|
Microsoft ISA Server
|
|
|
Microsoft Corporation
|
http://www.microsoft.com
|
|
What is ISA Server? ISA Server is a software firewall system designed to help prevent unrestricted access
of your computer network.
Key Firewall Features
* Complete stateful packet filtering, circuit filtering, and application-layer filtering
* Intrusion Detection System (IDS) and intrusion prevention
* Integrated virtual private networking (VPN)
* SecureNAT firewall transparency
* Integrated user authentication with Active Directory, RADIUS, and Kerberos
* Authenticated and encrypted client access with Secure Sockets Layer (SSL) for SSL-to-SSL bridging
* Integrated Network Load Balancing (NLB) for high availability (Enterprise Edition only)
Other resources about ISA Server can be found at the
Microsoft ISA Server home page.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
Check Point VPN-1 Pro
|
|
|
Check Point Software Technologies Ltd.
|
http://www.checkpoint.com
|
|
Check Point VPN-1 Pro provides you the most intelligent, reliable security for stopping attacks
while simplifying business communications across the Internet. A tightly integrated combination of
firewall, VPN and intrusion prevention, VPN-1 Pro is built on Stateful Inspection, Application
Intelligence, and One-Click VPN technologies. SmartCenter, Check Point's centralized management
solution, provides unified security management of your security infrastructure.
Benefits
* Simplified IPSec/SSL VPN deployment
* Most intelligent application/network layer protection
* Lowered remote access/site to site costs
* Increased security reliability and availability
* Simplified centralized management
For mid-sized
business-but with the same security issues as large enterprises,
see the
Express product line.
Also see the
high-end security product line:
VPN-1
VSX,
Firewall-1 GX, and
Provider-1.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
 |
|
GB-Ware
|
|
|
Global Technology Associates
|
http://www.gta.com
|
|
GB-Ware offers all the best - full flexibility in hardware configuration, plus the ease-of-use of
time-tested GB-OS System Software installed on your choice of IDE controlled storage devices
(supports both hard disk drive or CompactFlash media). With the operating system integrated in the
firewall software, the security risks normally inherent in operating systems are eliminated. No more
concerns about hardening techniques or tracking new security risks.
A full-featured firewall, GB-Ware offers features commonly found in higher priced firewall products.
Built-in IPSec VPN functionality, including one mobile VPN client, allows employees to securely enjoy
the benefits of intranet web sites, email, conferencing and file sharing while working outside the
network. And full interoperability with other GTA firewalls makes it a snap to implement site-to-site
VPN tunnels to branch offices that have installed GTA Firewall Appliances.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
Cisco IOS Firewall
|
|
|
Cisco Systems, Inc.
|
http://www.cisco.com
|
|
Cisco IOS Firewall is a security-specific option for Cisco IOS Software that integrates robust firewall
functionality and intrusion detection for every network perimeter. It adds greater depth and flexibility
to existing Cisco IOS Security solutions—such as authentication, encryption, and failover—by delivering
state-of-the-art security features such as stateful, application-based filtering; dynamic per-user
authentication and authorization; defense against network attacks; Java blocking; and real-time alerts.
When combined with Cisco IOS Security features, such as Cisco IOS IPsec/SSL VPN and Cisco IOS IPS, as well
as other Cisco IOS Technologies, such as Layer 2 Tunneling Protocol and Quality of Service, Cisco IOS
Firewall provides a complete, integrated VPN solution.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
|
|
Astaro Security Gateway
|
|
|
Astaro Corporation
|
http://www.astaro.com
|
|
ICSA and Common Criteria certified, Astaro Security Gateways are ready for deployment in large,
mid-size and small IT environments.
Features - All Astaro Security Gateway models feature full network protection, web filtering, and
email security capabilities:
Network Protection - Firewall and IPS, SSL & IPSec VPN, Bandwidth Optimization
Web Filtering - Content Filtering, Anti Virus and Spyware, IM and P2P Control
Email Security - Anti Spam and Phishing, Dual Anti Virus, Email Encryption
Security Management - Easy User Interface, 1-Click Internet Updates, Hot Standby & Clustering
|
|
Commercial
|
|
Information updated: 22 June 07
|
|
InJoy Firewall
|
|
|
F/X Communications
|
http://www.fx.dk
|
|
MULTIPLE PLATFORM SUPPORT - FREEDOM AT LAST!
The InJoy Firewall™ solves the overwhelming problems related to managing multi-vendor, multi-platform
security applications and devices. Finally it is possible to deploy the same level of cross-platform
unified end-point security and backbone infrastructure throughout the organization.
