Earlier versions of Checkpoint Firewall-1 were implemented as an application running on Microsoft Windows. Microsoft also made a great firewall ISA Server that became the Forefront firewall, and then they discontinued the product (crazy!). Does any vendor still make a high end firewall - that is comparable in features with the ones I list - that runs as a Windows application.
I am NOT looking for a host based firewall to protect the installed OS. I am looking for high end firewall software that might support up to 20 network segments and 100+ computers on those segments.
The world seems to be moving towards firewall appliances, but using an appliance if you want a large number of segments the cost can easily go over $30K. Using a software based approach, you can buy a server and quad or six-port ethernet cards and be all-in on hardware cost at under $1K. So if you can find capable software to manage that it provides huge cost effectiveness.
Are there any firewall vendors left who sell high end firewalls as Windows software?
nish ....................................
nish,
Your question is a bit above my pay grade since I only have 5 segments with
50 devices connected. But after doing a lot of looking, researching and cost benefit analysis for a small business my friend owns, the solution that bubbled to the top was:
- Old Dell with AMD64 CPU upgraded to 4GB RAM and a 128GB SSD, plus a 4 Port Intel NIC + 2 Port Intel NIC for the hardware
- pfSense firewall (
formatting link
) Open source
Rather than me try to tell you the benefits, I suggest you take a look at their forums and documentation. It's based on freeBSD but it's accessed via a browser so there's no need to be a Linux guru. Don't underestimate this firewall and I think you will find it has a lot of add-on's (free and payware) that you will find useful.
I've been running it since last Feb and while there's a slight learning curve, there is online documentation and a Wiki that has everything I needed to get this up and running. Running a web server for 24 security videos on a DMZ port, 3 wireless networks, a PCI DSS compliant port for credit cards, network for environmental controls and the main business network and guest services.
The hardware box is a 7 year old Dell that was upgraded. freeBSD was designed around AMD64 so I've read and the other upgrades were to future proof it for awhile. In reality, the hardware is way overkill and even with a max load on a 35MB/s FIOS connection, this firewall isn't even close to breaking a sweat. We have not had a single burp or network outage of any kind caused by the firewall - it runs 24/7 and does a great job. It has fail-over capabilities, supports multiple WAN's, traffic shaping....the features make for a long list.
This is not an off-the-shelf plug 'n go firewall appliance, you need to configure it. If you're not already familiar with it, take the time to research it and it will grow on you. You supply the hardware and the firewall software is free.
Bob S.