ICSA Labs Certified Router/Firewall

[bluestrobe]

Originally posted by: Boscoh
The Linksys RT/RV042 is the only one out of any firewalls you've posted that I'd even consider purchasing. The netgear comes close to getting a consideration, but all the other brands/models are not reliable and/or not easy to use.

You have tried all of the models we have listed?

 

[Atheus]

Originally posted by: FreshPrince
seriously...that new dlink securespot product looks really kick ass for consumer level type product....

I mean how many out there can say they have intrusion prevention engines, stop viruses, spam, spyware...etc.

I don't know about any of you, but I'm getting one as soon as it becomes available.

it'll just run inline, behind my main fw.

Looks like a load of crap to me - "D-Link SecureSpot? is an all-in-one, plug and play desktop Internet Security Device (ISD) for network security firewall, intrusion detection, pop-up killer, spyware killer, content filtering, and anti-virus software."

Impressive! But dig a little deeper and you'll find the "pop-up killer, spyware killer, content filtering, and anti-virus software" are actually implemented in a piece of client software you have to install on all your PCs. If you have more than 4 PCs you need to buy extra licences for this product, and there's an annual subscription of $79, plus more for your extra licences...

And are they trying to tell me that tiny little box has a real intrusion detection system in it? What kind of intrusion detection? How configurable is it? Do the rules get updated with the antivirus?... There seems to be no information on these things.

 

[Boscoh]

Originally posted by: bluestrobe


You have tried all of the models we have listed?

I've used many different 3com, Netgear, and USRobo (the USRobo of today is NOT the USRobo of old) products. Of those three, Netgear is the most reliable and easy to use - and it's hit or miss with them. Even within a certain model, there are way more "bad batches" than with other brands I've used. ZyWall makes a very reliable product, but they have one of the worst configuration interfaces I've ever used.

As for the other brands, I have a few colleagues that have (collectively) used all the other brands mentioned, and have not had favorable things to say about them. I trust their opinions enough to pass them on. Whether anyone chooses to take that advice is completely their option.

Linksys has really cleaned up their act recently. I used to not like Linksys at all (I think I've slammed them a few times a long while back). Their newer products are starting to show the build quality and features that I'd expect from them after being acquired by Cisco.

 

[DasFox]

I've been looking at this SonicWall TZ150, since it is more of a firewall, but looks like it has router capabilites.

http://www.sonicwall.com/products/tz150.html

I thought I might need a router, but I can live without it, seems most of them out there are hard to find without VPN and tons of options I'll never use and some firewalls I have seen, look better for my needs.

Any thoughts on this SonicWall or something similar, better, anyone would recommend?

THANKS

 

[FreshPrince]

Originally posted by: Atheus

Originally posted by: FreshPrince
seriously...that new dlink securespot product looks really kick ass for consumer level type product....

I mean how many out there can say they have intrusion prevention engines, stop viruses, spam, spyware...etc.

I don't know about any of you, but I'm getting one as soon as it becomes available.

it'll just run inline, behind my main fw.

Looks like a load of crap to me - "D-Link SecureSpot? is an all-in-one, plug and play desktop Internet Security Device (ISD) for network security firewall, intrusion detection, pop-up killer, spyware killer, content filtering, and anti-virus software."

Impressive! But dig a little deeper and you'll find the "pop-up killer, spyware killer, content filtering, and anti-virus software" are actually implemented in a piece of client software you have to install on all your PCs. If you have more than 4 PCs you need to buy extra licences for this product, and there's an annual subscription of $79, plus more for your extra licences...

And are they trying to tell me that tiny little box has a real intrusion detection system in it? What kind of intrusion detection? How configurable is it? Do the rules get updated with the antivirus?... There seems to be no information on these things.

It's a $99 device....sometimes, we have to remember that home products are different from enterprise products. it will probably have a simple rule base blocking the most common threats. If you want more from the IPS you can always setup a white box with snort

 

[Boscoh]

Originally posted by: DasFox
I've been looking at this SonicWall TZ150, since it is more of a firewall, but looks like it has router capabilites.

http://www.sonicwall.com/products/tz150.html

I thought I might need a router, but I can live without it, seems most of them out there are hard to find without VPN and tons of options I'll never use and some firewalls I have seen, look better for my needs.

