Anyone Still Making High End Firewall Implemented as a Windows Application?

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Earlier versions of Checkpoint Firewall-1 were implemented as an application  
running on Microsoft Windows.   Microsoft also made a great firewall ISA  
Server that became the Forefront firewall, and then they discontinued the  
product (crazy!).    Does any vendor still make a high end firewall - that  
is comparable in features with the ones I list - that runs as a Windows  
application.

I am NOT looking for a host based firewall to protect the installed OS.  I  
am looking for high end firewall software that might support up to 20  
network segments and 100+ computers on those segments.

The world seems to be moving towards firewall appliances, but using an  
appliance if you want a large number of segments the cost can easily go over  
$30K.   Using a software based approach, you can buy a server and quad or  
six-port ethernet cards and be all-in on hardware cost at under $1K.    So  
if you can find capable software to manage that it provides huge cost  
effectiveness.

Are there any firewall vendors left who sell high end firewalls as Windows  
software?

nish  



Re: Anyone Still Making High End Firewall Implemented as a Windows Application?


"nish"  wrote in message  

Earlier versions of Checkpoint Firewall-1 were implemented as an application
running on Microsoft Windows.   Microsoft also made a great firewall ISA
Server that became the Forefront firewall, and then they discontinued the
product (crazy!).    Does any vendor still make a high end firewall - that
is comparable in features with the ones I list - that runs as a Windows
application.

I am NOT looking for a host based firewall to protect the installed OS.  I
am looking for high end firewall software that might support up to 20
network segments and 100+ computers on those segments.

The world seems to be moving towards firewall appliances, but using an
appliance if you want a large number of segments the cost can easily go over
$30K.   Using a software based approach, you can buy a server and quad or
six-port ethernet cards and be all-in on hardware cost at under $1K.    So
if you can find capable software to manage that it provides huge cost
effectiveness.

Are there any firewall vendors left who sell high end firewalls as Windows
software?

nish
....................................

nish,

Your question is a bit above my pay grade since I only have 5 segments with  
50 devices connected.  But after doing a lot of looking, researching and  
cost benefit analysis for a small business my friend owns, the solution that  
bubbled to the top was:

1. Old Dell with AMD64 CPU upgraded to 4GB RAM and a 128GB SSD, plus a 4  
Port Intel NIC + 2 Port Intel NIC for the hardware
2. pfSense firewall ( https://www.pfsense.org/ ) Open source

Rather than me try to tell you the benefits, I suggest you take a look at  
their forums and documentation. It's based on freeBSD but it's accessed via  
a browser so there's no need to be a Linux guru.  Don't underestimate this  
firewall and I think you will find it has a lot of add-on's (free and  
payware) that you will find useful.

I've been running it since last Feb and while there's a slight learning  
curve, there is online documentation and a Wiki that has everything I needed  
to get this up and running.  Running a web server for 24 security videos on  
a DMZ port, 3 wireless networks, a PCI DSS compliant port for credit cards,  
network for environmental controls and the main business network and guest  
services.

The hardware box is a 7 year old Dell that was upgraded. freeBSD was  
designed around AMD64 so I've read and the other upgrades were to future  
proof it for awhile.  In reality, the hardware is way overkill and even with  
a max load on a 35MB/s FIOS connection, this firewall isn't even close to  
breaking a sweat.  We have not had a single burp or network outage of any  
kind caused by the firewall - it runs 24/7 and does a great job.  It has  
fail-over capabilities, supports multiple WAN's, traffic shaping....the  
features make for a long list.

This is not an off-the-shelf plug 'n go firewall appliance, you need to  
configure it. If you're not already familiar with it, take the time to  
research it and it will grow on you.  You supply the hardware and the  
firewall software is free.

Bob S.  


Re: Anyone Still Making High End Firewall Implemented as a Windows Application?
Quoted text here. Click to load it

That was a very valid suggestion thank you.   My main objection to something  
like this is the drivers for a proprietary HP server are not likely to be  
well tested and maybe not very robust.   There is something to be said for  
running HP drivers for HP hardware on an HP authorized OS.   Then let the  
firewall be a simple application that runs on a hardened OS platform.  
Something tells me I would spend two to three months working through driver  
issues, not to mention I do not administer UNIX platforms so probably I will  
accidentally leave a lot of glaring security holes in place.

nish  



Re: Anyone Still Making High End Firewall Implemented as a Windows Application?
On 12/08/15 16:34, nish wrote:
Quoted text here. Click to load it

HP does (used to?) offer ProLiant Support Packs for Linux.  I believe  
they covered RHEL and SLES, and included drivers.



--  
Grant. . . .
unix || die

Site Timeline