Bridging fireall advice and giudance

Hi,

I would like to implement a firewall device on my network but am unsure what to look for in such a device.  

My situation:

All clients on the networ have public routable IP addresses.  The main firewall is managed by someone else and I have limited control if it.  I manage a subnet of the main network but would like to put a firewall device between my servers and network connection.  There is a small budget for this project so an open source linux project might be best.  The network is relatively low traffic so will not need to handle thousands of connections.  

I have read about bridging firewalls, which seem to offer the functioanlity I need.  I.e. can be placed inline between a server and switch or the main network feed and the switch connecting the servers.  Changing network addressing is not an option.  

I have used things like IPcop before and have been really pleased with them.  However they all seem to implment NAT and you have to use private IP addresses for your local network.  Ideally I would like something with VPN and IDS capabilities built in web cahing isn't needed.  

Can anyone recomend any projects or products.  Do any managed switches offer these features?

thanks

andy
magicmonkey007Asked:
Who is Participating?
 
jabiiiCommented:
You can do what you ask with a Juniper Netscreen, sorry no knowledge of the Astero.

Netscreen can be placed in layer2 mode, no IP change of your router or server, just add the Netscreen with an IP address in betwee,
or it can do layer3 routing w or w/o NAT if you need.
0
 
jabiiiCommented:
https://www.juniper.net/products/integrated/ the 5 series would be plenty for you.  and it's relatively inexpensive.
0
 
masnrockCommented:
I've seen less expensive hardware firewalls without the IDS capabilities built in, such as Watchguard Firebox or SOHO (http://www.watchguard.com) units.

You can look into something like Smoothwall (http://www.smoothwall.org).

But regardless, even if you initially design something WITHOUT IDS on a computer, you can download and set up Snort (http://www.snort.org)

Here's an article where you can find something on doing public IPs within your network, even though a lot of people will usually do NAT:
http://www.linux-faqs.com/Forum/viewtopic.php?t=153
0
 
magicmonkey007Author Commented:
Thanks for the sugestions.

Has anyone had any experiance with an astero firewall http://www.astaro.com/ .

Do these firewalls actualy working in a bridging mode?  I.e are you able to place it inline between a network port and a server without any network address changes?

Isn't smoothwall built with NAT as a a main component nad thus not be dissabled?

 
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.