Any thoughts on this SonicWall or something similar, better, anyone would recommend?

THANKS

Sonicwalls tend to have buggy software, and are notorious for horrible tech support.

 

[DasFox]

Originally posted by: Boscoh

Originally posted by: DasFox
I've been looking at this SonicWall TZ150, since it is more of a firewall, but looks like it has router capabilites.

http://www.sonicwall.com/products/tz150.html

I thought I might need a router, but I can live without it, seems most of them out there are hard to find without VPN and tons of options I'll never use and some firewalls I have seen, look better for my needs.

Any thoughts on this SonicWall or something similar, better, anyone would recommend?

THANKS

Sonicwalls tend to have buggy software, and are notorious for horrible tech support.

Hmm well any other seconds on that? If so, then who makes a better firewall and has good support?

THANKS

 

[InlineFive]

Originally posted by: Boscoh

Originally posted by: DasFox
I've been looking at this SonicWall TZ150, since it is more of a firewall, but looks like it has router capabilites.

http://www.sonicwall.com/products/tz150.html

I thought I might need a router, but I can live without it, seems most of them out there are hard to find without VPN and tons of options I'll never use and some firewalls I have seen, look better for my needs.

Any thoughts on this SonicWall or something similar, better, anyone would recommend?

THANKS

Sonicwalls tend to have buggy software, and are notorious for horrible tech support.

This is true, unfortunately. Why don't you find yourself an older Cisco on eBay? You seem to have a decent amount of money to burn and it would be somewhat educational.

 

[FreshPrince]

Originally posted by: DasFox

Originally posted by: Boscoh

Originally posted by: DasFox
I've been looking at this SonicWall TZ150, since it is more of a firewall, but looks like it has router capabilites.

http://www.sonicwall.com/products/tz150.html

I thought I might need a router, but I can live without it, seems most of them out there are hard to find without VPN and tons of options I'll never use and some firewalls I have seen, look better for my needs.

Any thoughts on this SonicWall or something similar, better, anyone would recommend?

THANKS

Sonicwalls tend to have buggy software, and are notorious for horrible tech support.

Hmm well any other seconds on that? If so, then who makes a better firewall and has good support?

THANKS

If you don't care about price...and it would seem you don't...get one of these. checkpoint is the best money can buy

I would go for the wired version myself...just based on price....

 

[DasFox]

Hmm Safe@Office, these look nice, I forgot about the checkpoint stuff, anyone else have anything good to say about these?

Ahh didn't notice the antivirus, personally I don't need this on a router/firewall. Looks like needing to pay yearly upadtes on it, just more I don't really need since I have AV apps on the box already.

With that in mind I'm sorta of leaning towards the Linksys RV042

THANKS

 

[blemoine]

Yes I have the experience and have used ipchains/iptables in Slackware in the past. But I don't have another spare box to do this on, so therefore the need to just buy a router/firewall is all I'm seeking at the moment

maybe you should be asking "where can i get a spare box for cheap?"

 

[n0cmonkey]

Checkpoint belongs on Nokia. :evil:

$100 will get you a pretty nice used OpenBSD compliant firewall machine. Can't get any better than OpenBSD/PF. :moon:

 

[Goosemaster]

I'm sorry, but for the amount of moeny you will be spending on proprietary checkpoint or far less capable solutions, you could easily spend the $49 for the Astaro home user license and build a machine for it....

all for a lot less.

As far a value goes, astaro wipes the floor ...with EVERYTHING. Nothing can compete at that price.

It does QoS/traffic shaping, IPS, IDS, logs the hell out of everything, support routing protocols iirc, atcs as practically a layer 5-7 firewall so it can detect and remove or flag spam and virus-infected files,and a host of other stuff.

 

[FreshPrince]

Originally posted by: DasFox
Hmm Safe@Office, these look nice, I forgot about the checkpoint stuff, anyone else have anything good to say about these?

