Open source cloud managed layer 7 firewall.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Open source cloud managed layer 7 firewall.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#210531 31-Mar-2017 19:18

Hi Networky people,

Thought it might be worth putting this out there on GeekZone. We've developed the above solution and are now taking it to the world. If you're interested to have a play you can download the image and run in a VM or on your own hardware. Its used in over 200 schools now and 30 countries and does cool stuff like application aware QOS. Its free to use and delivers enterprise grade features.

Check out this link for more info: http://www.linewize.com/cloud-firewall

Cheers Scott.

1 | 2

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1751392 31-Mar-2017 23:22

Interesting setup.

What kernel platform is used for layer7?

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#1751521 1-Apr-2017 09:39

Hi. We used to use Debian but have now created our own distribution so we can facilitate remote image updates. In regards to Layer 7 we have built our own connection tracker and create signatures for application traffic. We've had this running at 70Mbps on a raspberry Pi and we do 1Gbps throughout on a $500 commodity router.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1752639 1-Apr-2017 13:47

ScottNoakes: Hi. We used to use Debian but have now created our own distribution so we can facilitate remote image updates. In regards to Layer 7 we have built our own connection tracker and create signatures for application traffic. We've had this running at 70Mbps on a raspberry Pi and we do 1Gbps throughout on a $500 commodity router.

Glad to see testing being put down to a raspberry pi even, that certainly puts this into context!

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#1752743 1-Apr-2017 16:25

Hi Hio77, thanks for your comment. :) Linewize is used by the largest schools in NZ such as Mt Albert Grammar and Burnside High School. Burnside shift 1TB of traffic through our device every day. A detroit school district shifts 5TB of traffic through our firewall every day. Amongst other international customers we also run the network for a university of 5000 students in Botswana, so the product is well proven. The Pi example is just to show that it can scale from the smallest device to the largest VM.

Aaron2222

218 posts

Master Geek
+1 received by user: 108

#1752867 1-Apr-2017 19:47

Slightly confused as to whether the web filtering is free or not. Pricing page says content filtering under edgewise and talks about only reporting under surfwize, but web filtering is under surfwize in the configuration.

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1752870 1-Apr-2017 20:05

What platforms and hardware support is available? You talk about open source - where's the source? And is there a cheap content filtering subscription available for home use?

AliExpress

Shop now on AliExpress (affiliate link).

Aaron2222

218 posts

Master Geek
+1 received by user: 108

#1752874 1-Apr-2017 20:25

deadlyllama:
What platforms and hardware support is available? You talk about open source - where's the source? And is there a cheap content filtering subscription available for home use?

I found this. Sphirewall is the base on which Linewize is built upon from what I can tell. Seems up to date, lots of recent edits.

deadlyllama

1283 posts

Uber Geek
+1 received by user: 476

Trusted

#1753000 2-Apr-2017 07:34

I asked for the ISO last night ... no reply yet :-( Linewize need to work on their instant gratification.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#1753012 2-Apr-2017 08:22

Hi DeadlyLlama,

Apologies for the delay, you should have a response now, I'll automate that response on monday. Linewize is developed from Sphirewall as mentioned. FOr hardware I'd recommend a PCEngines APU-1D for a residential situation. Otherwise Quanmax NWA-6500 for higher throughput environments. Filtering for casual use is free, we source and collate lists and signatures for this and update every 24 hrs.

Cheers Scott.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#1753013 2-Apr-2017 08:23

deadlyllama:
What platforms and hardware support is available? You talk about open source - where's the source? And is there a cheap content filtering subscription available for home use?

I think the open source part is the most worrying. Is it just a standard IPTables based Linux firewall or is there some other magic sauce involved. Plus I assume squid for transparent proxy.

What about alerting and monitoring of the solution such as if someone is doing something bad internally or if you're getting DDoSed.

Firewalls are expensive and difficult. But that's what the internet is.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#1753368 2-Apr-2017 20:08

Hi DeadlyLama, you can find the source code repositories here: https://bitbucket.org/account/user/sphirewalllabs/projects/SPHIR

The firewall has been built from scratch and is not IPTables based, the application, device, user aware filtering engine is our secret sauce. It now represents over 10 years of development by our team, is used in over 30 countries, across all our networks transfers on average 25TB of data per day. So the technology is mature and proven. Over 20 NZ MSPs resell the solution.

We do not portray ourselves as a Proxy Server or UTM (altho we do offer Snort integration). Our focus is on unified access management, providing complete visibility and control over network and content access. We provide searchable analytics over every current network connection, packet trace etc. In 85% of our schools we're installed as a Lyr2 bridge, but for the other 15% we run as the full firewall, including stateful LTP2/IPsec VPN support.

We understand firewalls are expensive and difficult, and that is exactly the problem we're solving. :)

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

Lias

5655 posts

Uber Geek
+1 received by user: 3978

ID Verified

Trusted

Lifetime subscriber

#1753415 2-Apr-2017 23:02

Make the ISO downloadable without registration. There is a special place in hell for the developers of websites that don't even give you the download link when you put in a fake email address for the compulsory registration form.

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup. Opinions are my own and not the views of my employer.

Aaron2222

218 posts

Master Geek
+1 received by user: 108

#1753447 3-Apr-2017 08:01

Lias:
Make the ISO downloadable without registration. There is a special place in hell for the developers of websites that don't even give you the download link when you put in a fake email address for the compulsory registration form.

There is a download link, but like the source code it's hidden away a bit. Go to the Linewize site, scroll down to the bottom, click documentation, then Installing Linewize from ISO in the side bar, then click the download link near the top of the page.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#1753604 3-Apr-2017 10:53

Lias:

Make the ISO downloadable without registration. There is a special place in hell for the developers of websites that don't even give you the download link when you put in a fake email address for the compulsory registration form.

Hi Lias, have fixed the form so that you can put a fake email in and download the ISO. :) I have called ahead to hell and they are making the arrangements. The ISO download link is mentioned in the technical docs too.

ScottNoakes

20 posts

Geek
+1 received by user: 10

Linewize

#1753606 3-Apr-2017 10:55

We have just created a link that will always point to the latest ISO. You can download it here:

https://s3-ap-southeast-2.amazonaws.com/sphireos-updates/iso/stable/sphireos-installer.latest.iso

1 | 2