We have two offices which both run an ASP service for various clients connected via VPN and Frame connections. These are probably examples of some more complex configurations.
Office 1 (local)
Astaro 4.x running on a Dell PowerEdge 350 PIII 833mhz w/ 256MB RAM 2 10/100 Nics and 1 GigE Nic 1 Admin network on 10/100 - non-tagged VLAN(1) 1 Internet (T1) connection on 10/100 - non-tagged VLAN 1 Wide Area Network connection, 1 DMZ, and 6 or more VLAN separated LAN's connected to a GigE Interface using Tagged VLAN's - ASP products are hosted on one or more of those separated VLAN's.
Hosts 2 or more VPN tunnels, with many more to come shortly Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. QOS rules for Internet and WAN connections
Office 2 (remote) Same hardware, but 4 10/100 ports, and running ASL 3.2.x (waiting on up2date) Network 1, Internet Network 2, Wide Area Network Network 3 and 4, Internal networks
Once up2dated, will run VLAN's on one of the internal networks to make separate subnets for our ASP products.
Hosts 4 or more VPN tunnels. Using HTTP Transparent Proxy (w/o surf protection), SMTP Proxy (w/o virus protection), DNS Proxy, and DHCP servers. The HTTP proxy has been customized in the squid-default config to add acl's for specific host access to certain sites (poor-man's content filtering - either you have full access or you have limited access to work-required sites). QOS rules on Internet and WAN connections
Home/Non-Commercial Use I use it to protect a network of 6 or so PC’s with a mixture of both public & private IP addresses on the internal network. I host a few services for private use (Mail, FTP, Terminal Server etc) all of which should be password secured.
Currently on Astaro 3 – haven’t moved to 4 yet as I don’t have a free weekend to commit to the move (OK – so it won’t take a weekend – but I like to be cautious)
Astaro box is a no-name clone with Intel & Netgear cards. AMD K62/500 with 256MB of ram and a 6 GB disk.
Astaro runs very stable – everytime I have a problem and blame the firewall – its always been innocent.
I use mine in my home to protect a small internal network. PII-400, 128MB RAM, 6.4GB HDD I've hacked in Snort 1.9.1 3 NICs, Ext, LAN, DMZ. I host my own mail and use the SMTP proxy, as well as host private FTP, NTP. Currently I have 6 IPs in my LAN and 2 in the DMZ. Getting close to that 10 IP limit.
I use mine in my home to protect a small internal network. PII-400, 128MB RAM, 6.4GB HDD I've hacked in Snort 1.9.1 3 NICs, Ext, LAN, DMZ. I host my own mail and use the SMTP proxy, as well as host private FTP, NTP. Currently I have 6 IPs in my LAN and 2 in the DMZ. Getting close to that 10 IP limit.