Ahh didn't notice the antivirus, personally I don't need this on a router/firewall. Looks like needing to pay yearly upadtes on it, just more I don't really need since I have AV apps on the box already.

With that in mind I'm sorta of leaning towards the Linksys RV042

THANKS

you don't need to pay the annual if you don't want...the hardware is still a damn good router/fw/ips

if you want updated security, then yes, pay the annual. but honestly, it's not that much to get IPS definition updates. If you don't need the av, just turn it off, you don't need to use it. But why slow down your comp with virus scanning when you can have hardware scan it for you before it even has a chance to get to the pc?

anyways....you sound like you don't know what you want so just get a cheap $50 linksys, it'll definitely do what you want to do.

I just think installing another PC to do the same job is silly now a days, when you can easily spend $50 and get the same thing that you want.

If you want higher end stuff, go with the checkpoint, it's good stuff.

But seriously....just make a decision, it's all good no matter what you implement. Let's be real here...Nobody is going to hack you...when was the last time you heard an uber hacker hacked some poor guy on broadband? never, because they usually go after bigger fish

 

[blemoine]

why slow down your comp with virus scanning when you can have hardware scan it for you before it even has a chance to get to the pc?

because viruses come in through infected floppys flash drives and burned cds.

 

[DasFox]

Goosemaster I can buy a firewall for $225-$300, I'd love to see a quality box one can build for a lot less then this price, plus not take up as much electricity, personally I don't know what you are talking about.

Because Astaro is $49, so what box is someone going to build for $200, not to mention time to build, afterall "TIME IS MONEY", then I said it before I live in Hawaii, the cost of electricity is very high and there is no PC box someone can build that will use less electricity then a hardware firewall. Not to mention the fact that there is nothing here to buy, I'd have to order it, the only way to get something cheaper is to buy some low-end Dell and I'm not going to buy some crap PC from any Dell, Gateway, anything.....

No I'm sorry but I don't see it working a lot cheaper.

FreshPrince this has nothing to do with me not knowing what I want, I know exactly what I want, I'm just asking questions to see how products rate with people and their personal experience, let's face it I haven't used every piece of hardware out there and there is a lot to choose from.

I did just buy a Linksys and D-Link the other day and both of them where bad and I returned them, so no more cheapie crap routers for me, I need a quality firewall is all.

Also I called Linksys and D-Links Tech support, MAN talk about CRAP support, so I know one thing I don't want to buy anything from either of these two again.

ALOHA

 

[Tazanator]

Originally posted by: DasFox
Now I take it we are talking about Imagestream, as in this URL? ---> http://www.imagestream.com/index_1024.html

Well what about this company, Case Communications ---> http://www.casecomms.com

They have a router called the Envoy with the name Imagestream on the outside of it, LOL, boy am I lost here, LOL.

http://www.casecomms.com/products/routers/industrial/envoy.htm

ALOHA

Yes .. Case Communications is the Europe Distributor for Imagestream Equipment. So if you live in Europe buy from Case ...

 

[FreshPrince]

Originally posted by: blemoine

why slow down your comp with virus scanning when you can have hardware scan it for you before it even has a chance to get to the pc?

because viruses come in through infected floppys flash drives and burned cds.

he's asking for hardware solution, which is what everyone is trying to help him with. if he wants software solution, he should just go with ZoneAlarm Internet Security Suite 6, it's the best I've seen out there and it does not take a huge hit on the PC like norton does...

wait...zoneAlarm is another checkpoint product? :Q

 

[DasFox]

Yes a hardware solution and I know I'll find something, before I die, LOL.

Oh please NO Zonealarm, LOL

 

[DasFox]

For the heck of it, since it's been ages I gave ZoneAlarm Internet Security Suite a spin, I'll say it took a very big hit on my system, not in terms of seeing it sucking up my memory, resources, but something about it made my system run slow and sluggish it was very noticeable.

Change of info here, for some reason the Security Suite runs sluggish, but not just running the firewall, anyhow I've never been a fan of ZoneAlarm.

Oh I take it back friggin ZoneAlarm Pro causes the system to run sluggish too.

