Q: Need a good recommendation for a firewall for a small company, we were recently hacked and is now the router firewall on the DSL modem crazy.
I going to keep on getting this error in the firewall logs:
IP Subnet Broadcast Amplification
So htinking I only have to invest in a firewall, but our budget was quite small. Slightly less than 500 would be perferable.
was think about this:
http: / / www.hotbrick.com/lb-2.html
any good? Thanks for the input!
Re:Yeah, you guys need to pay attention to this thread.
He's already picked out, purchased, configured, and deployed his firewall.
Re:I second Smoothwall, I've been using it on my LAN for over 2 years now, not only is it free but high customizable too. It is rock solid and provides lots of different logs as well as it is easy to setup as you don't have to know linux to set it up.
Re:Originally posted by: guy
Look into Astaro Security Linux. It is fantastic.
I don't know how it stacks up to the PIX tiugh, which is pretty much a benchmark.
I definitely second the Astaro vote. Been using it myself for about six months now after leaving smoothwall behind. It's *extremely* configurable, and isn't terribly difficult to set up or maintain. You would need to look at the commercial version since the private version (aside from being a legal license only for home users) doesn't support more than ten machines behind it.
Overall tho, it's a good system. Works well if you want a seperate nic for each your net connection, and seperate LAN's (dmz, private, etc.)
Edit: Woops, a little late. Enjoy the PIX! =)
Re:thanks, I was able to figure out how to open that port just for one computer thnx to cisco tech support. This thing is so powerful, got a lot to learn!
Re:Assuming you're using PAT:
access-list 100 permit tcp any interface outside eq pcanywhere-data
access-list 100 permit udp any interface outside eq pcanywhere-status
access-list 100 deny ip any any
access-group 100 in interface outside
static (inside,outside) tcp interface outside pcanywhere-data 192.168.0.42 pcanywhere-data netmask 255.255.255.0
static (inside,outside) udp interface outside pcanywhere-status 192.168.0.42 pcanywhere-status netmask 255.255.255.0
If that doesn't work, replace "interface outside" with your outside interface's IP address and/or the syntax "host <address>". The PIX has the ability to write some rules in terms of pointing to the interface, which makes renumbering or using DHCP outside much easier.
The CLI syntax is a pain to figure out, but once you know what to do you can do a lot.
Re:any idea how I open a port incoming, so that someone can connect to our pcanywhere host. There is so much stuff, i'm completely lost haha
Re:just got the PIX in, a lot smaller then I thought it would be haha. Thanks for all the help guys, will post again if I need any help
Re:another vote for astaro
Re:Dailo. Check out Smoothwall and IPCop. Both are free for a basic firewall setup. All you'd need is a basic desktop 300mhz type system with extra network cards. Very easy to setup!
smoothwall.org
ipcop.org
Re:should be getting the pix 501 in today, hopfeully it will be easy to setup haha
Re:Look into Astaro Security Linux. It is fantastic.
I don't know how it stacks up to the PIX tiugh, which is pretty much a benchmark.
Re:We use more then 32 leases, but I was thinking some of them are because of the computers we use for testing puposes, so I was just oging to hook up a router to those computers and just have that give out ips to the testing computers. Is that just as safe?
Re:well, how big is your office? do you have your own dhcp server?
Re:getting one tommorow
Any suggestions how to set it up, i'm just gonna hook up my dsl router to it and then just hook it up to our switch. I presume that is the correct setup as I would like to keep my network gigabit. Also i read it only allows 32 dhcp leases, anyway to get more?
Also how does the software work, is it required? thanks a lot!
Re:I second the PIX 501 recommendation.
Re:Originally posted by: guy
Unless you're running services that employees need access to from home, a simple NAT style firewall would do just fine. A linux box is fine for doing that + port filtering. If you want application level filtering etc then you need to invest time and money in setting that solution up. I personally use a Cisco PIX and it runs well. Sometimes it reboots on it's own though Oo and we're trying to narrow down why that happens.
Wiggle the power connector on the back and see if that's the cause. If it is, call TAC and tell them you've got one of the defective power supplies on your 501 and they should RMA it for you.
If not, type 'show crash' from the enable mode to view the crash file, open a case with TAC and send the crash file to them.
Re:thnx for the tips guys, will look into the cisco or the smoothwall.
Re:Unless you're running services that employees need access to from home, a simple NAT style firewall would do just fine. A linux box is fine for doing that + port filtering. If you want application level filtering etc then you need to invest time and money in setting that solution up. I personally use a Cisco PIX and it runs well. Sometimes it reboots on it's own though Oo and we're trying to narrow down why that happens.
Re:I would take a look at this.
Cisco PIX 501 10-user/3DES bundle
Text (http://www.cdw.com/shop/products/default.aspx?EDC=337727)
Re:Cisco PIX 501 (http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html)
Re:Smoothwall is great for small businesses, and if you need more features than the free version includes (and it includes quite a few), they have a commercial version as well.
Re:any more links regarding making a firewall with linux, not really sure what to do with that website. thanks in advance.
Re:http://cyberguard.com/snapgear/products.html
Or if you know linux, you could look into buying a cheap machine and setting up your own firewall.
Re:If the Network is configured around Central Server you can install Software Firewall on the server, or get a Firewall Appliance.
If it is peer to peer Network get a Firewall Appliance (example): SonicWALL Internet security appliances. (http://www.sonicwall.com/products/vpnapp.html)
The Hardware that you mentioned in your post is mainly a Load Balance Router. I am Not sure that it provides a real good Firewall.
:sun:
0 Comments.