With InJoy Firewall™ 3.0 you can say good-bye to old-generation Firewall solutions that were difficult
to implement, manage and measure — InJoy Firewall™ is different... This multi-purpose Firewall readies
you for the future through Deep Packet Inspection, unique MULTI-PLATFORM support, and market-leading
IPSec VPN support. Its unparalleled network monitoring turns you into an SECURITY PROFESSIONAL with
unique real-time insight into any network activity.
Complete All-In-One Solution
The InJoy Firewall™ is a flexible firewall security solution for organizations of all sizes. It offers
enterprise-class next-generation security, preconfigured policy templates - including full customization
options, seamless IPSec VPN integration, superior gateway capability, intuitive management, access control,
a wealth of documented deployment examples, unmatched control, and comprehensive documentation.
Multiple Operating System Support
Migrate to a standards based, multi-platform, networked architecture to streamline your enterprise,
reduce costs, and facilitate rapid future expansion. See information on each platform:
Windows Firewall |
Linux Firewall |
OS2 / eCS Firewall
License Types
The InJoy Firewall™ delivers universal flexible quality features in a way accessible to most people and
industries, from the knowledgeable home-user to the largest enterprise.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
StoneGate High Availability Firewall
|
|
|
Stonesoft
|
http://www.stonesoft.com
|
|
The StoneGate Firewall delivers a fundamentally new and different architecture, providing a degree of
network security and business continuity not possible with traditional approaches.
Product Highlights
Multi-Layer Inspection
* Multi-Layer Inspection (patent pending) allows the firewall to act as a
packet filter, perform stateful inspection or application-level firewall, using each method when it
makes the most sense on a rule-by-rule basis.
End-to-End Availability
* Set up a clustered, load balanced environment out of the box without third-party solutions. Drop in
Firewall Clustering Technology allows you to "Drop" a cluster into the network environment without any
additional reconfiguring of existing switches or routers.
* Stonesoft's unique patented Multi-Link Technology enables a single or clustered StoneGate firewall
to access multiple Internet and VPN connections across multiple ISPs, leased lines, or other connections.
* Server load sharing and health monitoring intelligence for server pools ensures availability and
performance of corporate services.
Built-in Multi-Link VPN
* Multi-Link VPN adds fault tolerance and transparent failover to VPN tunnels and VPN client connections,
offering an advantage over other firewall-VPN combinations.
Unified Management
* StoneGate Management Center makes the everyday management and configuration of StoneGate products
easy and cost effective. It provides an unified and efficient management environment for StoneGate IPS,
Firewall and VPN, and powerful tools for incident handling.
* Log and alert browsing give the adminstrator a comprehensive overview of a security event while the
built-in reporting tool draws an overview on what has been going on in network.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
|
|
Trustix Enterprise Firewall
|
|
|
Comodo
|
http://www.trustix.com
|
|
Trustix™ Enterprise Firewall represents a revolution within firewall management software. It's the world's
first WYSIWYG Enterprise Firewall, making it easy-to-use and easy-to-deploy. By utilizing the WYSIWYG GUI,
your Enterprise Firewall will be out of the box and implemented in an unbeatable 25 minutes- and without
the need for a dedicated systems administrator!
A fully-featured packet-filtering router, Trustix™ Enterprise Firewall has advanced capabilities including
an intuitive graphical user interface (GUI) for visualizing and editing firewall policy. This unique GUI
enables you to manage traffic for all your zones (up to 24) as well as port forwarding,
network address translation (NAT) and virtual private network (VPN) configurations. Packet-filtering
enables Enterprise Firewall to act as a router to accelerate data transmission. Meaning no more bottle
necks due to time consuming proxies.
IP-address sharing by masquerading or NAT. The underlying rules generated by the program are then
fully optimized before being deployed- thereby optimizing the security and performance of your firewall's
architecture, and avoiding errors and duplications.
Trustix™ Enterprise Firewall uses the IPsec protocol to encrypt data transmitted over the 'net- extending
the security of your network to all arms of your business. Communications between your office and home
users are protected using 168-bit 3DES encryption- triple the encryption, triple the security! Enables
remote, secure configuration of multiple firewalls from one Windows or Linux desktop.
Trustix™ Enterprise Firewall Blockades and repel malicious attacks from hackers, Trojans, worms and
infected files.
