Hi All,

Does any one have a perferred Firewall solution. I have a 128KB connection to the Internet, at the moment i have no real firewall, not sure what would be the best firewall to use. ISA,Proxy or someother third party solution ---- Suggestions

I recommend Zone Alarm available at http://www.zonelabs.com

Originally posted by James Sprott:
. . .Zone Alarm . . .http://www.zonelabs.com

Zone Alarm is good, also you might consider:

Linksys BEFSR11 (http://www.linksys.com/products/product.asp?prid=142&grid=5)

Oh dear God dont get a linksys if you want free get zonealarm or buy the fullblown Pro for 40 bucks X

I have to agree with James Sprott zone alarm is definitely a good little program. Tiny Personal Firewall is another good starter firewall app < www.tinysoftware.com (http://www.tinysoftware.com) > But by far the best firewall app that I have seen for the home would have to be ATguard by wrq (no longer in business unforetunately)I've seen a couple of unlicensed copies around the net, so in theory you could still get a copy.

As far as hardware based firewalls the linksys is good for the price, but its more of a cheap NAT box than firewall.If your are real serious about security you might want to invest in a soho firewall by watchgaurd or sonicwall. I don't know about the watchguard but the sonicwall has lifetime free firmware upgrades. Overall its a pretty good product. I hope this helps.

Hi All,

I forgot to mention that it is for a 100+ person network. Running on an NT Domain.

Sorry should of put this in first. It is not for a personal setup...

Originally posted by CampbellD:
Hi All,

I forgot to mention that it is for a 100+ person network. Running on an NT Domain.

Sorry should of put this in first. It is not for a personal setup...


Yeah, that's a big thing to leave out there. You can check out <a href = "http://www.watchguard.com">Watchguard</a> or <a href = "http://www.pgp.com/products/gauntlet/default.asp">Gauntlet</a>. They both make pretty good firewalls. The Watchguard is a hardware solution, while the Gauntlet is a software firewall. They are not NAT routers like the Linksys. In terms of difficulty, the Watchguard is much easier to setup and maintain than the Guantlet, but the Gauntlet is more powerful with more options and abilities.

Any firewall solutions for NT are pretty expensive, and im a tad put off by the fact that ISA was broken 15 minutes after release.. Without trying to be a party pooper, methinks the best firewalling solution is a nice unix box. We us Debian boxes for all our firewalling duties, in our office, in several dozen wireless installations, and in some cases where there are several hundred users. They are supremely reliable if set up correctly, and remote / easy administration is a bonus.

For a firewall solution i would recommend finding an old computer that no one is using and learn linux and set it up. as that will be far better than any router box or software. At the same time it wont use and cpu time.

Now everybody repeat after me: Microsoft = bloatware. And is kinda expensive. The easy thing, and the cheapest being it's free, is Find an old system, low end pentium or something like that, Install Linux (Prefer Slackware) and use IpChains do do a firewall. Nice and simple. :D

Hiya

I use Atguard which is software based. Don't know if any standalone firewalls are reliable. Gonna start doing some networking soon so might get something soon.

regards

eddie

I find taht Zone Alarm is the most easiest Software firewall to install. There is a version on the web site which is free but you can upgrade for about 30 bucks. However if you are installing this on a server with most software firewalls it blocks all ports till you configure it to allow traffic to pass through if any.

Here are some links that migt help you on your quest:
www.zonelabs.com (http://www.zonelabs.com) www.networkice.com (http://www.networkice.com)

Originally posted by xPoseidonx:
Zone Alarm is good, also you might consider:

Linksys BEFSR11 (http://www.linksys.com/products/product.asp?prid=142&grid=5)


I still say either Linksys or
Watch Guard SOHO (http://bisd.watchguard.com/SOHO).

For a 100 + person network - How many are going to have access to the internet? I would recomend upgrading to at least 256K or even 512K; otherwise you will be facing considerable slow speeds.

Zonealarm is ok, but it is too easy to defeat for a serious network. The linksys and it's ilk aren't really firewalls at all - that is marketing talking. The least expensive solution would be to get a 486 with 2 nics and a floppy and go to www.linuxrouter.org. (http://www.linuxrouter.org.) and go from there. You don't need to "learn" nix or linux or anything, just read the faq's. It is really straightforward if you understand the fundamentals of a firewall.

Since this IS for a corporation look into Raptor by Axent. I think the current version is 6.5.

I'd recommend Checkponit FW-1
http://www.checkpoint.com/products/firewall-1/index.html

I'd go with a Cisco Router... maybe a 7200.. it depends on the infrastructure of your building.. if all the drops are terminated in one room, (homerun) go with a Cat5000 switch or so..

I like a strong hardware firewall umbrella backed up with MS proxy. Cisco allows you to create the routes you need to remote networks.. and has the stability to boot. MS proxy is good for web filtering/monitoring and application port mapping.

I'd go with a Cisco Router... maybe a 7200.. it depends on the infrastructure of your building.. if all the drops are terminated in one room, (homerun) go with a Cat5000 switch or so..

I like a strong hardware firewall umbrella backed up with MS proxy. Cisco allows you to create the routes you need to remote networks.. and has the stability to boot. MS proxy is good for web filtering/monitoring and application port mapping.

If you're looking for a TRUE hardware firewall, try the aforementioned checkpoint link.. or look at Cisco's PIX firewall line.

By the nature of NAT translation, and ability to open and close ports of the router itself.. it can serve as a firewall.

If you want more options such as data encryption and more port security, go with the hardware firewall.

Originally posted by gren:
If you're looking for a TRUE hardware firewall, try the aforementioned checkpoint link.. or look at Cisco's PIX firewall line.

By the nature of NAT translation, and ability to open and close ports of the router itself.. it can serve as a firewall.

If you want more options such as data encryption and more port security, go with the hardware firewall.

Yip. That's the ticket. I've also been playing with 486's and Debian as a firewall box. But if it's for a a major corporation, i too recommend the above noted Cisco PIX line. Just make sure whatever you get is hardware.

Try this new guy <http://www.sygate.com>, they have NATs, Wireless, Enterprise Firewalls.

With a network of that size you should rent a Foxbox if your budget permits.

Mitch :D

for a network of that size you should consider renting a Foxbox,

Mitchgl :D

http://www.sygate.com

Originally posted by Malaysia_Sucks:
Try this new guy <http://www.sygate.com>, they have NATs, Wireless, Enterprise Firewalls.

100+ users - PIX or a linux router/fiewall - as a matter of fact this distro (www.freesco.org) is designed to emulate a Cisco router - may be worth a shot.

Freesco is a small (single floppy) distribution of Linux intended to be a replacement for minor models of Cisco routers. It fits on one floopy disk and is designed for users to be able to use old machines (i386) to set up a router. Supports standard Ethernet cards "out of the box"