Bridging fireall advice and giudance

Hi,

I would like to implement a firewall device on my network but am unsure what to look for in such a device.  

My situation:

All clients on the networ have public routable IP addresses.  The main firewall is managed by someone else and I have limited control if it.  I manage a subnet of the main network but would like to put a firewall device between my servers and network connection.  There is a small budget for this project so an open source linux project might be best.  The network is relatively low traffic so will not need to handle thousands of connections.  

I have read about bridging firewalls, which seem to offer the functioanlity I need.  I.e. can be placed inline between a server and switch or the main network feed and the switch connecting the servers.  Changing network addressing is not an option.  

I have used things like IPcop before and have been really pleased with them.  However they all seem to implment NAT and you have to use private IP addresses for your local network.  Ideally I would like something with VPN and IDS capabilities built in web cahing isn't needed.  

Can anyone recomend any projects or products.  Do any managed switches offer these features?

thanks

andy
magicmonkey007Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jabiiiCommented:
https://www.juniper.net/products/integrated/ the 5 series would be plenty for you.  and it's relatively inexpensive.
masnrockCommented:
I've seen less expensive hardware firewalls without the IDS capabilities built in, such as Watchguard Firebox or SOHO (http://www.watchguard.com) units.

You can look into something like Smoothwall (http://www.smoothwall.org).

But regardless, even if you initially design something WITHOUT IDS on a computer, you can download and set up Snort (http://www.snort.org)

Here's an article where you can find something on doing public IPs within your network, even though a lot of people will usually do NAT:
http://www.linux-faqs.com/Forum/viewtopic.php?t=153
magicmonkey007Author Commented:
Thanks for the sugestions.

Has anyone had any experiance with an astero firewall http://www.astaro.com/ .

Do these firewalls actualy working in a bridging mode?  I.e are you able to place it inline between a network port and a server without any network address changes?

Isn't smoothwall built with NAT as a a main component nad thus not be dissabled?

 
jabiiiCommented:
You can do what you ask with a Juniper Netscreen, sorry no knowledge of the Astero.

Netscreen can be placed in layer2 mode, no IP change of your router or server, just add the Netscreen with an IP address in betwee,
or it can do layer3 routing w or w/o NAT if you need.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.