Based on Trustix™ Operating System, the most reliable and robust OS for Enterprise Server Applications,
Trustix™ products will reduce the Total Cost of Ownership (TCO) to your company over their operational
lifetime.
|
|
Trustix Operating System and
Trustix Enterprise Firewall are both Free.
|
|
Information updated: 09 Mar 06
|
|
Kerio WinRoute Firewall
|
|
|
Kerio Technologies
|
http://www.kerio.com
|
|
Kerio WinRoute Firewall sets new standards in versatility, security and user access control. Designed for
corporate networks, it defends against external attacks and viruses and can restrict access to websites
based on their content.
Deep inspection firewall - Kerio WinRoute Firewall, certified by ICSA Labs in the Corporate Firewall
category, includes detailed rule definition to perform stateful inspection and protocol inspection of
all outgoing and incoming Internet traffic. A network rules wizard assists in the rapid setup of the
firewall. Bandwidth Limiter optimizes the data throughput for business critical applications.
VPN, VPN Client & SSL VPN - Kerio's built-in SSL-based VPN server works in both client-to-server and
server-to-server modes, allowing both branch offices and remote workers to securely connect to the
corporate LAN. Clientless SSL VPN allows remote users to connect securely to the corporate network
for file sharing from any computer with a browser and Internet connection.
Antivirus gateway protection - Kerio WinRoute Firewall provides optional virus scanning of inbound and
outbound email, web traffic, and FTP transfers. In addition to a version with integrated McAfee Anti-Virus,
there are several other anti-virus options to choose from.
Surf protection - The integrated ISS Orange Web Filter option blocks users from accessing to up to 58
categories of web content, reducing legal liabilities for corporate and educational environments.
Content filtering - Kerio WinRoute Firewall offers a variety of content security features such as MP3
music download blocking, filtering for potentially dangerous executable files or blocking of annoying
pop-up windows. The P2P Eliminator automatically detects and blocks peer-to-peer networks such as
Kazaa.
User-specific access management - Each user in the network can be required to log in to Kerio WinRoute
Firewall before connecting to the Internet. That allows for restrictive security and access policies
to be applied based on the specific user, rather than the IP address. Transparent Active Directory
support simplifies user account mapping to Windows domains, and an auto-add feature allows for
creation of user-specific policies before users autheticate.
Fast Internet sharing - Support for DSL, cable modems, ISDN, satellite, dial-up or wireless Internet
allows administrators to deploy Kerio WinRoute Firewall in networks of all sizes and in all locations.
Users can share one Internet connection with fail-over to a backup connection.
VoIP and UPnP support - Kerio WinRoute Firewall allows H.323 and SIP protocols to connect through it,
eliminating the need to publicly expose the VoIP infrastructure to the Internet. Also, it integrates
UPnP technology so that compliant applications such as MSN Messenger run instantly without requiring
additional configuration at the firewall.
Administration, alerts and statistics - The administration console can be installed remotely to allow
secure configuration from anywhere on the network. Every important event is reported to the administrator
by email. Well-arranged charts and statistics help spot the problems and usage habits.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
Securepoint Security Suite 2006
|
|
|
Securepoint GmbH
|
http://www.securepoint.cc
|
|
Through the spreading of hackertools in the Internet it is already possible for unexperienced users to
intrude in companies. Securepoint Firewall Systems fend off attacks on the company's network and thus
offer an important protection against unauthorised access.
Securepoint Security Suite 2006nx
* Spam Filter
* high-availibility functions (Bonding / Trunking)
* QoS (Traffic Shaping/Quality of service) / VoIP support
* Virus Scanner für HTTP, FTP, POP3, SMTP
* Content Filter für HTTP
* Securepoint User Verification Agent (SPUVA)
Important Features:
Securepoint comes with as own secured linux operating system.
Securepoint has a client/server achitecture.
Security Manager works under Windows.
Security for all operating systems: Windows, Linux, Unix and more.
Security Manager allows easy installation and administration, plus automated update routines.
Minimum training and implementation costs due to intuitive and unifited user interface.
Installation with Installation Manager in less then 10 minutes and alternative availability as
pre-installedSecurity Appliance.
Optional combination of Firewall, VPN,Virus Scanner,Content Filter and other security applications
as Load Balancing.
Deployment as dedicated application server on hardened operating system reducing maintenance costs.
Flexible, scalable, effective: Securepoint Security Solutions runs on systems ranging from small
divices up to large multi-processor systems utilizing gigabytes of memory.
Configuration as redundant high-availability system for automatic failover in case hardware and
network failures.
