[ale] Trustix Enterprise Firewall's License

runman runman at speedfactory.net
Sun Jul 23 10:57:21 EDT 2006


Does anyone have any experience with this product ?  and if so, what kind of
license does it have ?  It seems that Trustix Secure Linux is a distro (free
under the GPL), but the Enterprise Firewall is a commercial product
requiring a license.  I searched the forums and it seems that the license is
good for only a year and the "free" version will only support one group of
IP addresses or "zone".  I noticed that the key requires your MAC address
also.  Does anyone have any comments/thoughts/advice on a multi-interfaced
firewall product that can connect to pppoe ?  Here are the ones I have tried
and my impressions :

Situation : Firewall needs to connect via pppoe to my ISP.  I run 2 DMZ's
and a private network in addition to my connection to the Internet for a
total of 4 NICs (interfaces). Needs to handle up to 20 pc's at one time.
Easily upgradeable and easy to run.  Will reconnect automatically if
connection dropped.

What I have tried :

Astaro - seems slow and has problems reconnecting after a dropped
connection.  Licensed and a commercial product.  Hardware requirements seem
excessive for what I have available and what I need done.  Interface is
really extensive and complex, but ok if you have time to work your way
through the manual.  "Free residential" license limits you to only a few pc
connections at a time.  Tries to have "the world" in one distribution, which
explains the hardware requirements.

Smoothwall and IPCOP - seem to have trouble configuring more than 3
interfaces.  If there are problems after 2 attempted installs I move on.  I
have used both in the past until I grew my network.

m0nowall - runs off a CDROM, more for embedded market it seems.  I ran it
for awhile  ok.  Is my back-up go-to for a quick firewall solution.  Can
store config on a floppy (which I still install on all my pcs' as it is all
I need to upgrade in many instances).

pfSense - fork of m0nowall, crappy documentation, possible use of plugins
seems to cater to ignorant masses wanting all sorts of silly
servers/services on a firewall (I just want a stateful packet filter).  It's
what I am using now.  Uses customized FreeBSD, pf, altq, carp.

OpenBSD - requires some work to set up, is all manual, ppp0e (kernel) is
kinda involved, and I had problems with the userland pppoe.  Last benchmark
I saw ranked OpenBSDs' ppp0e last after NetBSD, Linux, and FreeBSD in
matters of speed.  However it is installable on everything.


Have not tried : small SOHO embedded products like Cisco or CheckPoint or
others.



- Greg

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.3/395 - Release Date: 7/21/2006
 




More information about the Ale mailing list