For political reasons I'm stuck needing a firewall appliance I can put between our router and our network. But I need to not have to change the NAT address of the router (192.168.0.1), nor the gateway of the client PC's.
Any recommendations for a firewall appliance that will operate at the hardware layer, or something along those lines? I guess I'm looking for pure packet inspection without VPN, DHCP, etc.
Suggestions? Ideas?
A machine with two or more ethernet ports running OpenBSD, for the cost of a PC. OpenBSD is highly regarded for security and stability. The integrated PF packet filter is very configurable. The documentation is decent, and there is a book by Jacek Artymiak specifically addressing the subject of firewalls on OpenBSD.
If you go with the bridge configuration, you will have to either use a third interface to administer the firewall or do everything from the console.
FireBox 1000 will do it, but they're are not cheap. You can run it in drop-in mode, set the subnet on each side and you're good to go.
Sonicwalls can be bridged. They do have all thge other features (dhcp, vpn, etc) but you can simply not use them.
Netscreen 5GTs do it, 10 IP box lists @ US$570, unlimited IP lists @ US$900.
On 15 Nov 2004 19:11:20 -0800, R Gardner blurted:
Find an old Lucent Brick - they work at layer 2
Spamming this account signifies your unqualified consent to a free security audit
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.