it stands to reason that they might be using squid with squidguard for content filtering. Maybe even dansguardian, but I am not sure what they are using. If they are using any of those, and claim that it will not mess with QoS, then it should not in pfSense.
Your updated every so often needs defining. Are you talking about auto-updating subnets or something? -
I was looking around endian website and they seem to use a lot of the same things as pfsense. Like snort, openvpn, and so on. I could not find it on their website, but it stands to reason that they might be using squid with squidguard for content filtering. Maybe even dansguardian, but I am not sure what they are using. If they are using any of those, and claim that it will not mess with QoS, then it should not in pfSense.
Your updated every so often needs defining. Are you talking about auto-updating subnets or something?Most of the tools that are currently marketed as "UTM" have done significant work to tightly integrate & enhance the content filtering functionality and reporting. The result offers more than what can be achieved by simply slapping a SquidGuard or DansGuardian package on top of a firewall distro.
-
In Endian or pfsense?
-
In Endian or pfsense?
Were you asking me? I was referring to the several Linux-based products which offer integrated "UTM" functionality, e.g. Smoothwall, Astaro, Untangle etc.
There are at least a dozen different firewall products (nearly all of them are specialized Linux distros) aiming to address the needs of SMBs (small-medium businesses), and typically offer UTM functionality and AD integration. In addition, there are about a dozen more Linux-based fw distros which are still decent/usable, but less actively developed.
-
dhatz, I was seeing if you were talking about pfSense putting in the time to UTM or if you were refering to Endian. Or if either is one of those that just slapped in SQuid/ snort / and the like.
-
The reason for going with a smoothwall, Endian, or untangled type of distro is the subscriptions for the web filtering, anti virus, spam control ect… As well as they, like mentioned have done a lot of work to make the underlying packages pfsense uses to work, in a much more solid versital form.
I would love to run it all in one box but i have yet to see it possible to provide the features we need to meet certain security standards while keeping the speed there. And i am guess this is why I see a lot of people who have pfsense and untangled combo.