Firewall recommendation

Printable View

July 23rd, 2004, 08:33 PM
lucktsm

Firewall recommendation

Hi all,

Does anyone have a recommendation for a $500 - $700 firewall appliance?

I am looking for a perimeter firewall for my 5 ip addresses. I want to use it to filter all my ip's for common exploits and ip ranges that I would like to block.

I have a netscreen 5gt, but I use it for a single ip address and I would like to keep it that way.

Thanks for any feedback and if my message is a little non-descriptive, let me know and I can add some detail.
July 23rd, 2004, 08:36 PM
Spyder32

Thread concerning Hardware/Software Firewall's by Relyt <-- Go there and enjoy! :)
July 23rd, 2004, 10:47 PM
DeadAddict

I would give this document a look it has a list firewalls
http://www.securityfocus.com/infocus/1750
July 23rd, 2004, 11:00 PM
Highlander

I do not know what you are doing with what I think is 5 routable IP addresses
but personally I use an old fasion NAT router and use non routable IP
addresses.... better security... I have several companies do it that way...
The biggest problem is the dammed viruses and spyware being sent
around via e-mail or http....
Linksys has been making a very good Nat Router for years....
July 24th, 2004, 12:05 AM
thread_killer

Heh...Firewalls.

A large portion of my job is managing our PIXes. I, however, run a regular old linux box with two NIC's and IPTABLES on my home network. Truth be told, I think my firewall would stand up to an attack as least as well if not better than my PIXes any day. I've tried to demonstrate to my boss the concept.....but they're Cisco bigots. /shrug. If they want to pay for it.....I'll manage it.

My home firewall is an old P II 266 with 128mb of RAM running a very customized version of Slackware 8.0. It works wonderfully.

There is an excellent book on using IPTABLES out there....for the life of me, I can't remember the author right now. If you are comfortable enough with protocols to be looking to seriously manage a firewall though, it's pretty easy to pick up.
July 24th, 2004, 01:50 AM
Relyt

thread_killer

That sounds similar to my home net. I have an old 500 box with Smoothwall in it and I have a lot of confidence in it as well. Smoothwall is a stripped down RH with snort and easily config'd. IPTables!

cheers
July 26th, 2004, 05:17 AM
lucktsm

Thanks for all the feedback.

I do use iptables on my linux box and I love it. I think it's pretty secure, but I am not always so confident in my work. I have a great book for iptables, it's a Linux security book, the tittle escapes me as well.

I am really leaning toward a linux box maybe with openBSD and using iptables to filter out the ranges I don't want.

Does anyone have any experiences with SOHO? I also looked at them...

The NAT idea works as well, I will use that for my LAN, but I have some ip's that I lease to folks.
July 26th, 2004, 07:24 AM
Spyrus

threadkiller if you do happen to rememer the name of the book I would really enjoy knowing what it is... I would like to invest some time into learning iptables. Thanks Spy
July 26th, 2004, 08:34 AM
tiDaLfAze23

Spyrus, hope that these links are of use.

http://www.yolinux.com/TUTORIALS/Lin...rkGateway.html
http://www.netfilter.org/
http://iptables-tutorial.frozentux.n...-tutorial.html http://www.tutorgig.com/t/Iptables http://www.aplawrence.com/Linux/iptables.html
July 26th, 2004, 05:46 PM
LeeBkr311

Personally I use OpenBSD 2.9 and IPF on an older machine... (I think it's a p3)... We've never had someone manage to break in. And it's fast enough that you'd never know it was handling the traffic for a dozen or so PC's.

We also use similar setups at work only better hardware...

-_LeeBkr311_-