The NethServer server is a winner even if not perfect

Many ICT administrators and executives looking for compensation for the Microsoft TMG (ISA) server.
In the framework of a professional discussion with my colleagues, we selected three candidates IPFire, IPCop and pfSense. We have recently begun pfSense but it is rather problematic.
Unfortunately, we was did not know NethServer ::frowning:
Now we using for testing NethServer in full operation in a small company (about 50 employees). NethServer works well. If we succeed with developers NethServer eliminate some deficiencies can be labeled a full-fledged compensation Microsoft TMG and thus used.

Before writing deficiencies rather I start writing the obvious advantages NethServer:

  1. This is the finished product. Not filled packages in beta.
  2. This is a complete platform. I do not see any problem of this type of package that is foreign and does not work as in the other solutions.
  3. At the forum NethServeru are responding to the ideas and to for detected errors.

These are three principal reasons why I wanted to use such a product.

Now some deficiencies :

  • NethServer distro is installed with the support of weak ciphers (supports SSLv2 and SSLv3, aNULL a MD5 hash). In my opinion, it should be at least a basic manage in the GUI. And do some post-installation steps automaticaly - generate DH2048 and set up Postfix, httpd, Squid for example to Protocol=!SSLv2 !SSLv3 and Cipher=HIGH !aNULL !MD5 and set to using the generated DH file.
    Then it will NethServer very good.

  • Snort (IPS) should see to encrypted communications. For example, this http://resources.infosecinstitute.com/ssl-decryption
    Then it will be perfect NethServer. :slight_smile:

Perhaps better about these topics on a separate debate.

5 Likes

7 posts were merged into an existing topic: NethServer distro is installed with the support of weak ciphers

Thanks for you feedback, interesting insights and thanks for sharing your small company story :smile:

Interesting, could you provide more details about positive/negative aspects of such change?

We have many discussions about NethServer vs IPCop/pfSense, would you like to chime in?

Just splitted

Excuse me but I did not know how to begin. :slight_smile:

Yes, I appreciate your interest but later because it is not so easy topic. My apologies but other project needs my “hard” work right now.

I’d rather not even with pfSense I have enough experience. But rather a bad experience.
In short my opinion.

IPCop and Copfilter not one product and Cpofilter on the basis of experience me does not seem to be good at all.
IPFire - Developers are probably the cleverest in the world when you do not need to listen.
pfSense - for example, it will be a year that does not work MailFilter with Squid . PfSense alone is a good but without packages are only firewall. And community is too fragmented and packages sometimes do not work alone pfSense let alone that they were used more together.

That is the reason for me to say that you have almost everything what they have not.

Take your time, no problem :smile:

Ehi @delusion how is it going with your NethServer tests? I’m curious about outcomes.