[asterisk-users] Best Firewall Suggestions?

Myles Wakeham myles at techsol.org
Tue Oct 13 22:06:11 CDT 2009 

 >> My customer has a outdated firewall that is also presenting a NAT 
nightmare
 > for getting the Asterisk server reachable from the internet.
 >
 > What firewalls work good with VOIP? I really want to steer away from 
any ALG
 > supported firewall. I just want a good firewall that works well with
 > Asterisk.

We're running IPCop (Linux based, open source, 100% free), and its been 
fantastic for us.  www.ipcop.org

I spent weeks trialing many others.  Even had Astaro send me out a trial 
box to use.  I think we short-listed this down to pfSense, SmoothWall, 
Astaro and IPCop.  Its been a while since we did this, so newer versions 
might have different test results now, but (if I remember correctly):

1. pfSense - Solid, but was a bit picky on network adapters (we wanted 
to use a Quad NIC for this).  Also was a bit cryptic for setup, but 
that's probably just us being too lazy to RTFM.

2. Shorewall - this worked out of the box, looked easy to setup, etc. 
But when it came down to supporting multiple external WAN IP addresses 
that we had, it fell short and was dismissed as an option.  I believe 
that their commercial version did support this, but had a hard time 
trying to find who to buy the damn thing from.

3.  Astaro - great company to work with.  Really helpful, great tech 
support, etc.  Loving all of that.  Not loving the $2K+ price tag for 
what we needed.  But then we are stingy and cheap.  That's just us.  If 
you have commercial clients, and budget this looked really good.

4.  IPCop - its free.  Was a dream to install and setup.  Support via 
their mailing list was awesome.  The people there didn't make us feel 
like newbs when we had basic questions to ask.  Feature set rivaled all 
other products, and there is a pretty healthy add-on market for it.  QoS 
was decent, although there are add-ons for better QoS granularity.

We chose IPCop.  Been running it with Asterisk and our other network 
apps, servers, etc. for about 4 months straight.  Never needed a reboot. 
  Never crashed.  Low footprint, and runs on some old dog hardware we 
had lying around.

Like I said, this review is about 6 months old, so things change. 
That's our biz.  Go figure.

Of course, your mileage may vary.

Myles
-- 
=======================
Myles Wakeham
Director of Engineering
Tech Solutions USA, Inc.
Scottsdale, Arizona  USA
http://www.techsolusa.com
Phone +1-480-451-7440

More information about the asterisk-users mailing list