Can anything but a Cisco ASA replace the features of IPCop?

Waldorf

Weaksauce
Joined
Oct 30, 2007
Messages
102
I'm finally looking to get rid of the PC that has run IPCop for me all these years. I want to replace it with a commercial hardware product. I'm wondering is there is anything cheaper than a Cisco ASA that is going to meet my needs. I need all of the following features to be supported by the product.

All ports must be gigabit.

I need at least 4 ports, but more would be nice.
RED - goes to my cable provider
GREEN - used for my home network
ORANGE - used for my kids home network
BLUE - used for wireless

The GREEN interface has access to the BLUE and ORANGE networks through NAT. However, those networks don't have access to any other network (except RED) unless I open specific holes for them.

For example, friends that come over can get on the BLUE wireless network and get out to the Internet, but they can't get to anything else. When I want to use the wireless, I have a hole open on GREEN network that allows BLUE network users to VPN into a server on the GREEN network. Once I'm VPN'd in, I can access the whole green network. I can access the BLUE network from the GREEN network without having to do a thing.

The same thing applies to the kid's ORANGE network. They can get out to the Internet and have their own printer on their network, but that is it. I can administer their machine from the GREEN network without having to do anything.

The unit does not need to have wireless built-in. I'm fine plugging in an access point to the BLUE network.

I'm hoping someone will tell me it is possible to accomplish all of this with something cheaper than an ASA.
 
Seems to me that you're current setup more then meets you're needs. Just getting the itch for something different or are you in need of some new features?
 
As soon as you say 4 gigabit interfaces + standalone unit + cheap... your options become very limited. I can't name anything off the top of my head. Maybe you can build IPCop into a miniATX PC so that it looks like a commercial hardware product? :D
 
Gig-E doesn't come cheap. For Cisco an ASA that supports Gig-E across all interfaces is going to be ASA5520 at least, and I don't think you want to be spending $5,000 just for your home firewall.
Your cheapest option is to go PC based again, and honestly I don't see any reason to pay thousands of dollars for network gear for home use when you can have all if not more functionality out of free software. Sure you don't have some nice support deal to go with it, and performance probably won't be equal in all situations but I definitely think it's going to be more then sufficient.
You're only benefit with solutions from the likes of Cisco and Juniper are the support contracts and in some cases specialized hardware. If you're not really going to benefit from those significantly, is it really worth the investment?
 
"Features for Price"....I'd say your best bet would be to stick with IPCop, or go to PFSense....just upgrade hardware a bit..get some good Intel NICs..
 
You can choose two out of the three:
Cheap
Fast
Secure

But never all three at once.
 
How about something like a Dell R200 with an Intel Quad NIC and buy a support package for untangle?
 
You can choose two out of the three:
Cheap
Fast
Secure

But never all three at once.

QFT

LMAO.

Stick with what you have, ASA's are generally too expensive for a home user's needs. (Not to mention you would need at least a 5520 for what you're asking for)

I have a 5505 at home and only because it was provided by my employer.
 
Or look into a cheap layer3 switch, and trunk its uplink to your ASA. Since the Layer3 switch would be doing the routing (and defaulting up to the ASA for internet), the ASA's speed limits won't hamper you.
 
Yeah, I had that same thought until I saw him wanting to inspect traffic between VLANs. You could create ACLs on the SVIs, but that would get ugly for a lot of traffic and defeat the purpose of his firewall. Not to mention you would need a decent L3 switch to support that.
 
Thanks for all the suggestions so far. I already have a mini-ITX machine running IPCop, but I use a 10/100 multi-port NIC. When I saw the price of a 4 port gigabit NIC, I thought I might be able to find a commercial product cheaper.

I must say that I am kind of surprised by people's take on price points. I managed to find a Linksys RVS4000 that had four gigbit network ports, a WAN port, and VLAN capability. The four ports could operate as four separate networks, but it also allowed you to route traffic between the different networks. Unfortunately, it was an all or nothing situation. You couldn't firewall the different netwroks. That unit was only $119.99.
 
Thanks for all the suggestions so far. I already have a mini-ITX machine running IPCop, but I use a 10/100 multi-port NIC. When I saw the price of a 4 port gigabit NIC, I thought I might be able to find a commercial product cheaper.

I must say that I am kind of surprised by people's take on price points. I managed to find a Linksys RVS4000 that had four gigbit network ports, a WAN port, and VLAN capability. The four ports could operate as four separate networks, but it also allowed you to route traffic between the different networks. Unfortunately, it was an all or nothing situation. You couldn't firewall the different netwroks. That unit was only $119.99.

What you're describing is just a soho router that supports VLANs, so yea, it's cheap. It doesn't meet your criteria though. You'd be hard pressed to find something that does everything you want in that price range.
 
I managed to find a Linksys RVS4000 that had four gigbit network ports, a WAN port, and VLAN capability. The four ports could operate as four separate networks, but it also allowed you to route traffic between the different networks. Unfortunately, it was an all or nothing situation. You couldn't firewall the different netwroks. That unit was only $119.99.

After a few weeks with that turd...you'll be smashing it to bits with a sledgehammer.

"You get what you pay for"
 
If you really want to go on the cheap you could get a quad port intel nic from newegg, but you'd need a free PCI-E or PCI-X slot and they go for about $420.
 
Back
Top