[unisog] Managed host based firewalls

Alexander Clouter alex at digriz.org.uk
Tue Jun 16 23:01:26 GMT 2009

Brian Grime <bgrime at bgsu.edu> wrote:
> I have been asked by our windows server team to find a managed host 
> based firewall that they can use that will at the least report back to 
> a central server.  They are not looking for a complete endpoint 
> solution just a firewall to replace the windows firewall.  Any 
> suggestions?
Might work for you, but for our summer break I'm looking at deploying 
per-port network switch ACL's.  We have stacks of Cisco 3750's and 
802.1X with mac-auth fallback authorising hosts onto the network.  In 
those RADIUS accept packets you can include firewalling ACL's (or apply 
a default filter list).

Obviously that would be an OS-independent system, could be applied to 
printers, etc etc and is centrally managed.  Logging is obviously via 
syslog which you probably are already logging anyway?

The limitation, it's an 'extended' access-list so not hugely stateful 
but I think very flexible; just got to put my mind into ipchains-esque 
thinking rather than iptables :)

Of course:
 1) you need to be using 802.1X/mac-auth via RADIUS (if not you will be 
	stuck with static ACL's per port which makes management a pain)
 2) only protects workstations on your network, not useful if you were 
	hoping to deal with firewall for laptops out in the field


Alexander Clouter
.sigmonster says: Something's rotten in the state of Denmark.
                  		-- Shakespeare

More information about the unisog mailing list