  refrakt

    Apr 5, 2012

    I need to purchase a gateway appliance to replace an ageing cisco PIX+router combination.

    What is everyone using for small/medium sized business. SnowLeopard server at the core (soon to be mountain lion).

    I've previously demoed pfSense and really like it (and there are heaps of appliances out there that ship with it installed for next to nothing) but have heard of some people using Vyatta as a firewall and also as a high perf router (certainly no where near the data rates our network sees).

    I did a test install of lion server a few months ago and noticed all the integration is has with AP Extremes. Are there any people using this as their gateway? How do you feel about security?

    I like the idea of a large chunk being 'zero config' but the security aspect is a bit of a big point for me with just a AP extreme.

    Any help is great. Thanks.
  timbloom


    Jan 19, 2002
    How many users and what are you willing to spend on it? What features do you need?
    Pfsense is great and free, relatively easy to use until you get into things like snort. M0n0wall is the more basic version of it if you want to forego some of the more advanced features. You can use just about any hardware but I prefer tiny server boards in a mini itx case to save power.
    On the commercial side, I really enjoy using one of the watchguards that are out there. Their UI makes it incredibly easy to manage. The price can be a little steep, but for the money it beats the commercial competitors.
  refrakt

    Apr 5, 2012
    It will serve about 15 local users and between at max, 4 concurrent VPN users at a time.

    I like the ALIX configured pfSense kits but have no idea if that's powerful enough for 4x VPN users. I have been looking at the ALIX range but am open to 1RU solutions also.

    Also, I'm curious of the advantages of having VPN serviced by the gateway and not by the server (as in our current config, the server deals with all VPN clients).

    Don't really want to spend any more than 1k on it but even that seems expensive. Are my price thoughts way off though?
  matspekkie

    Oct 19, 2010
    I have experience with both pfsense and AE extreme as gateway. the latter is of course the most simple one but not completely flawless. if you go this route i would recommend you still you the internal firewall of the lion server. PFsense on the other hand is very secure (if set up right) and not too hard to manage it also has a good vpn solution if needed. if the end the AE is a router/wifi accespoint not a firewall. you could even use both the have best of both.
  belvdr

    Aug 15, 2005
    No longer logging into MR
    Why not get an ASA5505 to replace the PIX? It can handle both the firewall and VPN clients and should be relatively easy to convert the existing PIX configuration over.

