On Jun 24, 2008, at 1:40 AM, Johann Spies wrote:
> We have to either renew the licence on our Checkpoint Firewall-1 NG
> (and upgrade it) or change to another software solution for our
> firewall setup.
I would upgrade. Keep things simple with what you already know.
>
>
> Our approximately 25000 users pay for internet, some of them use a
> pay-as-you-go-system. At the moment the accounting is done by custom
> programs that reads the active connections in the FW-memory. We have
> two problems with the present setup:
>
> 1. FW-1 does not connect the user and the traffic in memory or always
> in the logs. Only the source IP. So it is impossible for us to
> handle accounting for different users using the same IP.
>
> 2. FW-1 does not end active connections immediately after a user has
> logged off.
1) What would be an acceptable connection teardown timeout value?
2) active connections will timeout or tear down within minutes of a
connection.
>
> We are in a process of evaluating different options. One of them is
> NuFw - an open source product.
>
> Any recommendations of other products you know of will be appreciated.
>
> Regards
> Johann
> --
> Johann Spies Telefoon: 021-808 4036
> Informasietegnologie, Universiteit van Stellenbosch
>
> "Children, obey your parents in the Lord: for this is
> right." Ephesians 6:1
>
