At the time that we are using Windows Server, Kerio Winroute Firewall strikes the best.
- Powerful Firewall.
- Load Balancing and Fail over Features.
- Bandwidth Limiter, limit to each host.
The question is, Are there any Linux Equivalent of Kerio WinRoute Firewall?
Thanks.
We used ClarkConnect for many years as our gateway before finally just moving to a hardware solution. But I think it will suite most of your needs.
ClarkConnect supports multiple WAN links with failover, but not in the community edition. We used the paid versions though and the feature worked pretty good.
Other distro's you may want to look at is IPCop, Endian, PFsense which someone already mentioned but it's based on Monowall which is BSD based but I've heard good things about it as well. I'm not sure if these support auto failover though.
I came across this Linux distro called Untangle.
I've never used it. So I'm not sure if it has per-host bandwidth control.
Failover is a paid option. If you don't want to pay, maybe it's possible one can hack failover on top of it.
If you end up using it, don't forget to write a review for us.
Edit: ClarkConnect is another interesting firewall/gateway distro.
As already mentioned, each and every Linux or *BSD distro has a built-in firewall. However, there are number of distributions that have enhanced firewall and routing capabilities, as well as a GUI to simplify administration.
1) If you a looking mostly for firewall and routing features I guess pfSense is a number one choice. You may also take a look at linux based IPCop, both being open source and free . Another one, boasting to be a Cisco router replacement is Vyatta, paid subscription as well as community edition are available.
2) In case you need more advanced solution, more like a UTM device, you can have a look at Untangle (mostly free, but some features are paid) or Astaro, which is a paid solution, but reportedly is able to block encrypted tunnels that users employ to bypass firewalls. Untangle can work both in router or bridge mode. The latter does not require you to change your current network configuration. While being quite resource intensive it has a really admin friendly GUI.
Just to clarify : Linux kernel includes the firewall functionality. Any Linux distro can be a powerful firewall. The basic tool for controlling it is
iptables
from the command line. However there are various GUI to manage it, too, like Firestarter, or integrated to Web UIs like webmin or open ebox.