We have two offices which both run an ASP service for various clients connected via VPN and Frame connections. These are probably examples of some more complex configurations.
Office 1 (local)
Astaro 4.x running on a Dell PowerEdge 350 PIII 833mhz w/ 256MB RAM 2 10/100 Nics and 1 GigE Nic 1 Admin network on 10/100 - non-tagged VLAN(1) 1 Internet (T1) connection on 10/100 - non-tagged VLAN 1 Wide Area Network connection, 1 DMZ, and 6 or more VLAN separated LAN's connected to a GigE Interface using Tagged VLAN's - ASP products are hosted on one or more of those separated VLAN's.
Hosts 2 or more VPN tunnels, with many more to come shortly Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. QOS rules for Internet and WAN connections
Office 2 (remote) Same hardware, but 4 10/100 ports, and running ASL 3.2.x (waiting on up2date) Network 1, Internet Network 2, Wide Area Network Network 3 and 4, Internal networks
Once up2dated, will run VLAN's on one of the internal networks to make separate subnets for our ASP products.
Hosts 4 or more VPN tunnels. Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. The HTTP proxy has been customized in the squid-default config to add acl's for specific host access to certain sites (poor-man's content filtering - either you have full access or you have limited access to work-required sites). QOS rules on Internet and WAN connections
We have two offices which both run an ASP service for various clients connected via VPN and Frame connections. These are probably examples of some more complex configurations.
Office 1 (local)
Astaro 4.x running on a Dell PowerEdge 350 PIII 833mhz w/ 256MB RAM 2 10/100 Nics and 1 GigE Nic 1 Admin network on 10/100 - non-tagged VLAN(1) 1 Internet (T1) connection on 10/100 - non-tagged VLAN 1 Wide Area Network connection, 1 DMZ, and 6 or more VLAN separated LAN's connected to a GigE Interface using Tagged VLAN's - ASP products are hosted on one or more of those separated VLAN's.
Hosts 2 or more VPN tunnels, with many more to come shortly Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. QOS rules for Internet and WAN connections
Office 2 (remote) Same hardware, but 4 10/100 ports, and running ASL 3.2.x (waiting on up2date) Network 1, Internet Network 2, Wide Area Network Network 3 and 4, Internal networks
Once up2dated, will run VLAN's on one of the internal networks to make separate subnets for our ASP products.
Hosts 4 or more VPN tunnels. Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. The HTTP proxy has been customized in the squid-default config to add acl's for specific host access to certain sites (poor-man's content filtering - either you have full access or you have limited access to work-required sites). QOS rules on Internet and WAN connections
Home/Non-Commercial Use I use it to protect a network of 6 or so PC’s with a mixture of both public & private IP addresses on the internal network. I host a few services for private use (Mail, FTP, Terminal Server etc) all of which should be password secured.
Currently on Astaro 3 – haven’t moved to 4 yet as I don’t have a free weekend to commit to the move (OK – so it won’t take a weekend – but I like to be cautious)
Astaro box is a no-name clone with Intel & Netgear cards. AMD K62/500 with 256MB of ram and a 6 GB disk.
Astaro runs very stable – everytime I have a problem and blame the firewall – its always been innocent.
I use mine in my home to protect a small internal network. PII-400, 128MB RAM, 6.4GB HDD I've hacked in Snort 1.9.1 3 NICs, Ext, LAN, DMZ. I host my own mail and use the SMTP proxy, as well as host private FTP, NTP. Currently I have 6 IPs in my LAN and 2 in the DMZ. Getting close to that 10 IP limit.
