Firewall recommendation

Mikey

Mikey

Mikey

Soldato
Joined
28 Dec 2002
Posts
6,709
Location
South Coast
Looking at getting a small Netscreen / Fortigate firewall for home, any particular recommendations?

Already work with Netscreen, Sidewinder and cisco ASAs at work, but they are enterprise level.

Tempted with a Netscreen 100 or a Fortigate 60.

On a Sky broadband connection with the sky standard router and I want the 2nd hardware layer etc.
 
fluff said:
pfSense on an ALIX? :p
Click to expand...

+1

It's what I use at home, it has all of the enterprise level features without the enterprise price :) Cost ~£100 in total (including shipping from Switzerland) for the board, enclosure, wireless card, pigtail cable, antenna & CF card.
 
Kona* said:
+1

It's what I use at home, it has all of the enterprise level features without the enterprise price :) Cost ~£100 in total (including shipping from Switzerland) for the board, enclosure, wireless card, pigtail cable, antenna & CF card.
Click to expand...

Those things look good but!

It says on their site
Because of the high complexity, bureaucracy and cost of registration, PC Engines cannot accept orders from EU end users until further notice. Please order from EU based distributors.
Click to expand...
And I presume you had to pay VAT/import duty? How much was delivery?
 
JIM_BOB7813 said:
Those things look good but!

It says on their site

And I presume you had to pay VAT/import duty? How much was delivery?
Click to expand...

Ohh I didn't notice that! We order them through work for our own products so I simply tagged an extra kit on to one of our orders.

They have distributors in the UK but I can't mention them as they sell the same stuff as OcUK, you will find what you want by Googling "ALIX Rackmount Chassis" though :)

The prices are ever so slightly higher to cover delivery and for the convenience of ordering from the UK but it's still cheaper than buying a enterprise-class firewall!
 
what spec do those appliances have ?

Antec ISK 300-65 Mini ITX Case Black 65W PSU
Intel S775 Intel NM10 Atom mITX DDR2

These two you can get for about £120 and all you need to buy is another low profile network card and 2gb ddr2 ram (£35), find a cheap hd from some where and then put pfsense on it.
 
What's people's thoughts on Zyxel firewalls?

Still haven't done anything about this, not after a adsl firewall
 
Smoothwall... just to annoy people, but pfsense also gets a good nod.

Any of:

smoothwall
ipcop
monowall
pfsense
untangle

depending on througput old hardware is the way forward. 2GHZ and 1GB ram will be overkill unless you run lots of applications on them.
 
Mikey said:
Ah yes forgot about those, installed a few many years back when I was working for a reseller.
Click to expand...

I've never had direct hands on with one apart form a bit of playing, but the guys that manage our network here use them for our guest access networks and also on a couple of projects for other businesses we've worked on.

Seem reliable enough and seem to do the job nicely.

They've also tried the Cyberoam products as well which I remember them saying were a decent enough cheaper alternative, but you lose out on a few things. I forget what though!
 
stop being paranoid jsut use a standard NAT router...

a virus will get on your PC from an exploit when you browse a web site or an email attachment / friends external drive or you will be tricked into installing it your firewall will not help it will jsut use power and complicate your life...

even if you manage to stop the virus calling home (which is not likley as it will only connect out on http) its still on your PC and still needs removing

if you want toys bell and stuff maybe consider getting one of the routers that can be upgraded to one of the open source firewall thingies tomatoe?

http://en.wikipedia.org/wiki/Tomato_(firmware)
 
edscdk said:
stop being paranoid jsut use a standard NAT router...

a virus will get on your PC from an exploit when you browse a web site or an email attachment / friends external drive or you will be tricked into installing it your firewall will not help it will jsut use power and complicate your life...

even if you manage to stop the virus calling home (which is not likley as it will only connect out on http) its still on your PC and still needs removing

if you want toys bell and stuff maybe consider getting one of the routers that can be upgraded to one of the open source firewall thingies tomatoe?

http://en.wikipedia.org/wiki/Tomato_(firmware)
Click to expand...

This is the whole point of using a decent firewall, they offer inline transparent virus scanning of web content. Sure, it doesn't protect you against a friends USB drive. Not to mention snort with gaurdian active response for IPS.

Firewalls are only good for saying what type of traffic is allowed, not what is within the traffic.
 
ecksmen said:
This is the whole point of using a decent firewall, they offer inline transparent virus scanning of web content. Sure, it doesn't protect you against a friends USB drive. Not to mention snort with gaurdian active response for IPS.

Firewalls are only good for saying what type of traffic is allowed, not what is within the traffic.
Click to expand...

Correct as I was about to say this too.. Virus Scanning, content inspection, HTTPS inspection, IPS, IDS and so on.

Essentially I also wanting to have my other net devices in the DMZ
Sky +
Vodafone Sure Signal
Sony Blu Ray

As they're not PC related and I have no reason to trust them

Fortinet
Watchguard
Juniper Netscreen
Sidewinder - prob not due to ££
Cisco ASA if I can find one cheap enough

These are just a few I've thought about

Final other reason is to allow my brother to SSL VPN from Dubai

Further research this weekend, but it's got to be pretty quiet too...
 
As said see what kind of price the Cyberoam stuff comes out at, they are pretty new I think and similar (a bit cheaper) to Fortigate devices.

I know a good reseller too :)
 
You must log in or register to reply here.
Back
Top Bottom