NetCitadel's Unique Dual Licensing Model For Managing Firewall Rules

Open Source or not is determined by which OS version you use

One of the areas I follow in security is the firewall management space. In fact recently I have done some consulting for a company called Firemon in that space. As part of the research I came across a company called NetCitadel.  NetCitadel is the company behind the open source Firewall Builder project.  FirewallBuilder has been around since 2000. The original founder of the project, Vadim Kurland is the co-founder of NetCitadel. Mike Horn is the other co-founder and CEO of NetCitadel.

I had a chance to speak to Mike and he gave me a great demo and overview of the product and the roadmap.  FirewallBuilder is great to manage a variety of Cisco Firewalls, IP Tables, BSD PF and some other open source firewalls. Unlike some of the commercial products in this space, FirewallBuilder does not manage Checkpoint or Juniper firewalls.  However, Horn says it is the open source firewalls that are so widely deployed that need the most help with rule management.  

FirewallBuilder runs on a variety of different operating systems. Linux, Mac and Windows versions are available. Therein lays the unique twist on the dual licensing model. Where some commercial open source companies enable or disable certain features to distinguish between the open source and commercial versions, NetCitadel does not. Other commercial open source models will limit the amount of devices that can be managed or threads opened or some other such capacity limiting formula. NetCitadel does not.  For NetCitadel the difference between the open source version and the commercial version is simple. If you run the product on Linux, you get to use the free open source model. If you run it on Windows or Mac you have to use the commercial version.

That is the first time I have run into this model. I would think if you make a product that is made to manage multiple firewalls, the Linux version would be the one used in the data center. Giving that out as open seems to be somewhat counter-intuitive.  But with 10 years of history behind them, this is how NetCitadel has developed a thriving community, so who are we to argue with success.

For those of you not familiar with firewall rules, they can be a bear. If you only have one firewall and keep things simple, you might be able to muddle your way through. But as you add more firewalls, more egress and access points to the network, things get exponentially more complex. Once you get over a dozen or so firewalls you really need some sort of tool to manage them and their firewall rules. As people come and go in an organization, over time you may not even know why a particular firewall rule is even there.

In security especially there always seem to be some excellent open source choices in just about niche of the security market. NetCitadel's Firewall Builder is a good one in the firewall rule management space.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT