Open source Firewall

Lakshmana

I have read the opensource firewall in magazine.there are about 10 firewall are seen.they are 1) pfsense 2)clearos 3) untangle 4)ipfire 5)smoothwall 6)shorewall 7)endian firewall 8)IP cop 9)vyos 10)ufw or uncomplicated firewall.
Whether above firewall are os or the distribution which can be installed in the Linux OS ?Or it is inbuild things we need to configure it?
How many of you used this Linux machine or servers?

scottalanmiller

Those are firewall appliances not firewall software. You don't install firewalls on any OS. All usable operating systems have firewalls built in. You simply use the OS.

All of those products you list are just an OS and the built in firewall. None of them add something new.

In the case of Linux, the firewall is IPTables.

scottalanmiller

Firewalld and UFW are just tools for managing IPTables. CentOS uses Firewalld, Ubuntu uses UFW - but they are just management tools.

Lakshmana

@scottalanmiller where these appliances used?
In enterprise level only??

scottalanmiller

VyOS is extremely similar to EdgeOS used in Ubiquiti firewalls. They are both forks of Vyatta.

scottalanmiller

@Lakshmana said in Open source Firewall:

@scottalanmiller where these appliances used?
In enterprise level only??

No, opposite. Most verge on hobby systems. VyOS is very enterprise, we use it in our big data center. That's shared code with Brocade and Ubiquiti.

pfSense is FreeBSD / pf based and very good. But more or less an enterprise would never build their own firewalls. You buy appliances for that.

Lakshmana

@scottalanmiller said in Open source Firewall:

@Lakshmana said in Open source Firewall:

@scottalanmiller where these appliances used?
In enterprise level only??

No, opposite. Most verge on hobby systems. VyOS is very enterprise, we use it in our big data center. That's shared code with Brocade and Ubiquiti.

pfSense is FreeBSD / pf based and very good. But more or less an enterprise would never build their own firewalls. You buy appliances for that.

What is brocade and ubiquitous words used here??

scottalanmiller

With really good firewalls from Ubiquiti being so cheap and using EdgeOS the entire concept of making your own firewall is basically historical only. There is no value to it today outside of the educational value.

The one rare exception is VyOS on large rack servers for cases where you need extreme throuput on a budget.

scottalanmiller

@Lakshmana said in Open source Firewall:

@scottalanmiller said in Open source Firewall:

@Lakshmana said in Open source Firewall:

@scottalanmiller where these appliances used?
In enterprise level only??

No, opposite. Most verge on hobby systems. VyOS is very enterprise, we use it in our big data center. That's shared code with Brocade and Ubiquiti.

pfSense is FreeBSD / pf based and very good. But more or less an enterprise would never build their own firewalls. You buy appliances for that.

What is brocade and ubiquitous words used here??

Brocade and Ubiquiti are firewall vendors. Brocade makes very large enterprise gear like Juniper. Ubiquiti we talk about daily in here. It is nearly the only network gear we recommend for small business any more - it is so good and so cheap that nothing competes with it.

Francesco Provino

@Lakshmana said in Open source Firewall:

@scottalanmiller said in Open source Firewall:

@Lakshmana said in Open source Firewall:

@scottalanmiller where these appliances used?
In enterprise level only??

No, opposite. Most verge on hobby systems. VyOS is very enterprise, we use it in our big data center. That's shared code with Brocade and Ubiquiti.

pfSense is FreeBSD / pf based and very good. But more or less an enterprise would never build their own firewalls. You buy appliances for that.

What is brocade and ubiquitous words used here??

Brocade is one of the top player in the networking world. They buy Vyatta and make their own (mostly closed source) version of the Vyatta appliance.

Francesco Provino

@scottalanmiller said in Open source Firewall:

@Lakshmana said in Open source Firewall:

@scottalanmiller said in Open source Firewall:

@Lakshmana said in Open source Firewall:

@scottalanmiller where these appliances used?
In enterprise level only??

No, opposite. Most verge on hobby systems. VyOS is very enterprise, we use it in our big data center. That's shared code with Brocade and Ubiquiti.

pfSense is FreeBSD / pf based and very good. But more or less an enterprise would never build their own firewalls. You buy appliances for that.

What is brocade and ubiquitous words used here??

Brocade and Ubiquiti are firewall vendors. Brocade makes very large enterprise gear like Juniper. Ubiquiti we talk about daily in here. It is nearly the only network gear we recommend for small business any more - it is so good and so cheap that nothing competes with it.

Agree, Ubiquity stuff is good and cheap. You can replace a 3k€ Cisco 5510 with a 400€ ER-8.

Lakshmana

Whether these firewall os are able to test in VM machine?

scottalanmiller

@Lakshmana said in Open source Firewall:

Whether these firewall os are able to test in VM machine?

No, they are hardware. If you want to run a firewall in a VM, VyOS is the obvious choice. pfSense is kind of okay.

Lakshmana

@scottalanmiller as checked providing the link for future reference
http://packages.vyos.net/iso/release/1.1.7/

https://www.pfsense.org/download/

Reid Cooper

pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over.

Dashrender

@Reid-Cooper said in Open source Firewall:

pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over.

Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.