Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
can anyone recommend a good firewall 4 win2k server 1
- Thread starter klos81
- Start date
I personally prefer the hardware vs software form of firewalls. Heres why:
Pros - Software
- You have it on CD, so it can(???Legally???) be installed on seperate machines.
- Has the ability to notify you of OUTGOING transmissions from unfamiliar applications or ports.
Cons - Software
- Eats resources of the computer, such as drive space, memory, CPU cycles, etc.
- Sometimes software of this nature can cause problems with an OS of any flavour. Even the built in firewall within XP has some minor glitches at times.
- Loose the CD, ya loose the firewall upon next reinstall of your OS.
Pros - Hardware
- Completely an independant device. Does not eat the resources of any computer.
- Networkable, which means that if you plan on adding computers to your network, you just need to buy a new cable.
- All routers that I've come across in my experience do have some sort of firewall built into it. That said, theres also dedicated firewall boxes that I've heard of that either allow or deny communications, and can be setup with a lot of options. (WOOHOO!! MORE TOYS!)
Cons - Hardware
- Some firewalls are setup to only do certain things, and not allow full, or as customizable protection as you require. If you want to block generally all communication initiated from the net getting to your LAN/Computer, all hardawre based firewalls should do. But if you plan on allowing the general public of the internet to get into your system on certain ports, some firewalls will just not do the trick.
- Most hardware firewalls in my experience do not notify a user of when an application running on a computer attempts to communicate on a blocked port (LAN to the net) There are firewalls that do log internally, and can send log reports to a "LOG SERVER" of sorts, but I've not personally seen anything effective.
Thats some of the pros and cons in my view. But if you've got your heart set on software, Norton Firewall and Black Ice are two products we sell in our store, and haven't heard too many problems back about it. I personally have had bad luck with software such as this, but others swear full success.
Pros - Software
- You have it on CD, so it can(???Legally???) be installed on seperate machines.
- Has the ability to notify you of OUTGOING transmissions from unfamiliar applications or ports.
Cons - Software
- Eats resources of the computer, such as drive space, memory, CPU cycles, etc.
- Sometimes software of this nature can cause problems with an OS of any flavour. Even the built in firewall within XP has some minor glitches at times.
- Loose the CD, ya loose the firewall upon next reinstall of your OS.
Pros - Hardware
- Completely an independant device. Does not eat the resources of any computer.
- Networkable, which means that if you plan on adding computers to your network, you just need to buy a new cable.
- All routers that I've come across in my experience do have some sort of firewall built into it. That said, theres also dedicated firewall boxes that I've heard of that either allow or deny communications, and can be setup with a lot of options. (WOOHOO!! MORE TOYS!)
Cons - Hardware
- Some firewalls are setup to only do certain things, and not allow full, or as customizable protection as you require. If you want to block generally all communication initiated from the net getting to your LAN/Computer, all hardawre based firewalls should do. But if you plan on allowing the general public of the internet to get into your system on certain ports, some firewalls will just not do the trick.
- Most hardware firewalls in my experience do not notify a user of when an application running on a computer attempts to communicate on a blocked port (LAN to the net) There are firewalls that do log internally, and can send log reports to a "LOG SERVER" of sorts, but I've not personally seen anything effective.
Thats some of the pros and cons in my view. But if you've got your heart set on software, Norton Firewall and Black Ice are two products we sell in our store, and haven't heard too many problems back about it. I personally have had bad luck with software such as this, but others swear full success.
-
1
- #3
Agree with CamaroLT
for broadband and software firewall solutions see this faq:What is the Best Type of Software Firewall?
for broadband and software firewall solutions see this faq:What is the Best Type of Software Firewall?
btw Kerio should very usefull see :
- Thread starter
- #6
thanks for the advice, this firewall has been working fine, but now i have a little issue...
in my network there is a mobile pc, and when the user connects the laptop to the network the firewall doesn't allow it to get the DHCP info.
so i gotta stop the firewall engine then reboot the laptop and then it will get the DHCP info, and after that i turn the firewall engineback up. and everything comes to normal
but i don;t think this is the way it could be done.
what if i'm not here ????
Thanks in advance
Klos
in my network there is a mobile pc, and when the user connects the laptop to the network the firewall doesn't allow it to get the DHCP info.
so i gotta stop the firewall engine then reboot the laptop and then it will get the DHCP info, and after that i turn the firewall engineback up. and everything comes to normal
but i don;t think this is the way it could be done.
what if i'm not here ????
Thanks in advance
Klos
- Thread starter
- #8
OK,
The Firewall is BlackIce 3.6, and it is set to paranoid mode which is the highest level of protection, then when an intruder tries to access my server it asks me first about what to do, accept, block . like when i first installed it since all the pcs on my network where connected it detected them right away so i went and told the firewall to trust and accept the intrudet which where he pcs in my LAN.
and after that there was no problem,except for the laptop because like i said, when the user hooks up the cable to LAN and laptop tries to get the DHCP info (ip,subnet,gateway, dns suffix) the firewall does not allow it, and then i have to stop the firewall from protecting and reboot the laptop with the firewall disabled and then the laptop wold get the DHCP info from the server, and after i gets it i reenable the firewall. so it will keep on doing the job.
klos
The Firewall is BlackIce 3.6, and it is set to paranoid mode which is the highest level of protection, then when an intruder tries to access my server it asks me first about what to do, accept, block . like when i first installed it since all the pcs on my network where connected it detected them right away so i went and told the firewall to trust and accept the intrudet which where he pcs in my LAN.
and after that there was no problem,except for the laptop because like i said, when the user hooks up the cable to LAN and laptop tries to get the DHCP info (ip,subnet,gateway, dns suffix) the firewall does not allow it, and then i have to stop the firewall from protecting and reboot the laptop with the firewall disabled and then the laptop wold get the DHCP info from the server, and after i gets it i reenable the firewall. so it will keep on doing the job.
klos
AXISPNOC
IS-IT--Management
- Jun 11, 2003
- 22
Oh one more thing, BlackICE does not meet true Firewall standards. You can read all about the best firewalls from an Industry Icon in the Security field, Steven Gibson, at Gibson Research,
Hi- in my experience blackice is great for a home PC but ive had numerous issues running blackice on an internal network--letalone a server.
I install a Lot of Cisco PIX firewalls-- these are without doubt the best Firewall available on the market-- not the easiest thing to comfigure for the layman.
Anyway i guess we need to `make do` with what you have at the moment to resolve your immediate problem.
the easiest way is to set blackice back in its elarning mode which it does when you first install it. while its running in learning mode-- you need to get your laptop connecting a good few times--so that blackice sees this and doesnt class it as an attack.
In my opinion youd be best advised to keep away from low end software firewalls-- you dont know what its actually blocking internally between client/server and what the rammifications are- especually if you have 2 domain controllers
MCSE NT&2K,CCNA/CCDA,CNA,ASE,NSP
I install a Lot of Cisco PIX firewalls-- these are without doubt the best Firewall available on the market-- not the easiest thing to comfigure for the layman.
Anyway i guess we need to `make do` with what you have at the moment to resolve your immediate problem.
the easiest way is to set blackice back in its elarning mode which it does when you first install it. while its running in learning mode-- you need to get your laptop connecting a good few times--so that blackice sees this and doesnt class it as an attack.
In my opinion youd be best advised to keep away from low end software firewalls-- you dont know what its actually blocking internally between client/server and what the rammifications are- especually if you have 2 domain controllers
MCSE NT&2K,CCNA/CCDA,CNA,ASE,NSP
I would recommend a hardware firewall also and I would suggest a
Hi!
Hi!
Hello,
I agree with the growing trend in this thread that a hardware firewall is a great choice for you. It is not a device being manipualted into doing another task (though I am suggesting something like this...). Switches for swithes, routers for routers...pc's for computing...
Pix are decent firewalls until you need to move A LOT of traffic...then Netscreen eats their lunch...we had to migrate at my co. because Pix just could not handle the traffic (300 m/sec sustained).
If you are already using a Cisco firewall esp. a 2100 or better you can install IOS Firewall that does a pretty good job of protecting your network. It will not give you a lot of pretty pictures or messages but it will quietly do a good job of protecting your network before a packet gets inside your LAN.
Also, the comment about SonicWall is good as are most of the others... In the small to midrange prices you can't go to far astray. All the products offer similar features and capabilities. Watchguard has a nice SOHO for under $300 bucks that will do an excellent job and allow you to have a Client VPN as well. Netscreen 5 is also another successful product... Ebay is a great place to get good pricing on this equipment.
Hope this helps.
I agree with the growing trend in this thread that a hardware firewall is a great choice for you. It is not a device being manipualted into doing another task (though I am suggesting something like this...). Switches for swithes, routers for routers...pc's for computing...
Pix are decent firewalls until you need to move A LOT of traffic...then Netscreen eats their lunch...we had to migrate at my co. because Pix just could not handle the traffic (300 m/sec sustained).
If you are already using a Cisco firewall esp. a 2100 or better you can install IOS Firewall that does a pretty good job of protecting your network. It will not give you a lot of pretty pictures or messages but it will quietly do a good job of protecting your network before a packet gets inside your LAN.
Also, the comment about SonicWall is good as are most of the others... In the small to midrange prices you can't go to far astray. All the products offer similar features and capabilities. Watchguard has a nice SOHO for under $300 bucks that will do an excellent job and allow you to have a Client VPN as well. Netscreen 5 is also another successful product... Ebay is a great place to get good pricing on this equipment.
Hope this helps.
If there is any issue with the PIx not being able to move enough traffic--it must surely becasue youve too low end a model and its doing a far greater packet inspection than netscreen.
It is official that the Cisco Pix IS the most secure firewall on the market.
MCSE NT&2K,CCNA/CCDA,CNA,ASE,NSP
If your going to post-- say somthing instead of Googling a URL link
It is official that the Cisco Pix IS the most secure firewall on the market.
MCSE NT&2K,CCNA/CCDA,CNA,ASE,NSP
If your going to post-- say somthing instead of Googling a URL link
just checking it out and the netscreen has indeed a good throughput.
MCSE NT&2K,CCNA/CCDA,CNA,ASE,NSP
If your going to post-- say somthing instead of Googling a URL link
MCSE NT&2K,CCNA/CCDA,CNA,ASE,NSP
If your going to post-- say somthing instead of Googling a URL link
As the policy here states, we are not supposed to endorse any products... however, the articles by Steve Gibson at (referenced by AXISPNOC above) are really nice. As far as problems with DHCP, DNS etc being accessed, the firewall I'm using (one of the ones Gibson said was a good one, and is free for personal use) allows you to include a subnet into the local zone in its settings. The local zone and internet zone can have different security settings so it will allow traffic to pass freely on the local zone. Make sure to include broadcast ip's into your local zone so the DHCP can hear incomming requests.
- Status
Similar threads
- Locked
- Question
