personal firewall
Hello, Any recommendation on a good hardware personal firewall? I'm looking for a not too expansive, easy to configure, can support NAT one. Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
Depends on what your definition of "not too expensive" is, and it depends on what your internet connection is. I am assuming you probably have DSL or Cable, which means your Internet is coming in on an Ethernet line. You can probably get a used Cisco 2514 on Ebay and load the Firewall Feature Set on it for around $800. This way you have two ethernet ports, one is the "outside" and one is the "inside", and you can NAT between the two. Or you might even chance upon a PIX 515R for around the same price. If that is too expensive, I think Linksys has a Cable/DSL router that has a built in 4-port switch and a rudimentary Firewall feature set built-in, and also supports NAT for about $180. And finally, if you're looking for the cheapest route possible and you have a spare PC available (even a 486DX), you can just load up Linux or FreeBSD and take advantage of all the free Firewall, NAT, and other networking software they have available on those platforms. Of course this implies having a basic understanding of Unix-like operating systems and how to configure them as Routers/Firewalls. On the flip side, if you have a relatively beefy spare PC, you can put Win2k server on it which has some basic traffic filtering capabilities and NAT built in as well, and the nice GUI administrative utilities that comes with it. Personally, I have 2 2500 routers (2503 and 2513) back to back via serial ports. They were/still are being used for my lab at home, but they are also doing double duty as my NAT/Firewall solution. One router is the outside router and the other router is the inside. I am also running FreeBSD as my mail server, DNS server, web server, ftp server, syslog server, LDAP server and TACACS+ server. Finally, if you're interested, I have a used Compatible Systems MicroRouter 1270i that has 2 ethernet ports and 1 T1 CSU/DSU wan port. It can do NAT and firewall between the two ethernet interfaces. And it can also function as a dial-in RAS server because it has an RS-232 serial port. I sold one on Ebay for $500 a while ago. I can probably do this one for a little less, since they are no longer supported by the manufacturer. Hope this helps... Iohan At 04:25 PM 9/27/2000 -0700, Jim Bond wrote: >Hello, > >Any recommendation on a good hardware personal >firewall? I'm looking for a not too expansive, easy to >configure, can support NAT one. > >Thanks in advance. > > >Jim > >__ >Do You Yahoo!? >Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! >http://photos.yahoo.com/ > >**NOTE: New CCNA/CCDA List has been formed. For more information go to >http://www.groupstudy.com/list/Associates.html >_ >UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html >FAQ, list archives, and subscription info: http://www.groupstudy.com >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
since the request was for a hardware firewall. I was using M$ Proxy and hated it. A few colleagues bought the Linksys EtherFast Cable/DSL Router and gave glowing recommendations. I got one and it is bliss. Web based config, DHCP built in, Port forwarding, DMZ, filtering and more. Supports up to 253 hosts on the inside. Essentially an ethernet to ethernet firewall, the only difference between the two models is that one has one port and the other four ports. The LAN side port(s) are 10/100 switches. the one port product is here: http://www.linksys.com/products/product.asp?prid=142&grid=5 the four port product is here: http://www.linksys.com/products/product.asp?prid=20&grid=5 In Canada, the one port can be had for around $195 or appx $130 US. The four port goes for around $295 or $200 US. If you get one, upgrade the firmware to get support for IPSec passthrough. I just noticed (while getting the url's to paste) that they now have a 8 port model that also supports SNMP and QoS! I've heard that Nortel (here in Silicon North) recommends this device for their teleworkers. (heard only - not positive!) no I don't own stock but check it out! Kevin Wigle - Original Message - From: "Iohan Reyes" <[EMAIL PROTECTED]> To: "Jim Bond" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, 27 September, 2000 21:41 Subject: Re: personal firewall > Depends on what your definition of "not too expensive" is, and it depends > on what your internet connection is. I am assuming you probably have DSL > or Cable, which means your Internet is coming in on an Ethernet line. You > can probably get a used Cisco 2514 on Ebay and load the Firewall Feature > Set on it for around $800. This way you have two ethernet ports, one is > the "outside" and one is the "inside", and you can NAT between the two. Or > you might even chance upon a PIX 515R for around the same price. If that > is too expensive, I think Linksys has a Cable/DSL router that has a built > in 4-port switch and a rudimentary Firewall feature set built-in, and also > supports NAT for about $180. And finally, if you're looking for the > cheapest route possible and you have a spare PC available (even a 486DX), > you can just load up Linux or FreeBSD and take advantage of all the free > Firewall, NAT, and other networking software they have available on those > platforms. Of course this implies having a basic understanding of > Unix-like operating systems and how to configure them as > Routers/Firewalls. On the flip side, if you have a relatively beefy spare > PC, you can put Win2k server on it which has some basic traffic filtering > capabilities and NAT built in as well, and the nice GUI administrative > utilities that comes with it. > > Personally, I have 2 2500 routers (2503 and 2513) back to back via serial > ports. They were/still are being used for my lab at home, but they are > also doing double duty as my NAT/Firewall solution. One router is the > outside router and the other router is the inside. I am also running > FreeBSD as my mail server, DNS server, web server, ftp server, syslog > server, LDAP server and TACACS+ server. > > Finally, if you're interested, I have a used Compatible Systems MicroRouter > 1270i that has 2 ethernet ports and 1 T1 CSU/DSU wan port. It can do NAT > and firewall between the two ethernet interfaces. And it can also function > as a dial-in RAS server because it has an RS-232 serial port. I sold one > on Ebay for $500 a while ago. I can probably do this one for a little > less, since they are no longer supported by the manufacturer. > > Hope this helps... > > Iohan > > > At 04:25 PM 9/27/2000 -0700, Jim Bond wrote: > >Hello, > > > >Any recommendation on a good hardware personal > >firewall? I'm looking for a not too expansive, easy to > >configure, can support NAT one. > > > >Thanks in advance. > > > > > >Jim **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