Load Balancing - improves perfomance. Traffic shaping can set priorities by network, service
and protocol.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
|
|
Novell Security Manager
|
|
|
Novell
|
http://www.novell.com
|
|
Novell Security Manager, powered by Astaro, is completely Linux-based and leverages all of the work done
by the open source community in making it secure. As a Linux-based appliance, it also provides us the
ability to do everything possible to provide you with the most scalable and secure solution to meet your
stringent requirements. That's the advantage of using an open source platform like Linux.
As a complete network security solution that includes six key applications and an integrated management
platform, Novell Security Manager provides a wide range of sophisticated features but is also remarkably
easy to deploy and manage. After all, selecting your method of defense is just a minor part of securing
your resources. After that, you still want to make sure your IT staff will be able to install them,
learn how to use each one, integrate them into your existing system, configure and manage each product,
and update each one on an ongoing basis.
Because all six security applications in Novell Security Manager are fully integrated in a Web interface
that's intuitive and easy to use, all communication traffic in and out of the organization is screened
quickly, completely and efficiently.
features
Novell Security Manager, powered by Astaro, offers your enterprise security at six different levels:
* Firewall
* Virtual private network
* Intrusion protection
* Virus protection
* Spam protection
* URL filtering
Also see
Novell BorderManager. Novell
BorderManager includes:
* A firewall to protect network resources
* VPN services to safeguard remote access
* Support for Internet access control and content filtering
* Forward-proxy technology to accelerate Web content
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
Iptables
|
|
|
netfilter.org
|
http://www.iptables.org
|
|
netfilter.org is home to the software of the packet filtering framework inside theLinux 2.4.x and
2.6.x kernel series. Software commonly associated with netfilter.org is iptables. Software inside
this framework enables packet filtering, network address [and port] translation (NA[P]T) and other
packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x
ipchains and Linux 2.0.x ipfwadm systems.
netfilter is a set of hooks inside the Linux kernel that allows kernel modules to register callback
functions with the network stack. A registered callback function is then called back for every packet
that traverses the respective hook within the network stack.
iptables is a generic table structure for the definition of rulesets. Each rule within an IP table
consists of a number of classifiers (iptables matches) and one connected action (iptables target).
netfilter, ip_tables, connection tracking (ip_conntrack, nf_conntrack) and the NAT subsystem together
build the major parts of the framework.
Main Features
* stateless packet filtering (IPv4 and IPv6)
* stateful packet filtering (IPv4)
* all kinds of network address and port translation (NAT/NAPT)
* flexible and extensible infrastructure
* multiple layers of API's for 3rd party extensions
* large number of plugins/modules kept in 'patch-o-matic' repository
What can I do with netfilter/iptables?
* build internet firewalls based on stateless and stateful packet filtering
* use NAT and masquerading for sharing internet access if you don't have enough public IP addresses
* use NAT to implement transparent proxies
* aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
* do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header
|
|
Free, Under terms of GNU/GPL
|
|
Information updated: 09 Mar 06
|
|
WinProxy Firewall
|
|
|
Blue Coat Systems
|
http://www.winproxy.com
|
|
Total Firewall Protection: No firewall is complete without protection from both hackers and viruses.
Viruses do much more damage than hackers, yet firewalls allow them into your network. WinProxy is the
ONLY firewall available that combines both of these functions for total firewall protection. WinProxy
software sits right at the doorway to the internet and scans all incoming packets as they come off the
wire. Its all done automatically, and the software is updated as often as daily to catch the latest
viruses. Viruses are killed immediately as the come in, before they have an opportunity to infect any
computer on your network. No other firewall gives you this critical protection! Running virus protection
on your individual client computers does not protect you from viruses that are spread by emails and
downloads over the internet. In fact, most virus protection catches the virus after it has done it's
damage. WinProxy Firewall Protection is the only firewall that will stop the viruses before they enter
your network.
What makes WinProxy different? - WinProxy's firewall is one of the new generation of 'hybrid' firewalls.
These firewalls are a synergistic combination of packet-level and application-level firewalls. The
packet-level firewall inspects the headers of every packet. Decisions to allow or disallow the packet
are based upon source and destination addresses as well as source and destination ports. This inspection
has little to do with packet content or subsidiary headers like URLs. "Stateful" packet filters -
like WinProxy - allow the firewall to correlate new packets with previous traffic as part of the
decision process. WinProxy's packet-level firewall lives 'close to the wire', between the network card
and the tcp/ip stack. This firewall makes its decisions before the packets even reach the tcp/ip stack,
and well before any applications might see them. The application-level firewall regulates the tcp/ip
stack from above rather than from below. It cannot change how your system handles individual packets,
but it is well-suited to making session decisions. Communication sessions can be limited by any number
of rules, all of them available to the administrator. These can include decisions based upon the content
of the packets. WinProxy's application-level firewall allows virus scanning, site restrictions,
caching, and a host of other features.
