Bridging fireall advice and giudance

Posted on 2006-04-04
Medium Priority
Last Modified: 2010-04-09

I would like to implement a firewall device on my network but am unsure what to look for in such a device.  

My situation:

All clients on the networ have public routable IP addresses.  The main firewall is managed by someone else and I have limited control if it.  I manage a subnet of the main network but would like to put a firewall device between my servers and network connection.  There is a small budget for this project so an open source linux project might be best.  The network is relatively low traffic so will not need to handle thousands of connections.  

I have read about bridging firewalls, which seem to offer the functioanlity I need.  I.e. can be placed inline between a server and switch or the main network feed and the switch connecting the servers.  Changing network addressing is not an option.  

I have used things like IPcop before and have been really pleased with them.  However they all seem to implment NAT and you have to use private IP addresses for your local network.  Ideally I would like something with VPN and IDS capabilities built in web cahing isn't needed.  

Can anyone recomend any projects or products.  Do any managed switches offer these features?


Question by:magicmonkey007
  • 3

Expert Comment

ID: 16372465
https://www.juniper.net/products/integrated/ the 5 series would be plenty for you.  and it's relatively inexpensive.

Expert Comment

ID: 16373426
LVL 32

Expert Comment

ID: 16382182
I've seen less expensive hardware firewalls without the IDS capabilities built in, such as Watchguard Firebox or SOHO (http://www.watchguard.com) units.

You can look into something like Smoothwall (http://www.smoothwall.org).

But regardless, even if you initially design something WITHOUT IDS on a computer, you can download and set up Snort (http://www.snort.org)

Here's an article where you can find something on doing public IPs within your network, even though a lot of people will usually do NAT:

Author Comment

ID: 16383549
Thanks for the sugestions.

Has anyone had any experiance with an astero firewall http://www.astaro.com/ .

Do these firewalls actualy working in a bridging mode?  I.e are you able to place it inline between a network port and a server without any network address changes?

Isn't smoothwall built with NAT as a a main component nad thus not be dissabled?


Accepted Solution

jabiii earned 1000 total points
ID: 16383781
You can do what you ask with a Juniper Netscreen, sorry no knowledge of the Astero.

Netscreen can be placed in layer2 mode, no IP change of your router or server, just add the Netscreen with an IP address in betwee,
or it can do layer3 routing w or w/o NAT if you need.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question