[olug] Linux versus Cisco PIX

Ryan Stille ryan at cfwebtools.com
Fri Sep 19 21:58:31 UTC 2008


Michael Peterson wrote:
> If IPCop or CentOS or XYZ Linux are configured properly can they provide for
> a temporary or permanent basis the same basic features as a Cisco PIX
> Firewall device?
>
> Would anyone on the list recommend a specific Linux or Linux Firewall Distro
> that you have in production or have used in production?
>
> Or would a basic Sonicwall be a better temporary or permanent solution?
>   

I replaced one of our two pix's with a small device running PfSense 
(similar to monowall).  Its worked great so far, and has been much 
easier to administer than the old Cisco box.  The only problem I've had 
with it is that it can't be a PPTP server *and* allow outbound PPTP from 
the internal network.  Fairly easy to work around, and its supposed to 
be fixed in the next version.  It does openVPN and ipsec as well.  We 
plan to get rid of the second pix eventually and run everything through 
the one pfSense box.

These awesome little boxes with pfSense pre-installed are under $200:
http://www.netgate.com/product_info.php?products_id=562

But before I got that I was just running it on an old PC and it worked 
fine there, too.

-Ryan





More information about the OLUG mailing list