Linux Firewall
Hi,
I am setting up a new web server that I rent remotely. It will run Lunux CentOS 64bit
Before I had a managed server with a managed Cisco pix firewall which was easy to use through their web interface.
Well, now I have 2 options which is to use a Dell SonicWall 215 or choose some software firewall. I do not have much experience on Software based firewalls and wonder if I could solicit for some advice from people that are experts on this area.
My questions are basically if it is really worth the considerable additional monthly costs for a hardware firewall and if there is a software firewall (preferably open source) that would do the same job reliable and securely. I do not have a complicated set-up as there are only a handful of users allowed to FTP to the machine and basically 2 users that can login using SSH and switch to root. Then of course the general public that visits websites and fetches/sends mail.
I will have a giga bit network but the Dell firewall is certified for 500 mbit, will this mean will it be an actual bottleneck? Also does a software based firewall have any performance issues.
What would be your recommendations, if the general opinion is that software firewalls are not secure and would open my door to attacks then I would have to cough up the extra monthly money but if there are software firewalls that are secure then of course I could save considerable.
If a software firewall then are there any recommendations?
I like to mention that I have 12 public IP addresses that need to managed and that it is a single server set-up. I do not have the budget to add a second server dedicated to a firewall. Seems that most software firewalls do not support multiple public IP's?
Best wishes,
tom
I am setting up a new web server that I rent remotely. It will run Lunux CentOS 64bit
Before I had a managed server with a managed Cisco pix firewall which was easy to use through their web interface.
Well, now I have 2 options which is to use a Dell SonicWall 215 or choose some software firewall. I do not have much experience on Software based firewalls and wonder if I could solicit for some advice from people that are experts on this area.
My questions are basically if it is really worth the considerable additional monthly costs for a hardware firewall and if there is a software firewall (preferably open source) that would do the same job reliable and securely. I do not have a complicated set-up as there are only a handful of users allowed to FTP to the machine and basically 2 users that can login using SSH and switch to root. Then of course the general public that visits websites and fetches/sends mail.
I will have a giga bit network but the Dell firewall is certified for 500 mbit, will this mean will it be an actual bottleneck? Also does a software based firewall have any performance issues.
What would be your recommendations, if the general opinion is that software firewalls are not secure and would open my door to attacks then I would have to cough up the extra monthly money but if there are software firewalls that are secure then of course I could save considerable.
If a software firewall then are there any recommendations?
I like to mention that I have 12 public IP addresses that need to managed and that it is a single server set-up. I do not have the budget to add a second server dedicated to a firewall. Seems that most software firewalls do not support multiple public IP's?
Best wishes,
tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you're going to put your software firewall on another system, you may as well buy the sonic wall hardware. It all depends on how much money versus how much extra security you need.
The software firewall is quite easy to set up and is robust enough for the majority of attacks, so you might as well enable it locally too. If you don't enable the software firewall, and the hardware firewall is compromised, your entire network is compromised. You really should have both. If you don't have the money, then you do the best you can with the software firewall and making sure you patch all the vulnerabilities that you can.
The software firewall is quite easy to set up and is robust enough for the majority of attacks, so you might as well enable it locally too. If you don't enable the software firewall, and the hardware firewall is compromised, your entire network is compromised. You really should have both. If you don't have the money, then you do the best you can with the software firewall and making sure you patch all the vulnerabilities that you can.
ASKER
Thank you both for the comments, I would surly not go with the Dell firewall but I have no other option. This is the only Firewall the ISP where I get the Dedicated server from offers. I can not have it locally because I live in Asia and most customers are in USA so I need to have it remotely. So buying one is unfortunately not an option. They charge $69 a months for this. It did also worry me that it has a 500mbi throughput and I have a 1GB uplink. So it is a bottleneck. This was also one reason on my thoughts of using a Software firewall instead.
Its a hard decision since I do not want to compromise the system, I can not afford 2 systems so the choice is only Software Firewall or Dell SonicWall.
By the way, there is another option for this dell firewall for $128 a months and the only difference is that it is Passive/Active, any idea what this means and is it worth to pay double?
Its a hard decision since I do not want to compromise the system, I can not afford 2 systems so the choice is only Software Firewall or Dell SonicWall.
By the way, there is another option for this dell firewall for $128 a months and the only difference is that it is Passive/Active, any idea what this means and is it worth to pay double?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you both for giving me some advice. I decided to go with the hardware firewall but will setup a software firewall too.
Note that the TZ215 DOES have gigabit interfaces. Don't know how much you are expected to pay for the TZ215 usage, but you can buy one with one year of CSS subscription for about $930. Sonicwalls have a web based interface, and are fairly simple to manage.