Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / Couple of questions
« on: March 25, 2010, 05:49:15 am »
http://trac.ebox-platform.com/wiki/Document/AdvanceSetup
After I finish setup by selecting advance mode(instead on standalone), setup process guide me to read further on the above link, but that link is not seems available.
apart from that I have some more questions.
1. What is the reasonable size to set for proxy cache?
2. the link say I need to setup a firewall rule it transparently proxy https, what rule I need to setup?
3. how can I setup a dhcp exclusion range and dhcp relay?
In service > configuration to add a new service > here we have only
Protocol Source port Destination port Action
It would be nice to have a column to define service name.
Also a drop down menu is more suitable to choose filter the action if in block list catogery(exist only if you have some blacklist uploaded).
It would also be nice to have an option to select deny all extensions, deny mime type, currently there is an option to allow all.
still exploring, it look pretty stable, just a bit slow though
After I finish setup by selecting advance mode(instead on standalone), setup process guide me to read further on the above link, but that link is not seems available.
apart from that I have some more questions.
1. What is the reasonable size to set for proxy cache?
2. the link say I need to setup a firewall rule it transparently proxy https, what rule I need to setup?
3. how can I setup a dhcp exclusion range and dhcp relay?
In service > configuration to add a new service > here we have only
Protocol Source port Destination port Action
It would be nice to have a column to define service name.
Also a drop down menu is more suitable to choose filter the action if in block list catogery(exist only if you have some blacklist uploaded).
It would also be nice to have an option to select deny all extensions, deny mime type, currently there is an option to allow all.
still exploring, it look pretty stable, just a bit slow though
2
Installation and Upgrades / difference between deny and filter
« on: March 24, 2010, 01:14:03 pm »
What is the difference between deny and filter option in http proxy.
3
Installation and Upgrades / first impression
« on: March 24, 2010, 10:16:25 am »
Hi there,
I'm a sysadmin in a school, I'm newly appointed here and got assigned a project to upgrade the network infrastructure to meet the essential security needs. Basically what we want is
1. to secure LAN from internet attacks
2. to allow a group of user/computers to access internet
3. to allow a group of user/computers to access only one IP(on internet) but not the internet.
4. to apply a virus filtering on all the net traffic entering my LAN
5. to apply a spam filter on all the mails entering to LAN
6. to content filter internet of some of the allowed users(not all users)
7. layer 7 filter
8. qos
9. logging
And all this has to be build on open source as per the budget constrains. Though I could always install debian and customized it to suite my need but that is something requires time and unfortunately I don't have much of that.
So decided to give a try to firewall appliances/UTM available on the internet. I tried several linux based firewall distro some of the are clearOS, Endian community edition, ip-cop, smoothwall, pfsense, censornet, monowall, zeroshell, gibraltor, untangle, ipfire to name a few.
Right now I'm running IP-cop with some mods added and it running perfect. But I'm missing the qos and layer7 filter, ip-cop support qos and can be customized to do layer7 filtering but you need to change the kernel which means no more official updated.
So I dive into internet further and stumble upon Astaro and eBOX. After doing a test drive on demo site, I can say astaro is something closely matching my needs. But unfortunately I haven't find good review about their products, I found people complaining about their support. I know its hard to come up with everyone's expectation, After visiting around their site, I found that knowledge base section is completely waste of time. Who on earth today have all of its user guides/manuals in pdf only? there is a html link on the kb section but clicking on that will point you to same pdf file. You could try downloading it but only thing you will get is a text file having html code. wait, you could also email it but sorry that will also point you to the same pdf file. Clicking on the link to view it always show error 550. also they provide only essential firewall edition for free which will not serve my purpose. eBox on the other hand is somewhat I was looking for, now I'm thinking to reconsider my thoughts about Astaro.
some features I like in ebox (not to mention ebox support all the function I listed above)
1. Modular approach
2. can be setup as dedicated mail server/file server/utm/prin server/egroupware/messaging/database/voip server or all in one server having all of these features
3. Based on debian (which I love and most familiar with)
4. Free
5. Still exploring
I'm a sysadmin in a school, I'm newly appointed here and got assigned a project to upgrade the network infrastructure to meet the essential security needs. Basically what we want is
1. to secure LAN from internet attacks
2. to allow a group of user/computers to access internet
3. to allow a group of user/computers to access only one IP(on internet) but not the internet.
4. to apply a virus filtering on all the net traffic entering my LAN
5. to apply a spam filter on all the mails entering to LAN
6. to content filter internet of some of the allowed users(not all users)
7. layer 7 filter
8. qos
9. logging
And all this has to be build on open source as per the budget constrains. Though I could always install debian and customized it to suite my need but that is something requires time and unfortunately I don't have much of that.
So decided to give a try to firewall appliances/UTM available on the internet. I tried several linux based firewall distro some of the are clearOS, Endian community edition, ip-cop, smoothwall, pfsense, censornet, monowall, zeroshell, gibraltor, untangle, ipfire to name a few.
Right now I'm running IP-cop with some mods added and it running perfect. But I'm missing the qos and layer7 filter, ip-cop support qos and can be customized to do layer7 filtering but you need to change the kernel which means no more official updated.
So I dive into internet further and stumble upon Astaro and eBOX. After doing a test drive on demo site, I can say astaro is something closely matching my needs. But unfortunately I haven't find good review about their products, I found people complaining about their support. I know its hard to come up with everyone's expectation, After visiting around their site, I found that knowledge base section is completely waste of time. Who on earth today have all of its user guides/manuals in pdf only? there is a html link on the kb section but clicking on that will point you to same pdf file. You could try downloading it but only thing you will get is a text file having html code. wait, you could also email it but sorry that will also point you to the same pdf file. Clicking on the link to view it always show error 550. also they provide only essential firewall edition for free which will not serve my purpose. eBox on the other hand is somewhat I was looking for, now I'm thinking to reconsider my thoughts about Astaro.
some features I like in ebox (not to mention ebox support all the function I listed above)
1. Modular approach
2. can be setup as dedicated mail server/file server/utm/prin server/egroupware/messaging/database/voip server or all in one server having all of these features
3. Based on debian (which I love and most familiar with)
4. Free
5. Still exploring
Pages: [1]