ALOHA

 

[InlineFour]

i have a fr114p for sale in my sig if you're interested.

 

[DasFox]

Originally posted by: InlineFour
i have a fr114p for sale in my sig if you're interested.

Thanks, but no thanks, they are discontinuing these, so you know what that means? No more firmware updates, support, etc...

ALOHA

 

[bluestrobe]

Ever make a choice or still looking for the golden egg? I'm dumping my WRT54GS and going with the d-link or linksys that I pointed out when money is available.

 

[Goosemaster]

From what I have seen, you know about firewall rule writing, but are looking for soemthing that will equal ipchains/iptables. Most of the products you are pointing out have functionality that you yourself don't even need, by your own admission, and do not fufill the requirements that you have actually put foward.

Most of these consumer firewall boxes will not do what you need adaquately as they are limited by what their webbased interfaces permit, and those that will do what you need, include an additional feature set that you don't even care for.

You say that you only care about security and not features. You have not hinted at IPS or IDS, so I'll assume that those aren't on your list of priorities. Solutions such as Astaro and other software packages are out because you don't want anything on your pc or yet another box. In addition, solutions such as consumer linksys and netgear routers will leave you shreaking in pain due to their limitations. The business ones cost too much and aren't that much more reliable, so those seem to be out too.

I recommend and old cisco 2600 series router. It is defintiely a business -class router, that, due its age, will be a complete bargain and yet a quality choice. I have a 2610, and it does most everything my basic network needs. It has NAT, IPsec VPN, as many accesslists as you can conjure up, QoS to a certain extent, and with two ethernet ports it has all the interfaces a simple gateway needs. It doesn't have wireless and all of the other mumbo jumbo built in, but it fully supports RIP, OSPF, EIGRP, NAT, VLANs, and switch management: all the stuff a real router needs. Depending on the software, basic IPS and advanced QoS is also available.

You can get one from ciscokits.com ready to go and pretty cheap. If you search on Ebay, you can even buy them cheaper, but ciscokits isn't bad at all, and they come ready to go.


my network

 

[FreshPrince]

Originally posted by: Goosemaster
From what I have seen, you know about firewall rule writing, but are looking for soemthing that will equal ipchains/iptables. Most of the products you are pointing out have functionality that you yourself don't even need, by your own admission, and do not fufill the requirements that you have actually put foward.

Most of these consumer firewall boxes will not do what you need adaquately as they are limited by what their webbased interfaces permit, and those that will do what you need, include an additional feature set that you don't even care for.

You say that you only care about security and not features. You have not hinted at IPS or IDS, so I'll assume that those aren't on your list of priorities. Solutions such as Astaro and other software packages are out because you don't want anything on your pc or yet another box. In addition, solutions such as consumer linksys and netgear routers will leave you shreaking in pain due to their limitations. The business ones cost too much and aren't that much more reliable, so those seem to be out too.

I recommend and old cisco 2600 series router. It is defintiely a business -class router, that, due its age, will be a complete bargain and yet a quality choice. I have a 2610, and it does most everything my basic network needs. It has NAT, IPsec VPN, as many accesslists as you can conjure up, QoS to a certain extent, and with two ethernet ports it has all the interfaces a simple gateway needs. It doesn't have wireless and all of the other mumbo jumbo built in, but it fully supports RIP, OSPF, EIGRP, NAT, VLANs, and switch management: all the stuff a real router needs. Depending on the software, basic IPS and advanced QoS is also available.

You can get one from ciscokits.com ready to go and pretty cheap. If you search on Ebay, you can even buy them cheaper, but ciscokits isn't bad at all, and they come ready to go.


my network

I'm not sure if the cisco router will provide adequate security...

the $200 checkpoint firewall looks good to me too, I don't see anything wrong with it...it's definitely much better interface wise than linksys because it comes with built-in vlan and qos, which those cheap devices will not be able to provide. If you know what you're doing, that checkpoint is definitely the way to go....I have the checkpoint EDGE device at home and it's pretty much the same as the safe@office with better vpn options and hardware failover port. with that said, when the securespot come out, I will put it in front of the checkpoint box