Introduction

IPCop is a firewall for the Small Office/Home Office (SOHO) network, which is extremely easy to use and is released under the GNU General Public License (GPL). It provides most of the basic features that you would expect a modern firewall to have, and what is most important is that it sets this all up for you in a highly automated and simplified way. It’s very easy to get an IPCop installation up and running and takes very little time. For features like those in IPCop, you would usually have to pay for a high-end firewall system or string something together using a collection of other tools. IPCop takes some of those powerful Linux tools and creates a pre-built package for you. IPCop was created to fill a void in the market, where users with small networks need some features that only large networks can afford, as far as expertise or money is concerned.

If your network is relatively small and has a single Internet connection or you have a couple of sites with separate internet connections that require linking together in a medium-sized business then you can certainly benefit from using IPCop. Since IPCop itself is free your only expense for the firewall is the cost of the hardware (which can be a low-end older computer left over from a previous upgrade) and the time spent administering the machine (which is relatively low due to the easy-to-use interface). For smaller networks this is a very attractive system.

Systems such as ISA server and Checkpoint are extremely expensive and require a great deal of background knowledge to configure and secure properly. Compare this to IPCop, which functions as a well-secured router and firewall almost immediately on installation. Larger enterprise systems also have much higher hardware requirements and are overkill for smaller networks. The expense and time it takes to set these expensive systems up is unlikely to provide a good return on investment for networks outside the larger enterprise. IPCop also benefits from simplicity that is not available when using a general purpose OS such as Windows or even a Linux distribution because of all the unnecessary services they usually install by default. IPCop has a single specific role, so many of the standard services and applications are not installed leaving you with a simplified, specialized firewall installation.

When evaluating IPCop for use in your environment, you should look at the various functionality it provides and determine if it will be the most effective solution for your network. Generally for a small to medium sized network IPCop is extremely effective and can simplify network administration greatly. However, for very large networks with a variety of segments all interconnecting with varying mechanisms you may find IPCop inadequate. It’s important to figure out how exactly your network will fit together and then choose IPCop, if it fits your needs. For the SOHO network this may be a very simple topology and may require very little planning. In a larger network IPCop can be used for specific roles within the infrastructure, for example as a gateway for key remote networks like branch offices.