DPI, Firewall & AV, what are my options ?

  • Thread starter Deleted member 133315
  • Start date
D

Deleted member 133315

Guest
I am looking at one of these http://www.zen.co.uk/firewalls/Solutions/fortiwifi-60b.aspx

If the link doesnt work, its a, Fortinet FortiWiFi 60B Firewall

Now, I aint too amused at the cost and the monthly management costs and also the yearly subscriptions on top of that, so I was wondering, is there anything that I can do with an old 2.6 athlon XP or 2.8 athlon64 or worst case I could use X2 3800 that would give me Deep Packet Inspection, Firewall and AntiVirus, Content Filtering and Spam Filtering.

I have'nt used smoothwall, m0n0wall or the likes before and dont really know what features they have and dont have, but does anyone know of anything that can be used on an old pc and would be able to perform the above tasks that I want, specifically I really want to have DPI, the rest I can do locally on each pc if need be, but I would prefer to use one old pc to do all of it if possible.

Also, if someone knows of something that would fulfill the role, it must be able to keep up with traffic and not cause major slowdowns for whatever reason, it must be smooth and not affect the speeds ( well not by too much if at all possible ) that I am getting just now via the internet or via lan.

So, what are my options ? would I be better off buying something like what I have linked to above ? or is there some kind of app/s or OS that can perform all the tasks I want for free or cheap ?

Cheers

E.S
 
If the cost gets you....look into some of the "UTM *nix distros"
UTM...Unified Threat Management.

Only a few of the free *nix router distros do this. 3 that come to mind...

*IPCop..not by itself...but with a plug in for it called Copfilter. Will run well on a mid-range P3 or higher...with 384 or more megs.
http://ipcop.org/
http://copfilter.org/
IPCop is widely known, thus lots of support forums for them. However...it's getting dated.

*Endian...which is based on IPCop with the Copfilter plugin...but it's a more polished package. Very smooth running. Similar hardware requirements.
http://www.endian.com/en/community/
A good package, but since it's not as well known..not as much of a support forum for them. They do have pre-made appliances you can purchase from them and get support, else..since they're not as widespread...hard to find open support forums for them.

*Untangle. Quite new....VERY powerful and full featured. I love this distro. A bit steeper in hardware requirements...for a home user...an upper end P3 closer to the GHz range or higher, and you'll want 512 megs or higher.
They are on a strong marketing campaign...going after the market that Fortinet and Sonicwall are strong in..they have a pre-built retail appliance you can pay for and get support with, as well as a free ISO with 2x features turned off, that you can download and install on your own.
http://www.untangle.com/
Great support forums also.
With upper end hardware and all the features turned on..it'll still belt out over 40 megs of throughput. (which should go up substantially with the upcoming 5.1 release) I have one in production at a client with around 60x nodes on the network...on a 20 meg pipe..and I still see all 18 megs of it through Untangle. It's on a 2.4 P4 with only 1 gig of RAM.
 
Thanks, I am having a look at that untangle, I will probably give it a shot and see what its like :)

cheers dude ;)
 
If you want to take more of a peek at Untangle..click on the Live GUI preview link here..runs in JAVA
http://www.untangle.com/index.php?option=com_content&task=view&id=242&Itemid=967

I will make a note however...the current version, 5.0....has had some compatibility issues with some AMD based motherboards/chipsets. They are stating increased compatibility in the upcoming 5.1 release. I've only installed it on Intel based systems.

In their forums you'll find a few threads about success or not..with hardware..people sharing their experiences.
 
Cool, I am burning the latest one as we speak, so I hope that it doesnt have problems with the boards/chipsets I have as they are all amd based boards.

I will go check out the forums now and see what ppl are saying about it.

cheers
 
I got it up and running and I am impressed with it so far, looks like it fits my purpose exactly.

I like the layout and since its based on my favourite distro "Debian" that means I like it even more :)

I must admit untangle looks real powerful with all the options etc and is exactly what I was looking for when I made my post, hopefully you have just saved me £650 + £70 a month and then £300 yearly subscription, or something like that.

1 thing I did notice that maybe is a bug is, now this wont matter much as once its on its on and wont be turned off hardly ever, but when I click on shutdown, it doesnt shutdown, it does close the client and goes to the shutdown screen but it never actually shutsdown, it does however reboot though with no problems when i click on the reboot icon.

As I say shutting down wont hardly ever be used and if it is needed to be shutdown I will reboot instead and then push power button to stop it when pc starts to bootup again and hasnt gotten as far as reading the hdd, so far thats the only problem I have noticed except for the fact that it thinks my keyboard is american and when I put in my email addy it used " instead of @ :) thats easily fixed along with the resolution with the terminal.

thanks again for hooking me upto it stonecat as I am gunna have alot of fun setting this up ;)

cheers

E.S
 
Hmmm...might be a disagreement with the powermanagement of it..and your hardware. I know the one I recently deployed at a client...it'll power down all the way. Intel chipset though.

Yeah it's powerful...I'm guessing you noticed the small differences in the paid for "pro" version...versus your freebie ISO download, the SSL VPN feature, integration with AD, dual antivirus engine, and support of course. As well as backup of your config to their servers.

For a freebie....IMO it's the best UTM distro out there. Their forum is quick with replies to issues you may have too.

You found you have to add the rack components from the "library" link on the left side? Out of the box..it's just running the basic router component.
 
Yea, I added all the components at the side, well all the free ones :) their is some unfree ones that I wont miss and dont particulary need like the support and backup to their servers, support I can hit you up for ;) and also their forums and backup, well I havent looked into its backup options if it has any outside of the pro version, but if it does then local backup will be good enough for me.

is their a huge difference in the dual AV compared to the normal AV ? or is it just a case that the dual AV gets more definitions and gets them quicker than the free one ?

All in all it looks really good, Although I played about with it this afternoon for an hour or so, I havent set it up 100% yet as I never had much time this afternoon.

I am running it behind a router atm, but am thinking about getting a seperate adsl modem and switch and wireless AP and dumping the router I use now and let untangle do the routing, but I will look into it more tomorrow and see what all I can do with the setup I have now, but I think it would be better in the long run if I took my router out of the equation and just let untangle do its thing instead.

Tell me, do you use the pro/paid for version ? and if so is it worth it for those extra couple of features compared to the free version ?
 
A UTM product does you no good if you don't update it. Keep in mind these companies make their money off of subscriptions and not the product itself. It's like buying a printer, the money is in the consumables, although in this case the subscriptions. That being said check out www.snort.org
 
IMO I don't think the dual AV engine is a big deal...I forget which engine they use for the 2nd engine..the first one is the usual open source *nix freebie...ClamAV. Not known for being the best out there anyways..and I'm always running Eset NOD32 across all my clients networks anyways..and Esets XMON on their Exchange servers. So what it bags..I have confidence NOD32 would have bagged anyways. But nice to have a scanner "out in front" anyways, for more of a warm 'n fuzzy feeling.

Yeah I'd remove the router from the mix..stick Untangle out in front..I'm not fond of double NAT'ing.

I've not done the paid for pro version....I was going to sign up to be a reseller with them..nice peeps to talk to. Just haven't done it yet.
 
Keiichi said:
A UTM product does you no good if you don't update it. Keep in mind these companies make their money off of subscriptions and not the product itself. It's like buying a printer, the money is in the consumables, although in this case the subscriptions. That being said check out www.snort.org
Click to expand...

Untangle automatically updates. They highly modified the Intrusion Detection ..based on Snort..yes..but quite customized, and auto updated from Untangles engines..just as the Spyware, AV, and SPAM engine is. Unlike in some prior UTMs like IPCops Copfilter..where you had to sign up for the updates from snort yourself..and enter your subscription key (which had a free version)

http://www.untangle.com/index.php?option=com_content&task=view&id=75&Itemid=148
 
Yea I would always be running nod32 on my main rig and avast freebie on the others, but I like the idea of having 2 lines of defense, not that I get viri in the first place but when I changed ISP last week I am being bombarded with port scans from shaw canada and its being spoofed so its probably coming from some twat in china as along with the tens of thousands of fake shaw ip's I am also getting a crapload of chinese ip's also, so whomever had the block of ip's I use now probably got infected or whatever and teh botnet is still trying to contact it which would explain the non stop port scans from shaw ip's and chinese ip's but only on 3 ports, messenger service ports as well, dunno why they persist as that shit has been disabled for the last 7-8 years.

But in anycase, I now notice a huge increase in attempts to gain access and although I can get IP's changed, it probably wouldnt be worth it as if whoever is doing it is scanning the whole range of my isp then its pointless to change, but I would feel so much happier with beefed up security as atm I just use a router with builtin firewall and spi and windows firewall and nod32 and adaware and spybot and although nothing gets in as it is, its probably a good idea to not feel to complacent and to upgrade myself just so that I maintain my STFO policy.
 
EVIL-SCOTSMAN said:
But in anycase, I now notice a huge increase in attempts to gain access and although I can get IP's changed, it probably wouldnt be worth it as if whoever is doing it is scanning the whole range of my isp then its pointless to change, but I would feel so much happier with beefed up security as atm I just use a router with builtin firewall and spi and windows firewall and nod32 and adaware and spybot and although nothing gets in as it is, its probably a good idea to not feel to complacent and to upgrade myself just so that I maintain my STFO policy.
Click to expand...

Exactly...don't fall prey to biting your nails and losing sleep at night due to all those scans you see in firewall logs. Even a basic Linksys router by default will totally block your network from those scans. Those port scans and probes happen by the millions every day on IPs....nothing to worry about.
 
