RE: FN-FORUM: Firewall's ... again

date posted 25th June 2003 15:23

On Wed, 25 Jun 2003, David Nye wrote:

> > allow one or two services (e.g. SMTP and HTTP) in, but everything out
>
> That went over my head! So is it a good match for my client? (probably
> only wants web browsing and email sending/collection from ISP mail
> server). Why might they need "outbound policies"?

As I mentioned in my later email, outbound policies are used to implement
security policies relating to internal hosts (i.e. the employees' machines);
that is, preventing them from doing anything other than "web browsing and
email sending/collection").

> Is ipcop a more flexible option then?

IPcop and Smoothwall were equivalent on this front the last time I looked at
both, and *neither* allowed the definition of outbound policies through the
web UI as far as I could see (and that was after reading the manual). Both
did, however, allow servers (e.g. web, mail) to be hosted on a DMZ (aka
Orange) or Internal (aka Green) networks (the former is the much preferred
approach).

Astaro's web UI easily facilitates the implementation of more sophisticated
policies. It does, however, cost money, if you're using it commercially (but
you get support and updates and so on).

> Thanks,
> David Nye

Best Regards,
Alex.
--
Alex Butcher Brainbench MVP for Internet Security: www.brainbench.com
Bristol, UK Need reliable and secure network systems?
PGP/GnuPG ID:0x271fd950