Results 1 to 7 of 7

Thread: Hardware firewall

  1. #1
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Hardware firewall

    Hello, I am becoming interested in the possibility of buying a hardware firewall that is bi-directional (meaning it blocks outgoing communication from programs that have not been "approved".

    Does anyone have any experience using these, and can you recommend some brands/models?


    ..

    Also, can it be configured to allow all incoming connections? This would be "nice to have" so I could continue using the NAT settings on my router instead of opening the router completely and reconfigure all my port forwards again on the hardware firewall.

    thank you

  2. #2
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts

    Re: Hardware firewall

    What you would want is an application layer firewall - however for specfiying an "allowed list" of programs , you are better off using a software firewall on each client.

    BMK-IT

    looks like it might do the trick , otherwise you'll have to stick with a more conventional layer 3 device. You could also look at application level proxies , sch as ISA ( or SQUID for the Open source people )

    in a real world scenario , you have you external facing boxes sitting in a DMZ which has 2 firewalls - one to the real word , and one to the private LAN , so you'd have to configure 2 sets of rules anyway.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  3. #3
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Re: Hardware firewall

    thanks moby
    i wanted to hardware because vista clients have trouble with zone-alarm, and microsoft's firewall for outgoing programs is a JOKE. the biggest fail ever. Ever.






    ever

  4. #4
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts

    Re: Hardware firewall

    in what way ? I was never a huge fan of zonealarm.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  5. #5
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Re: Hardware firewall

    i'm not a huge fan of zone alarm either. the only reason i use it is because its a million times better than that piece of feces windows vista/2008server bi-directional firewall.

    i don't even know how to put into words how much of a massive failure the microsoft fwall is. it's hard to use... you can only do certain functionality from the CLI, not the GUI, it doesn't have the ability to block on a program-by-program basis, nor does it have the ability to make or download lists of programs and set their access levels to different things based on where they are trying to connect to. and when it's working, you don't even have any indication that it is doing its job. an absolute piece of garbage.

  6. #6
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,662
    Thanks
    53
    Thanked
    383 times in 313 posts

    Re: Hardware firewall

    but it can be controlled by group policy , which is very handy indeed. Especially when you plan on controlling over 1400 servers and what is allowed external network access. We'll be running the windows 2008 firewall on our work network , and a great layer of security it'll make.

    tbh when my firewall is working , thats all I want it to do - I dont *need* some flashy gui telling me its protecting me from evil hax0rs out there. If a program isn't allowed external access , i dont *need* a popup telling me how good my firewall is in blocking a program from accessing the web.

    I've said it time and time again , security is a layered process , there is no single panacea of a product that will make your system secure. only by combining products and network knowledge will you be able to achieve something close to a secure network.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  7. #7
    Senior Member
    Join Date
    Sep 2005
    Posts
    587
    Thanks
    7
    Thanked
    7 times in 7 posts

    Re: Hardware firewall

    but what about the average client PC? that's what i'm talking about.

    Vista & 2008 have the same basic firewall but they made no changes to the vista GUI to allow users to easily implement all the features they need.

    And in 2008 server, while the clients may be blissfully unaware that their PCs are being protected by the firewall, i believe the server does indeed retain logs which the administrators can check up on. That may be acceptable in a professional domain environment, but it's not really suitable for a end user to have to dig through logs to see if his personal firewall is working, nor to have to read a tutorial and run abstract commands through a CLI in order to set up controls for programs and ports.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ADSL2+ router with good, highly-configurable hardware firewall
    By pctechxp in forum Networking and Broadband
    Replies: 9
    Last Post: 12-04-2007, 02:20 PM
  2. with a hardware router do i need a software firewall ?
    By weebroonieuk in forum Software
    Replies: 17
    Last Post: 26-03-2006, 08:40 PM
  3. Windows Vista Hardware Tax
    By Matt1eD in forum Software
    Replies: 18
    Last Post: 21-09-2005, 08:23 PM
  4. an8 ultra hardware firewall issue
    By hardflipman in forum PC Hardware and Components
    Replies: 7
    Last Post: 06-09-2005, 08:23 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •