Hardware Firewalls
Hardware Firewalls
Hi guys,
I have been looking into hardware firewalls for my company, and wanted your opinions. I do not really want to get a Firewall router, but rather supply my own Machine, and install a Firewall OS on it.
I have been using IPCop until now, and lets just face it guys, the Cop is getting old. Until they bring out a new version im looking at something newer, and that does not require me to install all these fiddly add-ons. The function this firewall should be, like the IPCop provided, is to act as the Internet router with Proxy and URL Filtering. Preferably i want Load Balancing too.
I have found the following Firewalls worth looking into
Endian Firewall Community and,
Astaro Esential (however, the free version has so many features disabled)
What other Firewall OS's do you guys know and recommend.
If push comes to shove i may buy something, but i want to see what other solutions are available first.
Rgds,
Cupis
I have been looking into hardware firewalls for my company, and wanted your opinions. I do not really want to get a Firewall router, but rather supply my own Machine, and install a Firewall OS on it.
I have been using IPCop until now, and lets just face it guys, the Cop is getting old. Until they bring out a new version im looking at something newer, and that does not require me to install all these fiddly add-ons. The function this firewall should be, like the IPCop provided, is to act as the Internet router with Proxy and URL Filtering. Preferably i want Load Balancing too.
I have found the following Firewalls worth looking into
Endian Firewall Community and,
Astaro Esential (however, the free version has so many features disabled)
What other Firewall OS's do you guys know and recommend.
If push comes to shove i may buy something, but i want to see what other solutions are available first.
Rgds,
Cupis
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Hardware Firewalls
arrived expecting discussion about cisco routers...
left disappointed...
these aren't h/ware firewalls you're discussing... they're s/ware solutions.... that's false advertising
<edit> i retract the disappointment and leave mollified... i see endian has finally gotten their UTM off the ground... nice...
left disappointed...
these aren't h/ware firewalls you're discussing... they're s/ware solutions.... that's false advertising
<edit> i retract the disappointment and leave mollified... i see endian has finally gotten their UTM off the ground... nice...
Last edited by rustypup on 20 May 2010, 14:46, edited 1 time in total.
Most people would sooner die than think; in fact, they do so - Bertrand Russel
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Re: Hardware Firewalls
We use CheckPoint here and I hate it, so maybe don't go that route...
Re: Hardware Firewalls
Ok fair enough not true hardware firewalls
but still none of this personal stuff. Proper Network Firewall solution
but still none of this personal stuff. Proper Network Firewall solution
-
- Registered User
- Posts: 3515
- Joined: 28 Feb 2004, 02:00
- Processor: Xeon E5620
- Motherboard: Asus P6T6 Workstation
- Graphics card: MSI GTX770
- Memory: 24GB Hynix
- Location: ::1
Re: Hardware Firewalls
My feeling on the matter is a lot like Rusty's. If you want a firewall bigger than for a home office, get a Cisco. A 2801 will do almost all you need, the only thing it lacks in caching. But for that you can either get a dedicated Squid box, or a Cisco cache engine. Btw some of the older IOS versions lacks the URL filters and layer 7 filters, that why I suggest a 2801. They go for around R10K, and like I always tell people, a business have no reason not to use proper equipment, if I can pay for it and use it at home.
- hamin_aus
- Forum Moderator
- Posts: 18363
- Joined: 28 Aug 2003, 02:00
- Processor: Intel i7 3770K
- Motherboard: GA-Z77X-UP4 TH
- Graphics card: Galax GTX1080
- Memory: 32GB G.Skill Ripjaws
- Location: Where beer does flow and men chunder
- Contact:
Re: Hardware Firewalls
You have a R10K firewall at home?
- Prime
- Registered User
- Posts: 27729
- Joined: 01 Mar 2004, 02:00
- Location: Getting into trouble
- Contact:
Re: Hardware Firewalls
Nuke, where do you live?
j/k
j/k
-
- Registered User
- Posts: 3515
- Joined: 28 Feb 2004, 02:00
- Processor: Xeon E5620
- Motherboard: Asus P6T6 Workstation
- Graphics card: MSI GTX770
- Memory: 24GB Hynix
- Location: ::1
Re: Hardware Firewalls
@Prime - In Ford Knox, you want to visit?
Its part of my Cisco Lab, I still need some DSPs to make it run one of my voice cards though.
Its part of my Cisco Lab, I still need some DSPs to make it run one of my voice cards though.
Re: Hardware Firewalls
Hey Guys,
I may be considering, for rusty, true hardware Firewalls. I am busy reading up on the Cisco router now. The only concern for me is that i will be the one installing and implementing any of the firewalls. I have heard that you need a Cisco technician to do that.
I have had no experience with Cisco Routers (well other than those Linksys routers, which i am sure we should not consider?). I actually would love to work through and learn a piece of equipment like that.
So any other thoughts or suggestions for Cisco products, or working with them? Or even other Firewall/Routers?
Shot,
Cupis
I may be considering, for rusty, true hardware Firewalls. I am busy reading up on the Cisco router now. The only concern for me is that i will be the one installing and implementing any of the firewalls. I have heard that you need a Cisco technician to do that.
I have had no experience with Cisco Routers (well other than those Linksys routers, which i am sure we should not consider?). I actually would love to work through and learn a piece of equipment like that.
So any other thoughts or suggestions for Cisco products, or working with them? Or even other Firewall/Routers?
Shot,
Cupis
Re: Hardware Firewalls
Have any of your guys dealt with Mikrotik or Astaro Firewalls?
They also offer a software (OS) solution to their products too.
They also offer a software (OS) solution to their products too.
-
- Registered User
- Posts: 3515
- Joined: 28 Feb 2004, 02:00
- Processor: Xeon E5620
- Motherboard: Asus P6T6 Workstation
- Graphics card: MSI GTX770
- Memory: 24GB Hynix
- Location: ::1
Re: Hardware Firewalls
You don't really need a Cisco technician, there is alot help available online. I can answer most questions if you have any trouble, I started with the CCNP coursework, but I'm not ready for the exams yet(its about 2x more work than CCNA).
I know Mikrotik pretty well, while it is cheaper, it not the same quality. It also have a lot of strange glitches when you have a complicated config(random hangs, lost routes, ethernet that stops responding to name a few). Had to remotely reboot one this morning that stopped passing traffic on its Ethernet.
I know Mikrotik pretty well, while it is cheaper, it not the same quality. It also have a lot of strange glitches when you have a complicated config(random hangs, lost routes, ethernet that stops responding to name a few). Had to remotely reboot one this morning that stopped passing traffic on its Ethernet.
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Hardware Firewalls
second time i've heard this now...Nuke wrote:ethernet that stops responding
Most people would sooner die than think; in fact, they do so - Bertrand Russel
-
- Registered User
- Posts: 3515
- Joined: 28 Feb 2004, 02:00
- Processor: Xeon E5620
- Motherboard: Asus P6T6 Workstation
- Graphics card: MSI GTX770
- Memory: 24GB Hynix
- Location: ::1
Re: Hardware Firewalls
Ah, where did you hear it before?rustypup wrote:second time I've heard this now...Nuke wrote:ethernet that stops responding
I guess the problem is that they use the cheapest ethernet controller they can find(Realtek), an Intel based chip would go a long way.
- rustypup
- Registered User
- Posts: 8872
- Joined: 13 Dec 2004, 02:00
- Location: nullus pixius demonica
- Contact:
Re: Hardware Firewalls
had a lecturer attempt to show us something last week and his internal network was ignoring him... when he got in, the MT switch was showing full green, (no blinking). had to reset to bring it up... i wrote it off as random chance... perhaps not...
Most people would sooner die than think; in fact, they do so - Bertrand Russel
-
- Registered User
- Posts: 3515
- Joined: 28 Feb 2004, 02:00
- Processor: Xeon E5620
- Motherboard: Asus P6T6 Workstation
- Graphics card: MSI GTX770
- Memory: 24GB Hynix
- Location: ::1
Re: Hardware Firewalls
No it is definitely not random chance, it a common sickness. There is some that never have any problems, others you have to swap out because it gets so bad.
-
- Registered User
- Posts: 2663
- Joined: 29 Jul 2004, 02:00
- Location: hidden deep in the depths of the underworld is my home.
- Contact:
Re: Hardware Firewalls
We got this really cool device at work. it is so scary. its a firewall antivirus anti spam etc. it even has HDD that makes a cache server and tracks what everyone is doing on the network. its even remembers your google searches. forgot the name. will have to post on monday.
-
- Forum Moderator
- Posts: 10000
- Joined: 05 Feb 2004, 02:00
- Processor: Intel i5-4690K @ 4.5GHZ
- Motherboard: ASUS Maximus VII Formula
- Graphics card: ASUS GTX970 Strix
- Memory: 4 x 4GB Corsair Dominators
- Location: Messing with your Mind
- Contact:
Re: Hardware Firewalls
making a hardware firewall is easy.
1. get enough timber to make a wall
2. build a wall with the timber
3. drill holes through the wall and run the cables through the holds.
4. pour petrol over the wall
If your network is ever breached, light the wall. It will stop the network breach
1. get enough timber to make a wall
2. build a wall with the timber
3. drill holes through the wall and run the cables through the holds.
4. pour petrol over the wall
If your network is ever breached, light the wall. It will stop the network breach
Last edited by Monty on 23 May 2010, 10:25, edited 1 time in total.
Art Williams wrote:I'm not telling you it is going to be easy, I'm telling you it's going to be worth it.
-
- Registered User
- Posts: 2663
- Joined: 29 Jul 2004, 02:00
- Location: hidden deep in the depths of the underworld is my home.
- Contact:
Re: Hardware Firewalls
yes but that would be a very expensive solution. as your network would probably get attacked every few minutes. (without a real firewall)
Re: Hardware Firewalls
Lol, i think just pulling your wan link is easier than setting the place on fire but good solution to a "firewall".
my research continues this morning interested to see deathstrikes Gizmo
my research continues this morning interested to see deathstrikes Gizmo
-
- Registered User
- Posts: 2663
- Joined: 29 Jul 2004, 02:00
- Location: hidden deep in the depths of the underworld is my home.
- Contact:
Re: Hardware Firewalls
Cyberoam 35ia is the products name. can't google it for you. (it will record. probably recording this now )
Have fun
EDIT: added model number.
Have fun
EDIT: added model number.
Re: Hardware Firewalls
Hi Guys,
Well after some research I have the following thoughts.
I was very impressed by the idea of a UTM solution. I like the fact that they basically did everything, from firewall to complete web management (Proxy etc). After requesting some quotes here and there i received some horrendous quotes. Starting at 20 - 30 k, and ending at 50 -70 k. I seriously backtracked from that Idea fast.
I am now looking into Load Balancing routers, mostly Draytek routers at the moment. The idea being; DSL lines lead into a single point, then have a proxy controlling Web Access. So now, i ask you guys, what other routers have you worked with that is similar to the fore mentioned type? I am looking for 2-4k solutions.
Secondly, what Proxy Servers do you recommend. My knowledge of Proxy is Squid, and that is limited at best.
Regards,
Cupis
Well after some research I have the following thoughts.
I was very impressed by the idea of a UTM solution. I like the fact that they basically did everything, from firewall to complete web management (Proxy etc). After requesting some quotes here and there i received some horrendous quotes. Starting at 20 - 30 k, and ending at 50 -70 k. I seriously backtracked from that Idea fast.
I am now looking into Load Balancing routers, mostly Draytek routers at the moment. The idea being; DSL lines lead into a single point, then have a proxy controlling Web Access. So now, i ask you guys, what other routers have you worked with that is similar to the fore mentioned type? I am looking for 2-4k solutions.
Secondly, what Proxy Servers do you recommend. My knowledge of Proxy is Squid, and that is limited at best.
Regards,
Cupis
-
- Registered User
- Posts: 2663
- Joined: 29 Jul 2004, 02:00
- Location: hidden deep in the depths of the underworld is my home.
- Contact:
Re: Hardware Firewalls
well we used to use a D-Link brand Load balance router. but it failed because if the one account got capped then the whole network slowed to a crawl instead of falling back onto the other account only(which is uncapped.) So we went for the Cyberoam. and so far so good. I am not aware how much it costs. you say starting at R 20 - 30 k?? that is a huge amount. haha. glad i am not paying for it.
Re: Hardware Firewalls
Yes i was shocked. I was happily going along thinking, maybe it will cost 8 -11 k did not think has detailed as Cisco, boy i was wrong
-
- Registered User
- Posts: 3515
- Joined: 28 Feb 2004, 02:00
- Processor: Xeon E5620
- Motherboard: Asus P6T6 Workstation
- Graphics card: MSI GTX770
- Memory: 24GB Hynix
- Location: ::1
Re: Hardware Firewalls
Squid as proxy works very well, if you are willing to take some time setting it up. Properly set up I normally save around 20% of traffic, going as high as 35% some days.
If you want a cheap solution buy yourself a Mikrotik 450G, with its indoor case and a 24v 38W PSU. It must be the High power PSU though, you want all the stability you can have(and it has a kettle cord, most importantly, not a 2 pin adapter). You can get it at Miro, Poynting or Scoop.
If you want a cheap solution buy yourself a Mikrotik 450G, with its indoor case and a 24v 38W PSU. It must be the High power PSU though, you want all the stability you can have(and it has a kettle cord, most importantly, not a 2 pin adapter). You can get it at Miro, Poynting or Scoop.