Na, I aint worried about them, the very day I changed isp and got new IP it was an instant BANG, thousands upon thousands of hits all sniffin at ports 1026-1027-1028 which is that stupid messenger service in XP, which with SP2 it is disabled by default, but I turned it off when I first got XP years ago and that was the very first thing I would do when I would install XP before SP2 was out,

So their is no chance they are gunna get in as ping is blocked and all ports are stealthed so they probably dont even know that I am there, but now that I have got a static IP range instead of dynamic I think its time to beef up the security, and also I have been wanting to do something like this for a while now but never got around to it, I think it will be a nice complement to my network ;)

I use a 2wire 2700hgv as a router which so far has been leet, one of the most reliable routers I have used, and I have been through a fair amount of routers and none that I have used before this one has come close to it, it has a huge wireless range, huge for the UK that is, as I unlocked it and by law the UK wireless limit was only using 1/4 of the wireless capabilities of the router, so basically I always get a 100% excellent wireless signal, the router doesnt lose sync with the adsl line like others I have used, D-Link routers are a bastard for that, It even has content screening and traffic shaping so I will say for a freebie this thing rocks, it would be even better if their was something like ddwrt for it, but for a stock router I think its pretty good, but I am gunna replace it with standalone products like I mentioned in an earlier post.
 
EVIL-SCOTSMAN said:
Na, I aint worried about them, the very day I changed isp and got new IP it was an instant BANG, thousands upon thousands of hits all sniffin at ports 1026-1027-1028 which is that stupid messenger service in XP, which with SP2 it is disabled by default, but I turned it off when I first got XP years ago and that was the very first thing I would do when I would install XP before SP2 was out,

So their is no chance they are gunna get in as ping is blocked and all ports are stealthed so they probably dont even know that I am there, but now that I have got a static IP range instead of dynamic I think its time to beef up the security, and also I have been wanting to do something like this for a while now but never got around to it, I think it will be a nice complement to my network ;)

I use a 2wire 2700hgv as a router which so far has been leet, one of the most reliable routers I have used,
Click to expand...

Which...if you're behind a router....is moot anyways..you're already hidden..they cant touch your PCs ports..unless you DMZ your computer or something dumb like that.

2Wires..heh....I have the opposite opinion of them...have tossed a few dozen of them in the circular file. Weird web admin too..like they were developed on another planet.
 
Well, to be honest dude, although I agree with you on the interface as it is weird, it has been one of the stablest of routers I have ever come across, maybe a fluke ? but for some reason it always holds connection to my line and never drops, now compare that to d-link, buffalo, netgear, speedtouch, zoom and linksys with stock firmware and every single one of them would lose sync atleast 3-4+ times a day, it maybe hasnt got as much options as the others and it does have a weird interface compared to the rest, but for never losing sync and always syncing at my line max rate which not every router of the ones I have listed did, my normal sync rate is 8128 down and 882 up, some would sync at 7600 down or lower which would affect my Bras profile which means that my download speed limit would then be cut and wouldnt go back up in a hurry if I used another router which synced at a higher speed, it would take about a week to go back up to normal sometimes.

If it wasnt for the re-sync's I would probably still be using either the linksys or one of the d-links as they were the ones that synced at max but the d-link kept losing sync and rebooting every couple of hours or just locking up altogether and the linksys would drop connection a few times a day and sometimes wouldnt re-connect unless i switched it off and back on again.

So thats what I mean by reliable, it seems to be able to handle my line without any problems, probably isnt the best overall router by any means, but its the most stable router I have had on my line, also it has the best wireless out of the lot that I have used, due in part to the fact that the router was made to american specifications and in the states wireless can be more than the gay 300 metres that we get enforced on us by law over here, so when I unlocked the router I got acces to the full strength of wireless which is 3 times as powerful as when it had the UK firmware on it, so basically its usual strength for US folks but huge for us UK peeps.

The re-syncs wouldnt of bothered me had they always came back online, but as I run a couple of servers and also do a lot of ftp work, just set it and forget it kinda thing, I would end up coming home most days to see that servers were offline and the ftp uploads/downloads were stopped halfway through, ok they could always be resumed, but that was the purpose of setting it and forgetting it in the first place, so I wouldnt tie up my line when I came back to the pc, but in the end I got a router that didnt drop, although it may not of been the other routers fault that they kept dropping because at the time this was happening I was getting transferred to Bt's IPStream network which was known to cause problems, so for about just under a year I had constant disconnects but then I moved ISP and the new ISP gave me the router, which when I got connected to the new ISP with the new router the disconnects ended overnight, so it could of been a case of my old old ISP having problems and me being affected by them, which they denied when I called to say that my line kept dropping, so whether it was the actual routers or a problem with the line I will never know, as I have given away most of the routers I had, although I still have the linksys and a speedtouch, but in the end I got a stable line :) thats what I hate about DSL, its ok if you havent got problems, but if you do then you really have problems.
 
You must log in or register to reply here.
Back
Top