Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Firewall Recommendations - Number Two!

  1. #1
    Senior Member
    Join Date
    Dec 2003
    Pacific Northwest

    Lightbulb Firewall Recommendations - Number Two!

    Firewall Recommendations - Number Two!

    Reference: Firewalls: Hardware and Software.

    “…I think I’ll get a 5th of Jack Daniels and go sit in a corner somewhere.”
    Well I should have done that a couple of times to correct my warped obsession with numbers!

    Originally I posted “Firewalls: Hardware and Software.” so our Members and Guests could see what recommendations we make when someone asks the question “Which firewall is the best?” or something similar. I didn’t really intend to make it a living document until yesterday when I encountered the Thread: “Any Recommendation for a Free Good Firewall?” As I thought about it for a while, since people will continue to ask, and we are making recommendations, maybe the name of this Thread should reflect that as well. Additionally, if the inquiring mind did enter “Firewall Recommendations” into our Search, they would encounter a Thread on the first couple of pages that provided a unified response. Thus the name change in the title. And with your approval, I’ll keep tabs on our recommendations and every so often post an update. This update covers the period from 17 Jul 2002 thru 18 Jun 2004 and the information was taken from the “Firewall & Honeypot Discussions Forum”.

    In the first Thread, I indicated some trends in popularity in the Windows Compatibles. As you will see in this update, there has been a significant shift in our recommendations during the later part of the period.

    So directly from the AO Members:

    Software Firewall Recommendations - Windows Compatibles:

    Sygate – 60 times *Popularity dramatically increased.
    Zone Alarm – 48 times *Popularity declining, switching to Outpost and/or Sygate.
    Outpost – 42 times *Really favored 2002-2003.
    Kerio - 26 times *More popular 2003-2004 and popularity increasing.
    Tiny – 26 times *Really popular 2002.
    Norton – 10 times
    BlackIce - 9 times
    Checkpoint – 8 times
    McAfee - 5 times
    VisNetic – 4 times
    Bordermanager – 2 times
    ICF (XP) – 2 times
    Look’n’Stop – 2 times
    Symantic – 2 times
    BitGuard – 1 time
    Gnatbox – 1 time
    Kaspersky – 1 time
    OmniQuad –1 time

    Sygate from 36 to 60 recommendations
    ZA from 44 to 48
    Outpost from 40 to 42
    Kerio – 22 to 26
    Tiny – 25 to 26
    Norton – 8 to 10
    Checkpoint – 7 to 8
    All others: No Change.


    IPTables - dominated (had to put it by itself) {duh}

    Smoothwall – 12 times
    Coyote – 4 times
    OBSD (default Install) - 4 times
    Astaro – 3 times
    IPCop - 3 times
    Securepoint – 2 times
    Devil Linux – 1 time
    Mandrake – 1 time
    Sentry – 1 time

    Pix: dominated (had to put it by itself)

    Linksys router (nat) – 6 times
    Sonicwall – 4 times
    Dlink – 2 times
    Netgear (nat) – 2 times
    Watchguard – 2 times
    Fortigate – 1 time
    Netscreen – 1 time
    Raptor – 1 time
    Sidewinder – 1 time

    *** Minimal changes to all *nix and hardware firewalls because of lack of inquires.

    Possible new breed of Firewall around the corner: a memory barrier firewall – Posted by foxyloxley.

    Zone Alarm is now a Check Point Company. It will be interesting to see what changes transpire.

    For those that may not know: The original team that developed Tiny left the company and started the Kerio Firewall. It was based on the Tiny’s engine but with many improvements. That may help explain the popularity of Tiny in 2002 and then the Kerio popularity in 2003-2004.

    Summary: For Windows Compatible Software Firewalls – Sygate, ZA, Outpost, Kerio, and Tiny were the most recommended. Sygate did a slam-dunk and took the lead from ZA. However, ZA is under new ownership. For Hardware Firewalls – PIX most recommended. For *nix Software Firewalls – IP Tables was most recommended.

    Connection refused, try again later.

  2. #2
    Senior Member
    Join Date
    Oct 2002
    Good information and comparison's Relyt. These seem to be about accurate (IMO) in term's of popularity and what I prefer. For window's, Sygate/Outpost and for *nix IP Tables (and of course my trusty linksys router). I had a question though, and this is based on your personal opinion's and dealing's but how is the SonicWall and how does it work? Is the performance optimal? Easy to configure? Opinion's and detail's please...
    Space For Rent.. =]

  3. #3
    It would be a lot of work, but it'd be nice to see what reasons are most commonly posted for/against certain firewalls. I'm curious as to why ZA use to be so popular but has fallen so. I'm gonna have to download Sygate soon and play with it a bit, maybe I'll be won over yet. We'll see.

    This is an excellent things you're running with Rely, keep it up!

  4. #4
    Zone Alarm – 48 times *Popularity declining, switching to Outpost and/or Sygate.
    With as many holes and exploits as blackice, it's about time people moved away from it. To me, it seemed like the Brittney spears of the firewalls... just a temporary fad because someone thought it was cool.

    Cast my vote in for Linux: iptables+tcpwrappers (two layers of security, yay!) and Windows: Kerio personal firewall

  5. #5
    So how about Kerio vs. Sygate? I don't think anyone's compared those two to each other yet (it's usually ZA vs. everyone else). Does either one have an edge over the other? From what I've read in AO threads, these two seem to be at the top of the list, and of course Rely shows that here.

  6. #6
    To me, sysgate has a ton of features I feel a firewall should not have, while kerio sticks to doing what it is supposed to do and doing it well.

    For example, last time I checked, sysgate could filter the web for ads, popups, banners and the like. I do not want a firewall that filters my HTML (making page loading slower) and rewrites the code to possibly break the site. If I don't want ads, I'll use the appropriate browser. It's the whole "right tool for the right" job kind of thing. Some people want everything possible in one single package, while I view that as not only bloated but dangerous.

    Kerio works as a firewall, allows indepth filtering (deep..deep.. configurations) as well as a built in intrusion detection system. I don't need it to filter things on the web for me, because it is not it's job. I want the processor and footprint of my firewall to only have to worry about stateful ip filtering instead of spreading out it's processing, requiring more juice from my computer, and opening up new security holes. ZA and old sygate had this problem. The way they parsed the html to remove the banners could be exploited by adding special chars to commented code in the HTML page.

    I don't need to add features to a firewall that turns it into something beyond a firewall, while opening up security holes.

    So, to summarize: Some people like an all in one web package, in which it blocks ads, popups, active X, and preforms the functions of a firewall. Some people prefer just a firewall.

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Pacific Northwest
    Thanks all for your comments. I was hoping it would also turn into a great discussion as it has!

    At home I have an old 500mhz box setup with Smoothwall that I use as a pseudo router/firewall. Actually it works pretty good it stays pretty busy and it’s a stripped down version of RH that comes with snort. I have several operating systems on two hard drives that I boot from based on the hormones rumbling around at the time. SuSE 9 & Win98 and XP & Slack on the other drive. So IP Tables and Sygate is currently being used, but Pooh's a pretty good salesman as well. So I'm downloading Kerio to add to the quiver and remove any that don't stand up. (And I do enjoy attacking ZA on my laptop! )

    Spyder32: knowledge of Sonicwall – exercises NAT, VPN’s, Tunneling etc. An Accounting Dept doesn’t need to know what Engineering is doing, more or less what the IT staff might be up to. That privacy is provided by different encryption for different services as well as for multiple TCP/IP applications. Setup can be complex but not too difficult. (That was my wife whispering over my shoulder… . She's the wizard, I have never used Sonicwall.)

    Connection refused, try again later.

  8. #8
    Senior Member
    Join Date
    Dec 2003
    Pacific Northwest
    pooh sun tzu

    last time I checked, sysgate could filter the web for ads, popups, banners and the like. I do not want a firewall that filters my HTML (making page loading slower)
    Is it safe to assume that this happens in almost all default installs of ZA & Sygate? I ask because I have experience much slower page loading with those two than others.

    Connection refused, try again later.

  9. #9
    Is it safe to assume that this happens in almost all default installs of ZA & Sygate?
    I have not used either for some time now, but I do recall ZA setting it up by default on installation. However, I do not remember for sygate. You could just give a quick check I suppose?

  10. #10
    Senior Member
    Join Date
    Mar 2003
    I'd have to go with a combination Pix and OpenBSD+pf combination myself with a Soho and Solaris+SunScreen solution coming in a close second.

    -- spurious
    Get OpenSolaris http://www.opensolaris.org/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts