Hardware Firewalls

[Deadmanwalking]

Ok first wasn't sure where this belonged, in Broadband bit or main so feel free to move it.

Right, my hardware firewall has just died on me By that i mean it won't start up after it died, so im assuming a power problem or just age.

It is a Zywall 1. Now i am looking for a replacement. The Zywall 2 is that but is £160 odd with VAT. Now that was the price the Zywall 1 was but we got it on the cheap and can't justfy spending that much on a firewall. I have looked at various router/firewall combos and apart from being less able at the firewall part, we already have a perfectly good router.

I need ideas I dislike software firewalls if they are the only protection. Not least because of the ineffectiveness of them but also the hassle (4 machine here).

cheers in Advance

 

[evilmonkeh]

well.
do you intend to get a router with built in dsl modem?
or do you currently have a cable router (the thing that broke)

have you tried reseting it to default (normally a small button somewhere)
ask on adslguide.org?

 

[Deadmanwalking]

Ok i know you are trying to be helpful. But only one of those 4 suggestions came even close

I said i already have a router with which i am happy with. I need the firewall to plug into the router in between my comps and the router.

It's dead, as in dead as a dodo.

 

[evilmonkeh]

ah
got any old pcs lieing around unused?

 

[Deadmanwalking]

Yeah that was a viable option at one point but not now sadly.

Anyway it has to sit in a small small space and it cannot be moved anywhere else due to wires etc etc.

 

[evilmonkeh]

with your current router, have you just got it in Bridge mode, or using NAT (alot securer)?

 

[Deadmanwalking]

Neither, i have static ips and so it was router just acting as a swithc/modem....firewall...comps.

 

[evilmonkeh]

ah, i see your point
seeing as i only have one ip (f2s charge an extra £5 a month for 8), i run it through nat and htis doubles up as sharing the connection and acting as a firewall.

not sure of any cheap hardware firewalls tho

 

[Deadmanwalking]

I can have it nat, and ditch the IPS but not only do i lose the Ips after having a hardware firewall i am not very happy without one tbh. Nat or no nat, nothing is quite the same.

This is the point where i delve into film quotation land..

"Help me Jonty, your my only hope."

ER.. yeah

 

[Chameleon]

It sounds like you simply need another hardware firewall to me, if you want to keep that setup. Readily available, but tend to be expensive, as you obviously know.
You could do far worse than asking the same question over at the adslguide.org forums in the security, hardware or technical forums if you haven't already. There will be lots with similar setups and advice i would imagine, to add to the techy guys advice here ofc.

 

[Deadmanwalking]

Yeah that was my question

But kinda got lost in Router speak, yeah i will prob do that. Cheers

 

[evilmonkeh]

what you have to do is way up the costs.
if for example you can build a pc for £100 (which isnt too hard if you look well and get stuff integrated) then that might be good.
then again in a box things are easier to setup and smaller and much less hassle

 

[Deadmanwalking]

Like i have said already twice, i cannot get a computer instead. Ok it wont fit it wont do the job etc etc.

Oh and please use capital letters.

 

[evilmonkeh]

WHAT LIKE THIS?
generally i dont bother typing with caps unless its important, but here goes.

Ok. not sure aboutmuch of hardware firewalls, id suggest asking in the adslguide forums, someones bound to know.

 

[Chameleon]

I was looking last night at routers and firewalls, as my asus has been going mental lately. I came to the conclusion that £160 for a zywall 2 was about the cheapest option for your kind of setup. Alternatives that spring to mind are either to replace the router at the same time with something like a Zyxel 652 or Vigor 2600 and supplement with something like Kerio personal firewall (which can be configured to be extremely security conscious if you can be arsed to take the time setting it up on all the client pc's) ...... or a small, quiet, standalone pc with either a full blown linux type jobbie OS on it, or something more task specific like ipcop or smoothwall. Not what you are looking for as an ideal solution i know, but without spending £160+, I don't see there's much alternative. Trouble is, a decent router with comparitively good firewall functionality (such as the zyxel 652) comes in at about the price that the zywall 2 does, so short of selling your existing router to recoup some of the cost, there's not much in it. Think dslsource has the zyxel 652 at about £170 throughout september and the zywall 2 seemed about £160 most places. I'd like a zywall 2 myself if the price comes down a bit! If you see a bargain, be sure to let me know!

 

[Deadmanwalking]

I will, but its not only the price that is the problem, it's the space constraints as i have a very complicated network where everything has its place etc etc.

 

[Quige]

Bit late to the party ... wrote this post last night but the forum seemed to crash out as I hit submit,

basically I came to the same conclusion as Ch@meleon, that something from the Draytek Vigor range;

http://www.draytek.co.uk.
Feature table comparison

maybe the 2300 at £139

Unfortunately they have 2 firewall/vpn solutions coming up, but not released yet, so consequently no prices,

Vigor2900 High Performance Ethernet Router/Firewall & VPN Device

The other is labelled 'enterprise' so no doubt costs buckets.

I'd be suprised if you can find a similar featured product as the Zywall for under £100, unless 2nd hand, but the world is full of suprises. You may have to settle for something that doesn't do stateful packet inspection, and go with NAT. My router does NAT, but allows set up of rules for direction of different types of traffic to different hosts on the LAN. It has to be admitted that it's logging is non existant though. I was thinking of trying one of these Draytek's when I replace it.

 

[Chameleon]

If you are considering the zyxel 652 as an option - apparently there is an 'h' model coming out which includes bandwith management. If others in your household are using the other 3 pc's, this feature might be useful to have! But then I just love new gadgets and features to play with!!

http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=dslrouter&Number=885764

 

[Quige]

Originally posted by Deadmanwalking
I have looked at various router/firewall combos and apart from being less able at the firewall part, we already have a perfectly good router

Did you have a look at this one, due out at the end of September from Netgear. OK, it's got a built in ADSL modem (don't shout at me!), but it's under £100 inc VAT and does

True Firewall with Stateful Packet Inspection (SPI) & Intrusion Control, Denial of Service (DoS)

Netgear DG834 ADSL Firewall Router

 

[Deadmanwalking]

Oooh Quige.... i think you may have found a new best friend

ooo... i like the look of that. Thanks alot

 

[Quige]

There's also this, but no price yet

Netgear DG834G 54Mbps Wireless ADSL Router

 

[Deadmanwalking]

Eeewwww wireless...... Get out!!

 

[Quige]

well I don't use wireless myself much, but the girlfriend likes to sit with her laptop on the sofa, and it's fast enough for internet access, and the small amount of word documents she copies about from the server. Just thought I'd mention it in case you were interested. I think I'll actually get the non-wireless one as my 3Com AP does the job fine already.

 

[Embattle]

Its nice to have the wireless there as an option at a later date