~ How much of a turnkey solution are you looking for? If you have the
time to sit down do some development and integration than using PF on
OpenBSD would give you an awesome solution...
~ I don't think it will be a very big project, look at integrating
usernames/IP addresses (or anything else) with PF's anchors ...
- --
ttyl
Paolo
Johann Spies wrote:
| We have to either renew the licence on our Checkpoint Firewall-1 NG
| (and upgrade it) or change to another software solution for our
| firewall setup.
|
| Our approximately 25000 users pay for internet, some of them use a
| pay-as-you-go-system. At the moment the accounting is done by custom
| programs that reads the active connections in the FW-memory. We have
| two problems with the present setup:
|
| 1. FW-1 does not connect the user and the traffic in memory or always
| in the logs. Only the source IP. So it is impossible for us to
| handle accounting for different users using the same IP.
|
| 2. FW-1 does not end active connections immediately after a user has
| logged off.
|
| We are in a process of evaluating different options. One of them is
| NuFw - an open source product.
|
| Any recommendations of other products you know of will be appreciated.
|
| Regards
| Johann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
Hash: SHA1
Hi
~ How much of a turnkey solution are you looking for? If you have the
time to sit down do some development and integration than using PF on
OpenBSD would give you an awesome solution...
~ I don't think it will be a very big project, look at integrating
usernames/IP addresses (or anything else) with PF's anchors ...
- --
ttyl
Paolo
Johann Spies wrote:
| We have to either renew the licence on our Checkpoint Firewall-1 NG
| (and upgrade it) or change to another software solution for our
| firewall setup.
|
| Our approximately 25000 users pay for internet, some of them use a
| pay-as-you-go-system. At the moment the accounting is done by custom
| programs that reads the active connections in the FW-memory. We have
| two problems with the present setup:
|
| 1. FW-1 does not connect the user and the traffic in memory or always
| in the logs. Only the source IP. So it is impossible for us to
| handle accounting for different users using the same IP.
|
| 2. FW-1 does not end active connections immediately after a user has
| logged off.
|
| We are in a process of evaluating different options. One of them is
| NuFw - an open source product.
|
| Any recommendations of other products you know of will be appreciated.
|
| Regards
| Johann
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkhieIIACgkQRrCnED/jZ/h86ACfbhk082MPunvUCddSnayhzymV
qWEAoJKRe46OIK1l9fs6Hqnh+SMbsLVA
=EMSk
-----END PGP SIGNATURE-----
[ reply ]