New UTM *nix distro, Simplewall

[YeOldeStonecat]

http://www.simplewallsoftware.com/

I'm not sure how long it's been out, I can't find much about it via Google....but a member of another tech forum I hang at put a post up about it a week ago.

Yesterday I downloaded it and installed on a Lenovo ThinkCentre mini desktop with a Core 2 Duo. I like the modern look of the GUI, and it has some interesting features.

They have a free version, and a pay for version...at 95 bucks/year. Quite inexpensive.

Pretty easy setup/install routine. Easy dashboard and web management.

Another option for those that like to build their own UTM routers that have more security features than some off the shelf Stinksys or Nutgear or DStink basic router.

 

[coxhaus]

YeOLDeStonecat, I am interested in your thoughts on Simplewall as you have more time with the product. I am pretty sold on Untangle because it has turned out to be the most maintenance free UTM which I have run. It runs and runs without attention updating itself where there are changes at night. There just never seems to be any bugs which cause problems.

Nothing is more important than having your front door to the internet running. You can have any other device go down and still work but if the internet goes down it is like being broken. You get more grief from the internet down than anything. The UTM really needs to be rock solid and just run. I guess I should add speed in there somewhere. It also can’t be slow. People want to be feed web pages fast.

 

[YeOldeStonecat]

I too an quite solid on Untangle....I've been using the distro since version 5, and we have many many of our business clients running behind it. It's reliability and performance is really based on the hardware it is installed on....select good quality software, not "motherboard of the month club" cheap stuff.

I'm curious how well Simplewall keeps out todays current web based malware. Untangle has a separate malware blocker in addition to its basic antivirus and phishing blocker. As far as the other UTMs go...Endian, IPCop w/Copfilter, ClearOS, Astaro...I've not seen a separate malware blocker module in those. Most of, if not all, of the free versions of UTMs simply use ClamAV as their freebie AV product...and as most of us know..that's not a very effect AV by itself. It's OK for SMTP filtering (email)..but it's as useless as can be for current web based threats.

 

[AdvHomeServer]

I have it bookmarked for later reference. Also thinking about untangle and sophos.

A question about home use for UTM software.

I plan to build my own using a small form dual nic PC. The j1800 appears to be common in newer models. Is it powerful enough for home use - small demand. (A few active devices at any time, 50 to 100 Mbs Comcast, active security processes -, otherwise no point in a UTM, OpenVPN for outside internet access) Any other low end processors capable? want to avoid i3 and up due to cost. I think my a6-1450 laptop would be too low powered.

This would cost under $300 to build, but would a J1800 do the job?

 

[L&LD]

The J1800 is the weaker option here than your laptops apu.

http://www.cpubenchmark.net/compare.php?cmp[]=1908&cmp[]=2167&cmp[]=2131

The J19oo quad core may be a better fit if more cores are utilized os and in the programs you'll run.

 

[coxhaus]

I think the original idea for home use was to repurpose old workstations. As you upgraded to the newer machine the older machine was used for task like routing or firewall stuff.

I used a left over Intel 5000 series server motherboard. The server guys wanted lots of cores so duals and quads were very cheap and not wanted. I used a dual core low voltage Xeon 30 watt cpu. The processor with 4 gigs of ram never goes above low on the Untangle scale with a 30meg connection. The cpu probably cost $25 . The motherboard was free as a left over which would only run 2 quads. I run one cpu and used a left over small laptop drive. It is not the most energy efficient but it probably only cost $15 or $20 to run a year. I think it is worth it for the security and peace of mind. I have been running this machine for over 6 years.
PS
I just looked up my Intel LV5148 cpu. It is 40 watt not 30. Back in the old days it was very low power.

 

[AdvHomeServer]

The J1800 is the weaker option here than your laptops apu.

http://www.cpubenchmark.net/compare.php?cmp[]=1908&cmp[]=2167&cmp[]=2131

The J19oo quad core may be a better fit if more cores are utilized os and in the programs you'll run.

Whoops. I meant j1900. Various forums like intel vs amd for this purpose, hence my confusion. How much cpu do these products really need for a small home network that want to use utm features. The forums are scattered on this.

 

[coxhaus]

Why not just try your laptop as it will give you a frame of reference.

 

[AdvHomeServer]

Why not just try your laptop as it will give you a frame of reference.

a: The dual nic usb 3 adapter costs over $50 and I'm not sure it will work
b: I'm using the laptop for general purpose computing and then I will be 1 laptop short during the trial. If it works I'll have to replace it ... which I will do later in the year if I can find a good deal and if it works as a utm.
c: People are long on suggestions and opinions and short on specifics and I need better info other than generalities before spending any $$$. Many have favorite UTM software, but nobody spends much time offering specs on how to run it. I've been trying to get past the anecdotes for a while and can't seem to do that. The UTM forums aren't much better, according to google searches.
d: I have no interest in buying a commercial gateway and paying hundreds a year for software when sophos, untangle and others offer free to low cost homebrew solutions.
e: The mfgr sites provide hardware specs that are meaningless in translation.

People with experience have the only answers and few appear to want to reply so that the answer can translate to modern small form equipment as a frame of reference.

 

[coxhaus]

I think you are trying to be on the cutting edge and few people have what is current. The ones that have experience are running older hardware.

 

[L&LD]

a: The dual nic usb 3 adapter costs over $50 and I'm not sure it will work
b: I'm using the laptop for general purpose computing and then I will be 1 laptop short during the trial. If it works I'll have to replace it ... which I will do later in the year if I can find a good deal and if it works as a utm.
c: People are long on suggestions and opinions and short on specifics and I need better info other than generalities before spending any $$$. Many have favorite UTM software, but nobody spends much time offering specs on how to run it. I've been trying to get past the anecdotes for a while and can't seem to do that. The UTM forums aren't much better, according to google searches.
d: I have no interest in buying a commercial gateway and paying hundreds a year for software when sophos, untangle and others offer free to low cost homebrew solutions.
e: The mfgr sites provide hardware specs that are meaningless in translation.

People with experience have the only answers and few appear to want to reply so that the answer can translate to modern small form equipment as a frame of reference.

What? I thought you were doing this to learn and to share on your website?

Dive in now when no data is available (as you state yourself) and tell us how it is. Yes, it will be expensive. But a good education always is.

 

[AdvHomeServer]

What? I thought you were doing this to learn and to share on your website?

Dive in now when no data is available (as you state yourself) and tell us how it is. Yes, it will be expensive. But a good education always is.

Fine, you pay for it, I'll play with it and report fully later. Don't expect me to give it back. Make sure it has a strong enough processor and doesn't cost much in electricity to run.

In About Free Advice, I mention something about forum advice.

I suppose the advice would be endless if I needed info about asus vs tp link.

 

[L&LD]

Fine, you pay for it, I'll play with it and report fully later.

In About Free Advice, I mention something about forum advice.

Why the attitude? We didn't ask you to do this, you stated this on your own.

 

[AdvHomeServer]

Why the attitude? We didn't ask you to do this, you stated this on your own.

Dude, I asked for some simple advice from people with experience on the subject. Several times. I was ignored most of the time. I gave it another try. You replied with the attitude. Sorry you don't like my web site. I wrote it as an antidote to bad advice and provide an alternative to poor explanations elsewhere. As i said on the intro page, it's the site I wish I had found when I needed the info. Many articles rank very high on Google searches. If I need feeds and speeds, I read these articles here.

 

[L&LD]

Please don't call me dude, okay?

I asked a question and you asked for cash. The attitude is on your end, friend.

 

[AdvHomeServer]

Please don't call me dude, okay?

I asked a question and you asked for cash. The attitude is on your end, friend.

No, that's not what I said. Now you know why I have a low opinion of most forum advice. This was the only oasis I knew of, although others probably exist ... I don't know the whole internet yet. But if I'm that unpopular because I don't feel like endlessly stating the same opinion on N300 or the like over and over again, so be it. AC-infinity and beyond.

 

[L&LD]

What? I thought you were doing this to learn and to share on your website?

Dive in now when no data is available (as you state yourself) and tell us how it is. Yes, it will be expensive. But a good education always is.

Fine, you pay for it, I'll play with it and report fully later. Don't expect me to give it back. Make sure it has a strong enough processor and doesn't cost much in electricity to run.

In About Free Advice, I mention something about forum advice.

I suppose the advice would be endless if I needed info about asus vs tp link.

Why the attitude? We didn't ask you to do this, you stated this on your own.

Please don't call me dude, okay?