Some Finer Points:
Interface distinction: WinProxy makes a careful distinction between your internal and external network
interface. Many application-level firewalls do not, and allow the user to inadvertently open holes in
their firewall. These are the basis of many known well-known firewall exploits.
'
How it works: Positioning the packet-level works as close as possible to the wire gives you a couple
of important advantages. One, WinProxy can make sure that every packet must pass through the firewall.
Second, WinProxy can prevent other applications on the machine - including the operating system itself
- from unintended Internet contact. Windows, for instance, has a well-known port that is always open to
contact regardless of any Windows settings. An application-level firewall cannot close this port or
prevent unseen contact, but WinProxy can - and does.
Stealth firewall: There is more to it than just denying contact. How you deny contact makes a difference.
The usual way that the tcp/ip stack employs is to return a packet that means 'no application listening'.
Yelling "nobody home" at the door is not always the best way to hide. WinProxy will instead just drop
any unsolicited packets. To the sender, their questing packets just vanish as if there were no computer
there at all.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
|
|
GajShield SecureGate Enterprise
|
|
|
GajShield
|
http://www.gajshield.com
|
|
GajShield SecureGate Enterprise Firewall is a powerful, enterprise class ICSA certified Stateful Inspection
Firewall protecting networks from intrusions. GajShield SecureGate Enterprise Firewall provides protection
against DOS, DDOS, viruses and worms and other attacks without compromising on throughputs. Powered by
GajSecureOS operating system GajShield SecureGate Enterprise Firewall provides an ideal solution for rock
solid protection. GajShield SecureGate Enterprise Firewall is an integrated and simplified single source
for security, reliability and scalability doing away what was once a resource intensive, high cost and
technically risky solution from multiple vendors. GajShield SecureGate Lite SoftAppliance solution bundles
a hardened Linux operating system that can run on any x86-compatible hardware.
ICSA Certified Firewall - Stateful Packet Inspection
Acts as a firewall between the Internet and your organization.s LAN, protecting it from unauthorized
access. GajShield inspects individual network packet headers and tracks the sequence of events on
connections to detect violations of normal process and policies set.
Deep Packet Inspection
GajShield scans application-related content of packet payloads to ensure that they conform with rules
specific to web traffic, email, DNS, and others.
Application Proxies
GajShield provides comprehensive protection by utilizing application proxies that simplify management
by allowing administrators to quickly and easily enable and disable protocols. Proxies are included for
the protocols:
* HTTP
* DNS
* SOCKS
* POP3
* SMTP
Other Features
* Policy based NAT
* DoS /DDOS Protection
* Intrusion Prevention System
* Virus Screening
* Web Filtering
* Virtual Private Network
* Bandwidth Management & ISP Load Balancing
* Easy Deployment & Management
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
Endian Firewall
|
|
|
Open Source
|
http://www.efw.it
|
|
What is Endian Firewall? Endian Firewall is a "turn-key" linux security distribution that turns every s
ystem into a full featured security appliance. The software has been designed with "usability in mind"
and is very easy to install, use and manage, without losing its flexibility.
The features include a stateful packet inspection firewall, application-level proxies for various
protocols (HTTP, POP3, SMTP) with antivirus support, virus and spamfiltering for email traffic
(POP and SMTP), content filtering of Web traffic and a "hassle free" VPN solution (based on OpenVPN).
The main advantage of Endian Firewall is that it is a pure "Open Source" solution that is
commercially supported by Endian. The software is released under
GPL License.
Endian Firewall Highlights
- web based network configuration wizard
- RPM package system
- yum for system updates
- commercially supported
- hassle free VPN (thanks to OpenVPN)
- integrated antivirus (with the best Open Source antivirus ClamAV)
- Antispam (with Spamassassin))
- Transparent POP3 Proxy
|
|
Free, under GPL License, Commercial Support
|
|
Information updated: 09 Mar 06
|
|
Dante
|
|
|
Inferno Nettverk A/S
|
http://www.inet.no
|
|
Dante is a circuit-level firewall/proxy that can be used to provide convenient and secure network
connectivity to a wide range of hosts while requiring only the server Dante runs on to have external
network connectivity. Once installed, Dante can in most cases be made transparent to the clients
while offering detailed access control and logging facilities to the server administrator.
Developed by Inferno Nettverk A/S, Dante usually comes installed as part of a bigger Inferno Nettverk
firewall system. Inferno Nettverk has however decided to also offer it separately available via FTP.
The Dante version provided via FTP is under a BSD/CMU-type license and comes with complete source
code, for your convenience and verification.
Inferno Nettverk also provides commercial services related to Dante. These services include support,
customised installations/tuning of Dante, development, porting and embedding.
Several commercial modules are available for the Dante server. For more information see the
module page.
|
|
Free, Commercial Support
|
|
Information updated: 09 Mar 06
|
|
|
|
Firestarter
|
|
|
Tomas Junnonen
|
http://www.fs-security.com
|
|
Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with
powerful features, therefore serving both Linux desktop users and system administrators. We strongly
believe that your job is to make the high level security policy decisions and ours is to take care of
the underlying details. This is a departure from your typical Linux firewall, which has traditionally
required arcane implementation specific knowledge.
Firestarter features
* Open Source software, available free of charge
* User friendly, easy to use, graphical interface
* A wizard walks you through setting up your firewall on your first time
* Suitable for use on desktops, servers and gateways
* Real-time firewall event monitor shows intrusion attempts as they happen
* Enables Internet connection sharing, optionally with DHCP service for the clients
* Allows you to define both inbound and outbound access policy
* Open or stealth ports, shaping your firewalling with just a few mouse clicks
* Enable port forwarding for your local network in just seconds
* Option to whitelist or blacklist traffic
* Real time firewall events view
* View active network connections, including any traffic routed through the firewall
* Advanced Linux kernel tuning features provide protection from flooding, broadcasting and spoofing
* Support for tuning ICMP parameters to stop Denial of Service (DoS) attacks
* Support for tuning ToS parameters to improve services for connected client computers
* Ability to hook up user defined scripts or rulesets before or after firewall activation
* Supports Linux Kernels 2.4 and 2.6
* Translations available for many languages (38 languages as of November 2004)
|
|
Free/Open Source
|
|
Information updated: 09 Mar 06
|
|
SmoothWall Corporate Firewall 4
|
|
|
SmoothWall Ltd.
|
http://www.smoothwall.net
|
|
Corporate Firewall is a modular firewall system, designed to fulfil the network security needs of
small to medium size organisations and corporate branch offices, typically supporting a maximum of
250 user computers. The modular design allows the security system to grow with business needs,
providing the ability to retrospectively add facilities like Secure Remote Access for field staff,
VPN connectivity to branch offices, Web Content Filtering and Bandwidth Management.
Corporate Firewall 4 evolved from and replaces SmoothWall Corporate Server 3 firewall. Like Corporate
Server, ease-of-use was a primary design goal for Corporate Firewall, in recognition of the fact that
most mid-size companies have only limited IT resources and often no specialist security staff. Ease-of-use
starts with the documentation, comprehensive yet easy-to-follow Quick Start, Installation and
Administration manuals with both reference and tutorial/example sections. Installation briefly comes
next, for it takes less than ten minutes to install the software and turn a standard Pentium class PC
or server into a dedicated firewall appliance. There is no separate operating system to install,
maintain or understand as Corporate Firewall includes a cut-down security hardened version of the
Linux operating system. Once the software is installed, the final configuration and routine management
is performed via a user friendly Graphical User Interface from any web browser.
Corporate Firewall exploits the power, reliability and versatility of commodity PC hardware to provide a
cost effective firewall system that is easy to support and maintain. Compatible with a huge range of both
the latest and not-so-new hardware, almost any Pentium compatible PC or appliance is a suitable platform
for Corporate Firewall. Low end workstation or server computers from major manufacturers such as Dell and
HP are a common choice.
The stateful packet inspection firewall includes an Intrusion Detection System (IDS) to detect network
probes and attacks upon the firewall and the computers that it protects. Comprehensive logging and
reporting facilities record such IDS incidents, hardware performance, network utilisation and detailed
information about the traffic flowing through the firewall.
Corporate Firewall is the security solution that grows and evolves with business needs, not one that has to
be replaced every few years when it becomes obsolete.
Also see the high-end
Advanced Firewall product.
Enterprise class networks need more than the traditional perimeter firewall to protect them from the myriad
security threats posed by the Internet. Access to both internal and external resources needs to be as tightly
controlled as possible, to prevent unauthorised access and to block the spread of viruses and other
malicious code. As with all security, access control should depend upon the user identity, not be
determined by simplistic rules based on IP address alone. With Advanced Firewall, user authentication
against a Microsoft Active Directory or other LDAP server determines the security policies applied to each user.
