What made you choose the firewall you use over other firewalls?

liamo

My firewall of choice is monowall.

I had used Smoothwall and IPCop over the years with great success but I had been playing with a Soekris 4801 for a while and got bored putting it to various uses. I also wanted to get rid of the noisy, energy-glugging monster that I had IPCop installed on. In addition, I wanted a PPTP VPN server and traffic-shaping. Monowall ticked all the boxes.

The combination of the soekris and monowall is a neat little solution. It's about the size of a paperback book and just as quiet.

ecksor

mick.fr wrote:

What you do for a living ?

Just saw this now. For future reference, don't dodge one argument with a comment about losing your time if you're going to come back with a silly timewasting jab like this. It is trolling and it doesn't help your credibility. FWIW, I've heard similar recommendations to what you're advocating here, but it's not common practice in my experience.

mick.fr

ecksor wrote:

Just saw this now. For future reference, don't dodge one argument with a comment about losing your time if you're going to come back with a silly timewasting jab like this. It is trolling and it doesn't help your credibility. FWIW, I've heard similar recommendations to what you're advocating here, but it's not common practice in my experience.

As you are saying, and this is especially addressed to you, the fact this is not common practice in your experience, or other people experience who posted wrong informations here, does not mean this is not very well implemented in many companies.

Reason why I was curious to know what kind of job people who wrongly replied to me very aggressively, have because none of the thing they replied is actually true.

Many companies have 2 different firewall vendors, this is a fact, based on industry good practice such as risk management with risk mitigation plan, based on what I do, and I am far to be the only one.
Just google it.

But none of those people are aware about this. That's fair enough, myself I do not know everything. Once again there was no need to be aggressive towards me because people's ignorance.

But the fact some people became completely ballistic about what I said is nuts, they have not even tried to do some searches and simply said what I said was total BS.

I like constructive discussions but when people are talking about things they do not know and are making wrong statements, I have to stop them, I guess this is my trainer profile that emerges.

I said many Irish Gov agencies have implemented up to 3 different firewall vendors before reaching the LAN and people still do not believe me ?
I mean I was here, in their datacenters, so why you guys do not believe me ? Reason why I said "We are not living in the same real world".

When I say it is easier to hack or gain access to a server behind a basic Linux/Cisco firewall than an ISA Server this is very true.
And somebody who has supposedly worked at MCS (Despite nobody remembers a consultant specialized in security on the 8th floor of the Atrium should know that.
This is not marketing, this is a technical fact.
People asked me to backup this very aggressively, this is stupid as this kind of firewall will simply open or close ports. There is nothing more easy if you have an opened port without any other inspection mechanism.

I mean this is the way hackers got through, getting easy access because the opened port without any other traffic inspection. And many product are working this way (IPCop, Symantec firewalls, Cisco) in their basic fashion.

And people who ridiculously laughed to what I said by throwing to my face OpenBSD has only had 1 security hole in remote install in 10 years are not getting security newsletter to see all the security holes OpenBSD has had in the last 10 years.
Those people do not even know the difference between FreeBSD and OpenBSD logos. FreeBSD and OpenBSD have a common ancestor, this is called Unix BSD 4.4, and this was more than 10 years ago those 2 OS have not much in common anymore.
Plus for Theo (If you know OpenBSD you know who is he), using a FreeBSD logo to promote OpenBSD is an insult, I can tell you that for sure.

So Ecksor I respect everybody here but I am sorry I reached my limits in term of insult's level by people who really do not know what they are talking about.

Now let's have a beer together on the 17th to forget about this incident :-)

Peace

ecksor

I've already said that I've seen recommendations like you describe, so I don't know what you're trying to achieve with yet another long diatribe or a BSD history lesson. If you feel that people are misinformed, then feel free to continue to offer what you believe to be the correct information. My comment was merely (FWIW, as I said) to try to get at the idea that perhaps this depends upon environment.

Questions about what people do are irrelevant. There are posters here who won't want to reveal who they work for and other knowledgeable posters who don't work in security. I regard the question as a troll and am posting a warning on that basis.

If you feel you are being insulted, then feel free to report the post.

Jaden

liamo wrote:

My firewall of choice is monowall.

I had used Smoothwall and IPCop over the years with great success but I had been playing with a Soekris 4801 for a while and got bored putting it to various uses. I also wanted to get rid of the noisy, energy-glugging monster that I had IPCop installed on. In addition, I wanted a PPTP VPN server and traffic-shaping. Monowall ticked all the boxes.

The combination of the soekris and monowall is a neat little solution. It's about the size of a paperback book and just as quiet.

I have IpCop running on a WRAP board (Google for WrapCop). It's half the size again of the board you have monowall on.

HTH.

Capt'n Midnight

Out of curiousity how do Transparent Bridging Firewalls rate ?