Need Help for Linux Firewall
I have existing Sonicwall Router (Firewall) in my network which has already connected to my ISP Connection. We are using Sonicwall as a router+firewall+vpn connections. (Sonicwall has already configured existing firewall rules like VPN Tunnel, SSH Connection with Client, Redirecting Port, POP3 and SMTP, IKE and IPSec).
Now we want to add another Linux Firewall for the security reasons (such as blocking chat rooms, briefcases, chat file transfering, email attachment and other security reasons - we need to this selectively for any IP based in the my lan pool. We have signed very strict terms for IP protection for the our new project.
As Sonicwall does not have many security features to blocking such kind of tools, that is why we are planning to setup another Linux Based Firewall but we still want to Sonicwall for vpn accessing.
The Sonicwall VPN Tunnel has already configured and we are connect to our VPN Client on regular basis.
My Brief Diagram is :-
ISP Connection ----SONICWALL----LINUX FIREWALL-----INTERNAL LAN
1) How do I accomplish this setup.
2) How will functional sonicwall existing vpn and others rules if Linux seats between?
3) What about VPN Traffic if Linux server stand between Sonciwall and LAN?
4) If I could use Squid Proxy to blocking above tools then how will vpn traffic moving between sonicwall to my lan over proxy or using linux gateway.
5) I have 90 users in my lan and out of them only 4 users have rights to access vpn. If I could allow this 4 users to access internet using directly Linux gateway. (Iím not planning to block above tools to this 4 users because they need direct connection).
6) If I would go for Squid Proxy then what configured required for outlook mails to download using squid proxy. (Becauze as per my experience for downloading and sendming mail using outlook needs direct gateway connection it will not run on squid proxy).
7) Which Linux Firewall is suitable to blocking above tools. (Iptables, IPCop, Shorewall etc.)
We do not have planning to get new ISP Connection. (We have only single ISP Connection which has already connected to Sonciwall)
Sonicwall has two IP's one is Public Static IP and one is Our Private LAN IP. Private LAN IP where are used as a getway to our user to browsing and vpn connection.
I would like to thoroughly our relationship with you. This Group have been extremely helpful to me.
Thanking you in advanced.