Re: Firewall recommendation

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi, Leythos!

Because email is unable to imply tone of voice, I will specifically state
mine ahead of time. My tone is a friendly one is agreement with, not in
contradiction to, your post. I am NOT doubting you; I am in agreement.

Did I misunderstand your post to which I replied? I could swear that you
were talking about the freeGuard 100 and its capabilities in a favorable
light, and I thought you were saying it **IS** in the class of "real"
firewalls. If so, then my response was in **agreement** with yours and just
added some more information regarding the freeGuard 100 vs. SonicWALL (since
that is what the OP mentioned), such as speed tests, and clearing up the
function of the modem port (management, not failover, if I recall correctly.
WAN2 is failover for sure, and I believe can be used for the DMZ while WAN1
is for the LAN, or something like that.). If that is NOT what you meant,
then **you have my apology** for mis-reading your post.

My comment regarding the flame-retardant suit was in response to the reaming
I felt you **might** get from a certain person who played mind-tag with me
in this thread for way too long. He initially posted a response to "Colin"
and its intent was BOTH to "correct" (his word) Colin's comment regarding
sub-$200 routers and to provide information for others to see that
consumer-grade routers could be an alternative possibility (in his opinion).

I disagreed with him and the assumptions he made, which is what started the
huge urinary-tract testing project (pi..ing contest).

I am aware that you did not suggest the SonicWALL. The OP had mentioned that
he was "looking at" the SonicWALL, so I offered an opinion on the freeGuard
100 in my first response to him on 8/27/07. In my reply to you, I was just
restating that information in addition to what you had mentioned regarding
the freeGuard 100 (which is basically a Fortigate 100, BTW).

I am in agreement with your assessment of the consumer routers, which I
tried to make clear in my post when I said, "Just to be clear, your opinion
and mine are the same, but I know someone who has different one!" That was
the person to whom I referred when I mentioned the flame-retardant suit.

You said, "That's what I mean about getting a firewall, not some
overglorified NAT router. A firewall will have real specs that shows what
the capacity is." I totally agree! Just because a sub-$200 unit has SPI on
its inbound port does not make it a firewall in my eyes, although for some
it can work "just fine" (in another's opinion).

I'll take a look at the Firebox 6tc you mentioned. I presume that they have
UTM capabilities.

See you around!



--
Gregg Hill

DISCLAIMER WARNING: the information contained in any reply I make is merely
an OPINION, one that I hope you will consider when you make a choice as to
what you will do on your systems or network.

**No recommendation is to be implied by my OPINION.**

There, that should cover it!






"Leythos" <void@xxxxxxxxxxx> wrote in message
news:MPG.21446a74a8647bbe9898b8@xxxxxxxxxxxxxxxxxxxx
In article <ORblOYQ7HHA.5316@xxxxxxxxxxxxxxxxxxxx>, bogus@xxxxxxxxxxx
says...
Leythos,

I certainly hope that you have a flame-retardant suit in your closet!

But the facts and truth don't require a flame retardant suit - it hold
its own against anything.

BTW Leythos, I **believe** the serial port is a second management port,
not
a WAN fail-over. The freeGuard 100 comes with unlimited users, content
filtering categories similar to the SonicWALL TZ180 with Premium content
filtering (which if I recall, requires the enhanced OS...big bucks), the
renewal MSRP is $199/year compared to $999 for JUST the SW premium
content
filter (to which you have to add the UTM subscription), it is as granular
(or nearly so) as the SonicWALL with the enhanced OS, and it is FAR
faster.
Overall, moderately priced and far more capable than any consumer-grade
firewall, even though "real firewall" is a subjective term, as some
people
have different definitions of what makes a "real" firewall. Just to be
clear, your opinion and mine are the same, but I know someone who has
different one!

I was not the one that suggested the Sonic - I don't like them and never
have. But the FG100 is not in the $200 price range, at least not in the
USA, unless you are talking about an Used unit. Check CDW.com for
pricing.

On my 10MB x 1MB Time Warner cable modem, the TZ170 maxed out at 2.5Mbps
downloads and the TZ180 maxed out at 4.8Mbps downloads. My freeGuard100
has
almost no performance hit even with all the UTM services running, testing
at
9.4Mbps down and 930Kbps up, which is VERY close to what it is with no
firewall in the way.

And my $400 Firebox 6tc unit, that I've had for almost 6 years, does a
NAT translation for 50 users and can maintain full speed on my 6mbps
inbound connection while also doing 2mbps outbound, and it still doesn't
appear maxed out.

That's what I mean about getting a firewall, not some overglorified NAT
router. A firewall will have real specs that shows what the capacity is.

That is why I offered my opinion to the OP...so he could make a more
educated decision. $466 at amazon.com for the device, about $125 for a
UTM
subscription elsewhere. More than $200, but way less than the SonicWALL
he
was "looking at."

The FG vendor is an unknown in my book, I would trust Sonic before I
would trust them - same for Zywall - I would never install a Zywall for
customers either.

I use WatchGuard because they work, work long time, last long time, live
forever, don't slow down, and I like them enough to have several in my
own home, not to mention 90% of our customer.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@xxxxxxxxxx (remove 999 for proper email address)


.

Relevant Pages

  • Re: LAN + firewall problem
    ... I do agree with Neo as to his opinion on routers. ... ICS is a problem for some but it sounds like you have it working without the ... firewall and it does have its benefits. ...
    (comp.security.firewalls)
  • Re: are these true hardware firewalls
    ... >Unless they specify, I'd say that most routers do not come with a firewall. ... i'd really rather not spend 400+ on say a sonicwall or ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Hacker pierces hardware firewalls with web page.
    ... I've seen several other posts where people make use of browser exploits to trick the browser into submitting a form to the router/firewall, and if the router has the default password, the attacker can then configure the firewall any way they want. ... With FTP the client connect to the server, then at the start of a file transfer the client tells the server what port to connect to on the client. ... virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. ...
    (Firewall-Wizards)
  • Re: SonicWall firewall question
    ... >> 6300 concurrent connections is a significant chunk of traffic.. ... >> especially for someone considering hosting "a few internet servers... ... you miss my original point in that a firewall is not the only ... >I was talking about the original SonicWall Pro now called the SonicWall Pro ...
    (comp.security.firewalls)
  • Re: Misconceptions
    ... I admit Firewalls and Routers aren't the exact same thing (of ... Personal Firewall, I wonder if that program is any good? ... > handled by anti-virus programs, which should be on ... > A NIDS is just that. ...
    (comp.security.firewalls)