Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Introduction

Astaro Security Linux is an Enterprise firewall based on Linux. In particular, it includes:

  • A Firewall with stateful packet inspection and application proxies
  • A Virtual Private Network (VPN) gateway
  • Anti-Virus
  • Intrusion Protection
  • Spam Filtering
  • Surf Protection (Content Filtering) and Spyware Protection

A 30-day trial version as well as a home use license are free (without anti-virus, spam filtering and surf protection). For documentation and a discussion forum go to http://www.astaro.org.

Astaro Security Linux is a very powerful network security solution with a highly functional Web based user interface. With the introductuon of Release 6, Astaro Security Linux now also supports a SIP proxy.

Download

Astaro Security Linux (release 6.001) can be found on freshmeat, from where you can download an ISO image.

You can also obtain a copy from the Astaro Web site. Registration is required to get a free home use license or the 30 day evaluation license. The ISO image includes a 7 day trial license with limited functionality. Unfortunately, the free home use license only supports 10 users. With a few IP phones and some other devices that go out to the Internet for firmware update queries, this is easily not enough.

SIP Proxy Use Cases

SIP Phone behind the firewall connects to a public VoIP Provider

This basic use case is the first supported by Astaro Security Linux release 6.001. I was able to test this with a Grandstream Budgetone phone that connects to Free World Dialup (FWD). Outbound proxy and STUN support were both disabled and the only parameter specified in the phone is the FWD SIP proxy. This worked great.

Vonage TA behind the firewall that connects to the Vonage service

Could not get this service to work through the SIP proxy yet. If you know how, please post it here. (It works by opening a range of ports).

sipXecs behind firewall on the internal network - IP phone on the Internet wants to register

Could not yet test this use case. If you have done so, please post it here.