I want to implement a new firewall, detection system on my network composed of some 200 computers as follows: The fire wall would be a linux box with router, L7 iptable and also snort as IDPS system. These are my questions:
1. Is there any security consideration regarding putting all of these packages on the same server , that is to say that should I inevitably put IDPS and FW on two different linux boxes or they can all be put together on one linux box.
2. Is there any package that contains L7 iptables with snort or any other equally strong IDPS using GUI environment for manipulation and configurations?
3. Is there any other package at all that might have the same functionality; i.e., L7 filter and an IDPS with graphic user interface?
Also I have a question on snort : Is it possible to have control on the size of uploaded files and not only tcp packets from my internal network to internet by L7 filter or Snort or any other software? If this can be done , then I will be able to prevent leakage of data from my internal network by malwares to malicious servers.