I asked a question and you asked for cash. The attitude is on your end, friend.

No, that's not what I said. Now you know why I have a low opinion of most forum advice. This was the only oasis I knew of, although others probably exist ... I don't know the whole internet yet. But if I'm that unpopular because I don't feel like endlessly stating the same opinion on N300 or the like over and over again, so be it. AC-infinity and beyond.

It sure looks to me that is what you said.

 

[AdvHomeServer]

It sure looks to me that is what you said.

Look, I really don't know what's wrong with you but it's your problem. I'm just going to move on, remove the blogroll link back to here on my web site, and ignore the forum here. This is a place best for old timers who like telling the same stories to each other over and over again. My attempts at original and helpful answers have obviously been unappreciated, as noted by the frequent lack of follow up by anyone. When consulting years ago I often ran into brittle IT types who freaked out when anything new was introduced outside their sphere of comfort. It's an old story. It's no different here. The basic forum is newbees asking about the best router or switch, praising Merlin about his software, asking Merlin why his software has problems, why doesn't 2.4GHz work for router A, and hope that some new item will make someone's life perfect and complete.

 

[L&LD]

I can tell you what is wrong with me. I come here to seek and hopefully provide a little networking knowledge. What I don't come here for is to be preached to about the philosophy of life. Other forums exist if that is what I wanted to learn about.

I honestly do not wish you to leave, but your attitude certainly doesn't match most peoples here.

Your questions are not asked in a void, they are interpreted and modified by what you have said before (at least by me). All I did was ask for clarification and you went way off left field here.

I may still have a problem and I'm sincerely trying with an open mind to see what it is. In your case, it seems you create your own, for the most part. Ridiculing or belittling people or yourself is not productive. Neither is ignoring what others post in response to your replies and go off on a random tangent with regards to the current topic on hand.

I can honestly say I'm sorry I asked for clarification of your motives and intentions in my second post (#11) here.

But that does not excuse your replies which consist of of attack and innuendo.

Look, I really don't know what's wrong with you but it's your problem. I'm just going to move on, remove the blogroll link back to here on my web site, and ignore the forum here. This is a place best for old timers who like telling the same stories to each other over and over again. My attempts at original and helpful answers have obviously been unappreciated, as noted by the frequent lack of follow up by anyone. When consulting years ago I often ran into brittle IT types who freaked out when anything new was introduced outside their sphere of comfort. It's an old story. It's no different here. The basic forum is newbees asking about the best router or switch, praising Merlin about his software, asking Merlin why his software has problems, why doesn't 2.4GHz work for router A, and hope that some new item will make someone's life perfect and complete.

 

[YeOldeStonecat]

I have it bookmarked for later reference. Also thinking about untangle and sophos.

A question about home use for UTM software.

I plan to build my own using a small form dual nic PC. The j1800 appears to be common in newer models. Is it powerful enough for home use - small demand. (A few active devices at any time, 50 to 100 Mbs Comcast, active security processes -, otherwise no point in a UTM, OpenVPN for outside internet access) Any other low end processors capable? want to avoid i3 and up due to cost. I think my a6-1450 laptop would be too low powered.

This would cost under $300 to build, but would a J1800 do the job?

From someone that has played with UTM since the early days, and who installs them at many business clients all the time as part of his daily job....you don't need a lot of horsepower to run UTMs. What counts...is the quality of hardware it is installed on, not so much the power.

Unless you're running a mail server that has tons of SMTP traffic and you're using the mail spam/virus scanning module, and you're using heavy reporting features with directory connector modules....you don't need full blown server CPUs...you don't even need desktop CPUs...you'll do more than fine with a dual core Atom. Dual core Atoms are in most of the setups I do for smaller businesses.....I only go for full sized CPUs in larger SMB clients like those above 50x users.

My best experience with hardware from UTMs are those with standardized business grade Intel chipset based motherboards, and Intel NICs. Broadcoms do OK. I see poor performance on cheaper chipsets, realtek or other cheap NICs. Just yesterday I ordered a dual core Atom based appliance for a client that I'm doing a big server and network upgrade on, they run on dual U-Verse internet connections. I'm using a NexgenAppliances NG-50.

A small desktop CPU would do just fine, my concern would be a small footprint, low power consumption, low noise. No need for a fire breathing dragon for your router hardware.