+ Post New Thread
Results 1 to 14 of 14
Wireless Networks Thread, Can anyone recommend a good firewall? in Technical; Hi everyone, We are looking to purchase a hardware firewall to place between our separate Admin and Curriculum networks to ...
  1. #1

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    17

    Can anyone recommend a good firewall? *Updated* - Smoothwall Help please!

    Hi everyone,

    We are looking to purchase a hardware firewall to place between our separate Admin and Curriculum networks to allow Senior staff access to Admin resources from the curriculum network.

    Can anyone recommend something that is reliable and fairly easy to setup and manage?

    What do those of you that have separate networks do?

    Thanks.
    Last edited by rusty155; 21st January 2008 at 12:08 PM.

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    I personally use an old P4 with a bunch of network cards in running Linux tailored to my requirements. However I expect you want something a little more friendly and easier to setup?

    Have you looked at the comerical offerings? Maybe smoothwall? Tom is probably somewhere nearby. Or how about Microsoft ISA server?

  3. #3


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I second smoothwall. The free version sounds ideal for what you need.

  4. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,232
    Thank Post
    667
    Thanked 1,638 Times in 1,463 Posts
    Rep Power
    423
    Ah go on then another vote for smoothwall.

    Ben

  5. #5
    contink's Avatar
    Join Date
    Jul 2006
    Location
    South Yorkshire
    Posts
    3,791
    Thank Post
    303
    Thanked 327 Times in 233 Posts
    Rep Power
    118
    Quote Originally Posted by rusty155 View Post
    We are looking to purchase a hardware firewall to place between our separate Admin and Curriculum networks to allow Senior staff access to Admin resources from the curriculum network.
    Perhaps I'm a bit out of my depth here but surely you're not so much after a firewall as setting up proper trust relationships between your domains as I assume you'd benefit from staff being able to login on to curriculum PC's and access the admin domain.

    Course that opens a whole host of password security and other issues but I suspect you may not be considering all options to achieve what you're after.

  6. #6

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    17
    Ok - Thanks for the replies.

    I'm feeling tired and remarkably stupid today and I'm having difficulty working things out in my head. I'll try and explain what I need in a bit more detail. Smoothwall sounds like a good option if I can get it to do what I need. I have a redundant Dual Processor PIII 1100 Server lying around with 2 onboard GB Nic's so that could do the job.

    Basically we have two separate Networks / Domains here - one Admin and One Curriculum. The staff and student accounts and shares are all on the Curriculum network. The Admin Domain is home to Sims, Bromcom (E-Registration) and all of the Admin staff user accounts and shares.

    The Bromcom Server has 2 network cards so that the registration app (on the Curriculum side) can send registration data back to the server on one port.

    The SLT need access to resources on both networks, and I would like to be able to map network drives from both domains if possible. The SLT have accounts on both domains but with different usernames and passwords. How would I go about the authentication issues?

    Would I need to use something like Smoothwall in conjunction with Domain Trust Relationships? I have never setup Trust Relationships before but have heard that they can be quite a headache.

    Also, our Mail server which currently resides on our Curriculum PDC also has two network cards in so that both Domains can access E-Mail (we are migrating to Exchange soon).

    Furthermore, the Bromcom Server has a web-based feature whereby staff can access detailed attendance and behaviour information. Staff on the Admin Domain can access this as it uses Domain authentication, but I need Curriculum staff users to be able to access it also.

    Sorry for the essay, I've probably left things out as well! Can anyone offer any further advice? Do you have similar setups and needs?

    Thanks again.

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    First off, there's our freebie product; SmoothWall express (www.smoothwall.org). That's *definitely* worth a shot.

    Secondly, you could try something like our commercial range, which offer all sorts of bells/whistles. For example, schoolguardian is an AD integrated perimeter firewall which offers internal network segregatin and has web filtering into the bargain.

    Have a nose round, see what you think, and drop me a line if i can be of assistance.