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
floppyfw
|
|
|
Thomasez@zelow.no
|
http://www.zelow.no
|
|
Brief Description
floppyfw is a router with the advanced firewall-capabilities in Linux that fits on one single floppy disc.
Features:
* Access lists, IP-masquerading (Network Address Translation), connection tracked packet filtering and (quite)
advanced routing. Package for traffic shaping is also available.
* Requires only a 386sx or better with two network interface cards, a 1.44MB floppy drive and 12MByte of RAM
( for less than 12M and no FPU, use the 1.0 series, which will stay maintained. )
* Very simple packaging system. Is used for editors, PPP, VPN, traffic shaping and whatever comes up.
(now this is looking even more like LRP (may it rest in peace) but floppyfw is not a fork.)
* Logging through klogd/syslogd, both local and remote.
* Serial support for console over serial port.
* DHCP server and DNS cache for internal networks.
It will get more features, but only if it is possible to cram it into the one, single diskette.
More than one floppy is bloatware..
|
|
Free
|
|
Information updated: 09 Mar 06
|
|
|
|
Clavister Security Gateway SW-series
|
|
|
Clavister AB
|
http://www.clavister.com
|
|
The Clavister SW-Series is designed for users who need supreme security technology on their own choice
of hardware. Reasons for choosing a software solution can range from specific functional requirements,
platform design or simply because you have a spare hardware. Most important, as a Clavister customer,
you have all the functionality you need from your specific security solution. That’s why we give you
the freedom of choice.
The art of simplicity - Installing your solution from the Clavister SW-Series is simple. After all, we were
the first to offer the possibility to deploy a complete Security Gateway on a bare-bone PC in a matter of
minutes. All without struggling with operating systems, service packs or incompatible drivers. All Clavister
products have had this functionality since 1998. Now, we have refined the methodology. The new Clavister
SW-Series makes installation and deployment easier and faster than ever.
Products that grow with your needs - To suit market needs, we have segmented your products within the
Clavister SW-Series. Orientation and choice based on functional needs are therefore simplified.
Without compromising on customization we offer a number of standard configurations. The differences
between the models are performance and functionality, similar to the different products in the appliance
series. Moreover, if your requirements change, you can easily upgrade your product license to increase
capacity and functionality.
At a glance
• Freedom of choice - Clavister’s turn-key security technology available as software versions for
installation on your own choice of hardware platforms.
• Breadth & depth in the range - Your choice ranges from extreme security software for small
offices to peak performing versions enabling complex network solutions.
• Ultra-flexible software - Clavister’s Ultra-flexible software enables customized solutions required
for rapidly changing security necessities and carrier class demands.
1) The "Create new firewall" wizard in the management software...
2)...creates a boot floppy containing the entire Clavister Security Gateway product.
3) Boot your hardware platform from the boot floppy. Provide an IP address...
4) ...and the management software finalizes the deployment. Your new Security Gateway is up and running!
|
|
Commercial
|
|
Information updated: 09 Mar 06
|
|
InterGate
|
|
|
Vicomsoft Ltd.
|
http://www.firewall-software.com
|
|
Firewall Software for Internet Security: Why wait to be hacked?
Download InterGate today, install it under Windows or MacOS 9/X and be protected in minutes. It's that simple.
The InterGate firewall from Vicomsoft is easy to install, easy to configure and easy to use. It can provide
your network with full protection against Internet security threats without any complex settings.
InterGate firewall software offers considerable cost benefits when compared with firewall appliances and,
unlike an appliance, it can be downloaded and installed in minutes. You enjoy firewall protection immediately,
and have 30 days to evaluate free.
/font>
|
|
Commercial
|
|
Information updated: 10 Mar 06
|
|
Routerctl
|
|
|
Open Source
|
http://sofi-firewall.sourceforge.net
|
|
Routerctl (pronounced "router control") is a program to convert a normal PC into a network
router. It manages network connectivity, DNS, DHCP, NAT, packet filtering, firewall policies,
port forwarding, and IP forwarding via a single high-level configuration file. There is a
graphical 'wizard' to setup the network for the first time, and the program provides general
diagnostic information via a web browser.
Routerctl is a total rewrite of SOFI (Simple OpenBSD Firewall Interface). It is written in C
and uses the libc+ library originally developed for Recvmail.
|
|
Free
|
|
Information updated: 01 Nov 2007
|
|
|
|
netfence gateways
|
|
|
Phion Information Technologies
|
http://www.phion.com
|
|
The perimeter, the boundary between the company network and the outside world, is still the first and
most important line of defence. The performance of security solutions on the Internet and VPN gateways
decides whether external attacks mounted by hackers and malicious codes are successful in penetrating
the network – or whether they are blocked at the outset. Uncompromising perimeter security therefore
forms the basis for comprehensive protection of the critical resources and processes of a company.
Features & Benefits:
* Comprehensive protection with stateful inspection firewall and IPS
* Matured HA functionality
* High Availability
* VPN with traffic intelligence
* Content Security
* Local and central management
* Real-time accounting
* Flexibility and scalability
* Complete life-cycle management
* Optimum cost/benefit relationship
|
|
Commercial
|
|
Information updated: 10 Mar 06
|
|
pfSense
|
|
|
Scott Ullrich
|
http://www.pfsense.org
|
|
pfSense is a open source firewall derived from the m0n0wall operating system platform with radically
different goals such as using Packet Filter, FreeBSD 6.X (or DragonFly BSD when ALTQ and CARP is finished)
ALTQ for excellent packet queueing and finally an integrated package management system for extending the
environment with new features.
|
|
Free
|
|
Information updated: 10 Mar 06
|
|
Pf - OpenBSD packet filter
|
|
|
Open Source
|
http://www.benzedrine.cx
|
|
Packet filter is an open source project that is in many free BSD based *nixes.
From the History Page: NetBSD imports pf (port homepage, with mailing list). Almost precisely three years
after its birth (on June 24th, 2001), pf is now part of OpenBSD, FreeBSD and NetBSD.
|
|
pf is OSI Certified Open Source Software.
It's published under a two-clause BSD license.
|
|
Information updated: 10 Mar 06
|
|
|
|
netDefender
|
|
|
Sudhir Mangla and Rajender Singh
|
http://www.programmerworld.net
|
|
NetDefender firewall is a Free Firewall with source code which will be downloaded along with
firewall. It works on windows 2000 and above versions of windows. It has a very easy to use interface.
NetDefender Firewall is completely written in VC++ using MFC , Windows API, Filter Hook Driver
(Provided with Windows 2000).You can download this Firewall with complete source code from the hyperlink
provided at the bottom of the page.
Tools Used :
1) VC++ using MFC
2) Windows API
3) Filter Hook Driver (Provided with Windows 2000)
Features :
1. User can Block all Traffic and can Allow all traffic threw just one mouse click
2. It is a packet filtering Firewall.
3. User can add customaries rules to this firewall ass per to his requirements.
4. User can define rule based on source and destination IP, source and destination Port number,
and on Protocol used (IP,TCP,ICMP).
5. A Port scanner is also provided to scan the system for open Ports.
6. Proper help file is provided in case of any difficulty.
|
|
Free
|
|
Information updated: 10 Mar 06
|
|
EasyGate
|
|
|
Neuberger & Hughes
|
http://www.easygate.net
|
|
EasyGate is a Linux-based software package for business usage, available in several licences/versions
from a firewall & VPN server to a "complete communication server".
EasyGate can serve as a complete internet solution with a built-in firewall, mailserver, webserver,
proxyserver, nameserver, PPTP for teleworking and IPsec for encrypted network linking. The product
also comes solely as a firewall and VPN solution, without any extras. A clear and flexible concept,
allowing you to buy only the things that you need.
The Linux-based EasyGate software is a stable and low-priced alternative to the products of Microsoft,
Novell and other manufacturers. Convince yourself of the quality, stability, security and the intuitive
manageability of EasyGate. If you have any questions you are welcome to contact Neuberger & Hughes. We will
be glad to answer them and to give you advice on a suitable solution for your networking issues.
|
|
Commercial
|
|
Information updated: 10 Mar 06
|
|
m0n0wall
|
|
|
Manuel Kasper
|
http://www.m0n0.ch
|
|
m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used
together with an embedded PC, provides all the important features of commercial firewall boxes (including
ease of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities.
The entire system configuration is stored in one single XML text file to keep things transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than
the usual shell scripts, and that has the entire system configuration stored in XML format.
|
|
Free
|
|
Information updated: 10 Mar 06
|
|
|
|
IPFilter
|
|
|
Darren Reed
|
http://cheops.anu.edu.au/~avalon
|
|
PFilter is a software package that can be used to provide network address translation (NAT) or firewall
services. To use, it can either be used as a loadable kernel module or incorporated into your UNIX kernel;
use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and
patch system files, as required.
It comes as a part of the following operating systems:
* FreeBSD-current (post 2.2)
* NetBSD-current (post 1.2)
* xMa | | |
