While servers require more involvement and active maintenance, some aspects of the installation process are, in fact, streamlined i.e. a server distro is designed to take over an entire hard disk which eradicates the need to define partitions. The firewall distros in this roundup go to great lengths to help you mould the installation as per your network configuration. All of them employ browser-based interfaces that can be used to monitor and modify the various components of the firewall.
Having a graphical interface is crucial – a technologically sound base isn’t enough by itself. A convoluted or illogically arranged management interface will have a direct bearing on a distro’s usability and prevent users from getting the most out of it.
We’ll break this slide down into mini-reviews of the deployment experience, starting with…
IPFire is written from scratch and has a straightforward installation process. The installer will detect the number of NICs (Network Interface Controllers) attached to the computer and ask you to assign them to one of the four colour-coded zones. Each of these zones caters to a group of machines that share a common security level. Later on you’ll be asked to assign an IP address to the NIC that’s connected to your internal network. An IP address will be doled out via DHCP.
Once you’ve installed the distro, fire up its browser-based admin interface which is available on the IP address you assigned to the NIC connected to the local network. Head to the Firewall section in the admin interface to define the rules for the firewall. While the interface is simple to use, it requires some expertise for effective deployment. You should also read the documentation thoroughly.
This distro was forked from pfSense and follows the same straightforward installation procedure. After installation, the distro boots to the command-line dashboard which also includes the address of the browser-based admin console. The admin interface is the one major visible difference between the distro and its progenitor. The interface takes you through a brief setup wizard prompting you for information about your network.
Once it’s rebooted with the right settings, head to the Rules section under Firewall. The rules definition interface is presented logically and includes a switch to display relevant help information to explain the various settings. Similarly, configuring the other components of the firewall distro is also a relatively intuitive process. Since the distro has a vast number of settings, you can enter keywords in the search box at the top of the interface to locate the relevant setting.
The FreeBSD-based distros, pfSense and OPNsense, use the same fairly automated installers, though the original pfSense version offers more advanced options, including the ability to install a custom kernel. Again, just like OPNsense, pfSense boots to a console-based interface that gives you the option to configure the network interfaces on the installed machine.
Once they are all set up and configured, a browser-based console will take you through the setup wizard. The web interface for pfSense has recently been updated giving it a much smoother and more streamlined feel.
The distro requires you to put some time into learning it, especially if you’re going to use the add-on packages, but the documentation is worth its weight in gold (if printed out).
To get started with Sophos UTM you have to download the ISO, register on the project’s website, get a user licence and upload it to the server for further configuration. During installation, Sophos asks you to select the NIC connected to the internal network and assign it an IP address, which you can use to access the distro’s browser-based admin interface. You’ll also be asked to agree to installation of some proprietary components which are necessary in order to use the distro.
Once installed, you can bring up the browser-based management interface and run through the brief setup during which you can upload the licence. Sophos then locks down all traffic and enables you to ‘poke’ holes for the type of traffic you wish to allow.
Untangle NG Firewall
The Debian-based distro Untangle NG is very easy to set up and is the only distro in this roundup which restarts automatically after installation into the web-based setup wizard. Untangle NG asks you to set the password for the admin user, then to choose and configure the two network cards. One of these connects to the internet and the other to your local network.
Once setup is complete, Untangle prompts you to create a free account in order to configure the server. You’ll then have to install applications, such as the firewall, to enable specific functions. Almost all the applications are preconfigured and run automatically after install. You can also customise each application by clicking the Settings button under it. Untangle’s dashboard also enables you to analyse the traffic passing through the server, and each application will show statistics for its own traffic as well.