Considerations for a self-made enterprise-class firewall

Product list

big players

heavy-load

Cisco ASA
Juniper SRX
Sophos XG Firewall

also worth mentioning

Mikrotik (linux-based, own front-end to Netfilter)

out-of-the-box OSS products

OPNsense (formerly pfSense)
pfSense (fbsd-based)
NVIDIA Cumulus Linux (not much on the firewall front, just its own front-end for Netfilter ACLs)
VyOS (debian-based, also its own netfilter front-end)
IPFire
IPCop Firewall
Smoothwall
Shorewall
ConfigServer Security & Firewall (CSF)
Endian Firewall Community (EFW)
ClearOS + Linux Firewall

Low footprint

OpenWrt
LibreCMC
DD-WRT
Openwall
LEAF Project
fli4l

diy

Linux Netfilter
- iptables
- nftables
Linux eBPF
FreeBSD IPFW vs. legacy PF - SMP
OpenBSD PF
DragonFlyBSD legacy PF
NetBSD NPF (SMP)

Hardware

What product can be shipped as dedicated hardware?

What is the alternative?

==> just make sure you got the right NIC!

https://www.dragonflybsd.org/cgi/web-man?command=ix

High Throughput and Offloading Performance

NGFW

Which ones are DPI-capable?

Resources

Open Source NGFW / Top 5 in 2022 https://syncbricks.com/top-5-best-free-ngfw-firewall/

Top 10 Open-Source Firewalls https://em360tech.com/top-10/open-source-firewalls

8 Best Open Source Firewall to Protect Your Network https://geekflare.com/best-open-source-firewall/

oss low footprint

https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions https://en.wikipedia.org/wiki/Comparison_of_firewalls

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun