Campus Firewall suggestion *please*

[balaoptic]

Hello everyone,

I have been around the forum for about 2 years now. I just registered today.

I work as a network tech for a small campus. We service about 225 computers.
We have a Cisco 3620 router and T-1 service from verio.
We don't have a firewall 😱, we have been lucky so far.

I would like your suggestion on a firewall.

I know a Cisco PIX would be ideal, but that is not an option for us.

What we do have is a 1U P3 1.0ghz, 512mb, 36gb HD, dual nic, etc...

Any suggestions on a firewall solution, without requiring additional hardware will be appreciated.

*Note* I am not that much familiar with firewalls except for software firewalls, neither are my colleagues. We would like a fairly easy solution.
Any help will be greatly appreciated.

Thank you

 

[Soybomb]

\Then I'd just slap a bsd on there and set one up. I use freebsd with ipf and the rules are very readable and its easy to maintain.

ie:
block in quick on xl0 from 192.168.0.0/16 to any #RFC 1918 Private IP
block in quick on xl0 from 172.16.0.0/12 to any #RFC 1918 Private IP
block in quick on xl0 from 10.0.0.0/8 to any #RFC 1918 Private IP
block in quick on xl0 from 127.0.0.0/8 to any #loopback

pass in quick on xl0 proto tcp from any to server1/32 port = 22 flags S keep state keep frags
pass in quick on xl0 proto tcp from any to server1/32 port = 80 flags S keep state keep frags
pass in quick on xl0 proto tcp from any to server1/32 port = 443 flags S keep state keep frags

I got tired of trying to read ip table rules 😉

 

[spidey07]

I know you said it isn't an option but...pix 506e can be had for less than a thousand bucks.

 

[cmetz]

What do you want this firewall to do?

The 3620 has basic filtering capabilities in the form of access-lists that aren't a complete solution but are a good first step.

 

[Diaonic]

Sonic wall 🙂

 

[n0cmonkey]

Get a second machine like that one and setup a couple of Checkpoint boxes in HA.