In picking out a hardware firewall, make sure it supports DHCP on the external side. Most cable and DSL providers use DHCP. You could hardcode the DHCP-given address on a firewall, but when the lease is up, your firewall won't respond to the re-lease requests. Your current address will be given out to someone else, causing a conflict and really annoying your ISP. Best bet is to get a static address from the ISP. Also, Cisco has a new PIX - the 506 which is targeted for SOHO. Chuck Church CCNP, CCDP, MCNE, MCSE Sr. Network Engineer Magnacom Technologies 140 N. Rt. 303 Valley Cottage, NY 10989 845-267-4000 x218 > >Any recommendation on a good hardware personal > >firewall? I'm looking for a not too expansive, easy to > >configure, can support NAT one. > > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
Just for info, the Linksys does accept DHCP on the WAN port as well as letting you hard code an address. Kevin Wigle - Original Message - From: "Chuck Church" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 28, 2000 9:12 AM Subject: Re: personal firewall > In picking out a hardware firewall, make sure it supports DHCP on the > external side. Most cable and DSL providers use DHCP. You could hardcode > the DHCP-given address on a firewall, but when the lease is up, your > firewall won't respond to the re-lease requests. Your current address will > be given out to someone else, causing a conflict and really annoying your > ISP. Best bet is to get a static address from the ISP. Also, Cisco has a > new PIX - the 506 which is targeted for SOHO. > > Chuck Church > CCNP, CCDP, MCNE, MCSE > Sr. Network Engineer > Magnacom Technologies > 140 N. Rt. 303 > Valley Cottage, NY 10989 > 845-267-4000 x218 > > > >Any recommendation on a good hardware personal > > >firewall? I'm looking for a not too expansive, easy to > > >configure, can support NAT one. > > > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
LinkSys has some good basic products that are priced around $110 and $170. Like I said, these are basic and dont provide features like stateful packet inspection, filters based on TCP/UDP, etc. I also believe they have a limit of something like 10 ports active per connection unless you do a passthrough, but that sort of defeats the purpose of the firewall. Watchguard also makes a product that I think is better, but it costs about $370. It provides both NAT and PAT, and you can filter based on source/destination addresses and port numbers. The first year of "managed security" is also provided... although giving up control has overtones of Big Brother but hey... its a service for people that dont know firewalls. They also offer web filtering with the product with like 14 different categories... good if you have kids that use the net. Ed **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
Has anyone done VPN through these devices with/without problems? If so, what were the issues? I'm looking at picking up either a LinkSys or some other flavor but have little information on how good VPN access works from people that have them. Currently am using a PC with 2 NICs on a older motherboard and WinRoutePro which sort of works. Looking for hardware solution. Thanks... __ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/ **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
I haven't done this personally but the Linksys is also being evaluated by a Canadian Government department where I'm currently working. In the beginning, they didn't have much success even with passthrough IPSec and PPTP. They were experiencing severe fragmentation and a few other things. They put a sniffer on the line and found out they were using a MTU of only 1400. This, because of some previous problem with a different remote access system they were testing. After upping the MTU to 1500 it works just fine. Don't have the exact details. Kevin Wigle - Original Message - From: "Erick B." <[EMAIL PROTECTED]> To: "Kevin Wigle" <[EMAIL PROTECTED]>; "Iohan Reyes" <[EMAIL PROTECTED]>; "Jim Bond" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, 28 September, 2000 17:55 Subject: Re: personal firewall > > Has anyone done VPN through these devices with/without > problems? If so, what were the issues? I'm looking at > picking up either a LinkSys or some other flavor but > have little information on how good VPN access works > from people that have them. > > Currently am using a PC with 2 NICs on a older > motherboard and WinRoutePro which sort of works. > Looking for hardware solution. > > Thanks... > > __ > Do You Yahoo!? > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > http://photos.yahoo.com/ > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: personal firewall
Netscreen 5's are realatively inexpensive and support fully functional NAT about the size of a mini hub. Bob Watson CCNA Jim Bond wrote: > Hello, > > Any recommendation on a good hardware personal > firewall? I'm looking for a not too expansive, easy to > configure, can support NAT one. > > Thanks in advance. > > Jim > > __ > Do You Yahoo!? > Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! > http://photos.yahoo.com/ > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
personal firewall verification
Hello, My company is going to deploy VPN. Their concern is that hackers can get into users PC and then from there get into coporate network. They want to make sure all VPN users connect to coporate network use personal firewall (sonicwall or linksys). My question is: how can I verify that users use or not use firewall? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: personal firewall verification
If you use a Checkpoint firewall, you can install the Checkpoint VPN client and block Internet access to the VPN client whilst it has a connection to the internal network. THis is called Desktop Policy and is configurable from the firewall. Regards, Justin Menga MCSE+I CCNP CCSE ASE WAN Specialist Computerland New Zealand PO Box 3631, Auckland DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599 mailto: [EMAIL PROTECTED] -Original Message- From: Jim Bond [mailto:[EMAIL PROTECTED]] Sent: Friday, 20 October 2000 12:22 p.m. To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: personal firewall verification Hello, My company is going to deploy VPN. Their concern is that hackers can get into users PC and then from there get into coporate network. They want to make sure all VPN users connect to coporate network use personal firewall (sonicwall or linksys). My question is: how can I verify that users use or not use firewall? Thanks in advance. Jim __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ ___ To unsubscribe from the CCIELAB list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe ccielab _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]