  8. #8
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22
    I can recommend the FreeBSD based ones being as I'm a bit of a freeBSD fanboy There's m0n0wall. That's nice and simple to configure etc. pfSense has more options, add-ons and features than m0n0wall so can take some time to configure if you're going for the full whack.

    Both are FreeBSD based as I've already mentioned and I always find it very stable. They will run on the lower end machines such as you might have lying around to use (as will Smoothwall, being linux based). Both support vlans which is good if you have a separate networks for maybe student laptops or admin etc. There's also a captive portal on both which would be quite good for student laptops etc.

    You'd have to have a look on the respective websites for a comprehensive plugins/feature list.

  9. #9

    Join Date
    Apr 2006
    Location
    West Midlands
    Posts
    314
    Thank Post
    29
    Thanked 19 Times in 18 Posts
    Rep Power
    21
    Have you considered migrating your two networks into one?

  10. #10

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    17
    Hi,

    I am in the process of giving Smoothwall a go and have a quick question. I have installed it and have it running but feel I may have made a mistake already!

    I set the admin network as the green zone, and curriculum network as red zone. When I log into the smoothwall web interface it shows the local connection as my curriculum primary dns server and the remote connection as my curriculum default gateway to internet. Is this correct?

    I was expecting something more like:

    Local= Admin Ip Address of Smootwall
    Remote= Curriculum Ip Address of Smoothwall

    I'm going to have a dig around but thought I'd raise this first.

    Thanks,

    Charlie.

  11. #11

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    17
    Ok,

    I'm getting there - I can get access from the Admin network (green zone) to everything on the Curriculum network (red zone).

    I have opened up a couple of ports from the curriculum (red) to admin (green) for file sharing for my desktop pc as a test and this works. I cannot ping anything though although ICMP Ping is not disabled on the smoothwall.

    Also, what is the best way to go about the routing? The two networks are on completely different subnets, and the only way I am able to connect between them currently is by manually modifying the route table on the individual machines. I could setup some scripts to add in the relevant routes at logon but is there a better way of doing this? Is there anyway within smoothwall itself? I'm guessing not as unless I modify the route table on the machine, it will try and pass all traffic through the default gateway (internet) which obviously won't get through. Can I setup Routing and Remote Access on Server 2003 for both networks?

    Any guidance greatfully received!
    Last edited by rusty155; 18th January 2008 at 01:41 PM.

  12. #12


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,475
    Thank Post
    866
    Thanked 850 Times in 672 Posts
    Rep Power
    196
    Ping - you will have to forward ICMP explicitly

    Routing - add static routes of your default gateway(s)?

  13. #13

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    17
    Thanks for the reply Tom, but please can you be a bit more specific

  14. #14

    Join Date
    Jun 2006
    Location
    Dorset
    Posts
    111
    Thank Post
    2
    Thanked 5 Times in 4 Posts
    Rep Power
    17
    I seem to be slowly grasping Smoothwall now. I have a few rules set up and functioning correctly. My next step is to try and set up a Domain Trust between the two networks and so need to open the relevant ports on Smoothwall.

    I found this article from Microsoft:

    http://support.microsoft.com/kb/179442

    So do I need to open the listed server ports for each DC or just the Forest Root? Also, I assume that I need to open ports 1024-65535/TCP for each client that will need to access resources on the trusting domain?

    Is there any way that I can set up groups of machines by IP Addresses in Smoothwall? I have had limited experience with Symantec Raptor Firewall and I know that I could with that. Would certainly make things easier and make the rule table a little less cluttered!

    BTW, I am hoping to set up a two-way trust but with only selected clients and users from the curriculum domain able to access selected resources on the Admin domain.

    Thanks!!

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 10
    Last Post: 7th January 2008, 02:39 PM
  2. Recommend me a good HP supplier
    By tosca925 in forum General Chat
    Replies: 5
    Last Post: 12th October 2007, 07:15 PM
  3. Replies: 10
    Last Post: 1st February 2006, 01:02 PM
  4. Replies: 11
    Last Post: 3rd November 2005, 04:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •