We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Bridging fireall advice and giudance

magicmonkey007
on
Medium Priority
170 Views
Last Modified: 2010-04-09
Hi,

I would like to implement a firewall device on my network but am unsure what to look for in such a device.  

My situation:

All clients on the networ have public routable IP addresses.  The main firewall is managed by someone else and I have limited control if it.  I manage a subnet of the main network but would like to put a firewall device between my servers and network connection.  There is a small budget for this project so an open source linux project might be best.  The network is relatively low traffic so will not need to handle thousands of connections.  

I have read about bridging firewalls, which seem to offer the functioanlity I need.  I.e. can be placed inline between a server and switch or the main network feed and the switch connecting the servers.  Changing network addressing is not an option.  

I have used things like IPcop before and have been really pleased with them.  However they all seem to implment NAT and you have to use private IP addresses for your local network.  Ideally I would like something with VPN and IDS capabilities built in web cahing isn't needed.  

Can anyone recomend any projects or products.  Do any managed switches offer these features?

thanks

andy
Comment
Watch Question

Commented:
https://www.juniper.net/products/integrated/ the 5 series would be plenty for you.  and it's relatively inexpensive.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
I've seen less expensive hardware firewalls without the IDS capabilities built in, such as Watchguard Firebox or SOHO (http://www.watchguard.com) units.

You can look into something like Smoothwall (http://www.smoothwall.org).

But regardless, even if you initially design something WITHOUT IDS on a computer, you can download and set up Snort (http://www.snort.org)

Here's an article where you can find something on doing public IPs within your network, even though a lot of people will usually do NAT:
http://www.linux-faqs.com/Forum/viewtopic.php?t=153

Author

Commented:
Thanks for the sugestions.

Has anyone had any experiance with an astero firewall http://www.astaro.com/ .

Do these firewalls actualy working in a bridging mode?  I.e are you able to place it inline between a network port and a server without any network address changes?

Isn't smoothwall built with NAT as a a main component nad thus not be dissabled?

 
Commented:
You can do what you ask with a Juniper Netscreen, sorry no knowledge of the Astero.

Netscreen can be placed in layer2 mode, no IP change of your router or server, just add the Netscreen with an IP address in betwee,
or it can do layer3 routing w or w/o NAT if you need.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.