The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What hardware firewall do you use?

Discussion in 'General Discussion' started by spaceman, Feb 6, 2006.

  1. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Researching around these forums has led me to conclude that very few cPanel+WHM users have co-located servers, and therefore the issue of hardware firewalls rarely comes up because the firewalls all tend to be either software (normally APF) or hardware firewalls (which are managed independently by the data centres).

    So I thought I'd start a thread on hardware firewalls.

    Right now I've got two Dell 1850s sitting in a very nearby data centre here in sunny Perth, Western Australia. They've got fresh installs of CentOS on both of them, but doing nothing very much until I pull my finger out and either a) decide to scrap the idea of a hardware firewall and go software only (exactly as I've been used to with my ded. servers in the US), or b) buy, install and configure a hardware firewall for an extra layer (complexity?) of hardware protection that me and my hosting client have not previously enjoyed.

    I initially tried to use a Netgear FVS318 (http://www.netgear.com/products/details/FVS318.php) but have found the web interface to allow insufficient control for my needs.

    I've seen the Linksys RV082 given a good rap here and there: http://www.tomsnetworking.com/Reviews-145-ProdID-RV082.php

    ... but now I've got the data centre recommending the Cisco PIX 501 (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/)

    My needs are humble: 2 Linux web servers (not huge load) running cPanel+WHM and a Windows (don't ask!) box to be used for remote backup purposes (no web server).

    So I'm looking for an entry level hardware firewall that will look after the immediate needs of these 3 servers.

    Comments anyone?
     
    #1 spaceman, Feb 6, 2006
    Last edited: Feb 6, 2006
  2. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    anyone.. please feel free to post your opinions.. :D

    would be interesting to see who uses what and which is best.
     
  3. mwatson

    mwatson Member

    Joined:
    Sep 1, 2004
    Messages:
    5
    Likes Received:
    0
    Trophy Points:
    1
    You want the Cisco PIX.... nothing else even comes close to comparison.

    We run a pair of Cisco PIX 515e firewalls, 2nd one is a hot-failover unit in the even the first fails. The only thing i would ever consider those linksys/netgear/etc. devices for is for like branch office connections.
     
  4. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
  5. webz05

    webz05 Member

    Joined:
    Sep 16, 2005
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Juniper has great hardware firewalls for entry and for big enterprise buisness, i would check them out.
     
  6. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    PIX firewalls can be obtained for next to nothing on ebay. I've used 501's in the past (one still in use) and it's pretty much "set it and forget it".
     
  7. spaceman

    spaceman Well-Known Member

    Joined:
    Mar 25, 2002
    Messages:
    481
    Likes Received:
    0
    Trophy Points:
    16
    Thanks for that vote of confidence in the 501. Can you confirm that you successfully manage (using the 501) more than 1 server (running cPanel) with multiple IP addresses associated with each server?

    We're going through some slight 'birthing pains' right now in relation to the scenario above, more specifically with the need to have 'real world' IPs directly accessible by cPanel, i.e. can't use NAT. This from cPanel:

    "The problem is that the licensing server needs direct access to the licensed IP. The licensed IP needs to be a public IP. I have seen clients set up cPanel/WHM behind NAT before, but every time they run into trouble. You can try searching the forums for tips on using cPanel with NAT (or in your case PAT, but as far as the licensing server is concerned, it basically the same thing) If the licensing server cannot 'see' the licensed IP, cPanel/WHM will not work. "

    I'm no firewall expert, so right now I've got my local data centre techs (who are in control of the PIX 501) chatting directly with cPanel.

    Thanks for any additional help anyone can give with this specific scenario.
     
  8. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    The one thing I like about the astaro firewall software and appliances is they have transparent bridge mode which means public ips will pass thru with no modifications.

    the astaro filters in layer 2 when in bridge mode instead of layer 3 like the most of the rest of the firewall that are NAT only
     
  9. Lyttek

    Lyttek Well-Known Member

    Joined:
    Jan 2, 2004
    Messages:
    770
    Likes Received:
    3
    Trophy Points:
    18
    Recently used a PIX 510 (IIRC) and it was setup to NAT 1-1 public/private IPs, worked fine. The 501 still in use is on a Windows server, so I can't verify/test any issues with cPanel.

    Having said that, I can't see why a properly configured router/firewall would cause issues. Within the past month I built a cPanel server at home... installed and tested cpanel for a week while behind a Linksys router!
     
  10. dave9000

    dave9000 Well-Known Member

    Joined:
    Apr 7, 2003
    Messages:
    891
    Likes Received:
    1
    Trophy Points:
    16
    Location:
    arkansas
    cPanel Access Level:
    Root Administrator
    1-1 nat may work fine with cpanel servers our problem is we have many different services running on a wide range of ports on various servers and some of the services require direct connect to function properly so thats why we had to go with a transparent bridge firewall

    But for someone that has extra hardware available it would be worth the time to look at the astaro software firewall version

    it will do nat,1-1nat or transparent depending on your needs and is priced reasonably

    also has all services available as proxy and includes snort intrusion protection,several spam,anti virus filters and will handle ip-sec and pptp vpns and is cheaper than a appliance

    and is fully custom configurable
     
  11. hostmedic

    hostmedic Well-Known Member

    Joined:
    Apr 30, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Washington Court House, Ohio, United States
    cPanel Access Level:
    DataCenter Provider
    any clue on cost

    Dave - any clue on cost for this - nothing is listed on the website
    Their trial seems to be down @ the moment as well
     
Loading...

Share This Page