Many ICT administrators and executives looking for compensation for the Microsoft TMG (ISA) server.
In the framework of a professional discussion with my colleagues, we selected three candidates IPFire, IPCop and pfSense. We have recently begun pfSense but it is rather problematic.
Unfortunately, we was did not know NethServer :
Now we using for testing NethServer in full operation in a small company (about 50 employees). NethServer works well. If we succeed with developers NethServer eliminate some deficiencies can be labeled a full-fledged compensation Microsoft TMG and thus used.
Before writing deficiencies rather I start writing the obvious advantages NethServer:
- This is the finished product. Not filled packages in beta.
- This is a complete platform. I do not see any problem of this type of package that is foreign and does not work as in the other solutions.
- At the forum NethServeru are responding to the ideas and to for detected errors.
These are three principal reasons why I wanted to use such a product.
Now some deficiencies :
NethServer distro is installed with the support of weak ciphers (supports SSLv2 and SSLv3, aNULL a MD5 hash). In my opinion, it should be at least a basic manage in the GUI. And do some post-installation steps automaticaly - generate DH2048 and set up Postfix, httpd, Squid for example to Protocol=!SSLv2 !SSLv3 and Cipher=HIGH !aNULL !MD5 and set to using the generated DH file.
Then it will NethServer very good.
Snort (IPS) should see to encrypted communications. For example, this http://resources.infosecinstitute.com/ssl-decryption
Then it will be perfect NethServer.
Perhaps better about these topics on a separate debate.