zorawar_bahadur
asked on
open source replacement for PIX needed
Hi,
I have a PIX firewall
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
For financial reasons my boss wants it replaced with an open source one.
i want to know the following
1. Should i buy a server hardware like dual core machine with 4 Gb memory etc or just buy a dell machine and install the firewall on it.
2. The PIX right now has three DMZs and a setup for VPN connections so that others can connect to it remotely. so i would need a firewall which has DMZ support and VPN support as well.
3. What the are the various different good software based firewalls in open source world. i know about iptables and some others but is there any which provides the same facilities as PIX in terms of features. it would be great if the command line configuration is also the same.
I have a PIX firewall
Hardware: PIX-515, 64 MB RAM, CPU Pentium 200 MHz
Flash i28F640J5 @ 0x300, 16MB
BIOS Flash AT29C257 @ 0xfffd8000, 32KB
For financial reasons my boss wants it replaced with an open source one.
i want to know the following
1. Should i buy a server hardware like dual core machine with 4 Gb memory etc or just buy a dell machine and install the firewall on it.
2. The PIX right now has three DMZs and a setup for VPN connections so that others can connect to it remotely. so i would need a firewall which has DMZ support and VPN support as well.
3. What the are the various different good software based firewalls in open source world. i know about iptables and some others but is there any which provides the same facilities as PIX in terms of features. it would be great if the command line configuration is also the same.
Sorry if this is a pompous sounding view but nothing out in the 'free' area is going to match the capabilities/functions/per formance etc provided by 'probably' the best firewall in the world.
>1. Should i buy a server hardware like dual core machine with 4 Gb memory etc or just buy a dell machine and install the firewall on it.
A firewall is not entirely about horsepower...
>2. The PIX right now has three DMZs and a setup for VPN connections so that others can connect to it remotely. so i would need a firewall which has DMZ support and VPN support as well.
>3. What the are the various different good software based firewalls in open source world. i know about iptables and some others but is there any which provides the same facilities as PIX in terms of features. it would be great if the command line configuration is also the same.
Try these... they have what you're looking for...
Recommended
IPCop: http://www.ipcop.org/
SmoothWall: http://www.smoothwall.org/
Others
ClarkConnect: http://www.clarkconnect.com/community/
m0n0wall: http://m0n0.ch/wall/
Shoreline Firewall: http://shorewall.net/
You may find an open source firewall with a somewhat comparable featureset to the PIX... but it is unlikely you'll find an open source firewall with a similar CLI... Huawei tried imitating the Cisco IOS cli and got sued...
A firewall is not entirely about horsepower...
>2. The PIX right now has three DMZs and a setup for VPN connections so that others can connect to it remotely. so i would need a firewall which has DMZ support and VPN support as well.
>3. What the are the various different good software based firewalls in open source world. i know about iptables and some others but is there any which provides the same facilities as PIX in terms of features. it would be great if the command line configuration is also the same.
Try these... they have what you're looking for...
Recommended
IPCop: http://www.ipcop.org/
SmoothWall: http://www.smoothwall.org/
Others
ClarkConnect: http://www.clarkconnect.com/community/
m0n0wall: http://m0n0.ch/wall/
Shoreline Firewall: http://shorewall.net/
You may find an open source firewall with a somewhat comparable featureset to the PIX... but it is unlikely you'll find an open source firewall with a similar CLI... Huawei tried imitating the Cisco IOS cli and got sued...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all the wonderful input.
I am a little confused as to who to give the points to. :)
Can I buy Smartnet support directly from Cisco or that is done by resellers?
how is it different from normal upgrade contract of cisco?
We are always glad to help. Split the points amongst the other three contributors Zorawar as I simply passed on my view.
Regards
keith
Regards
keith
ASKER
oh sorry I didnt see the "Split points" option.
any views about SmartNet support?
any views about SmartNet support?
> buy Smartnet support directly from Cisco or that is done by resellers?
If you don't already have it, you can purchase it from a reseller like cdw.com
If you already have a support contract you can extend it directly with Cisco
Smartnet is Cisco's normal extended maintenance support.
If you don't already have it, you can purchase it from a reseller like cdw.com
If you already have a support contract you can extend it directly with Cisco
Smartnet is Cisco's normal extended maintenance support.