[olug] Linux versus Cisco PIX
Ryan Stille
ryan at cfwebtools.com
Fri Sep 19 21:58:31 UTC 2008
Michael Peterson wrote:
> If IPCop or CentOS or XYZ Linux are configured properly can they provide for
> a temporary or permanent basis the same basic features as a Cisco PIX
> Firewall device?
>
> Would anyone on the list recommend a specific Linux or Linux Firewall Distro
> that you have in production or have used in production?
>
> Or would a basic Sonicwall be a better temporary or permanent solution?
>
I replaced one of our two pix's with a small device running PfSense
(similar to monowall). Its worked great so far, and has been much
easier to administer than the old Cisco box. The only problem I've had
with it is that it can't be a PPTP server *and* allow outbound PPTP from
the internal network. Fairly easy to work around, and its supposed to
be fixed in the next version. It does openVPN and ipsec as well. We
plan to get rid of the second pix eventually and run everything through
the one pfSense box.
These awesome little boxes with pfSense pre-installed are under $200:
http://www.netgate.com/product_info.php?products_id=562
But before I got that I was just running it on an old PC and it worked
fine there, too.
-Ryan
More information about the OLUG
mailing list