Firewall for ADSL

[Miha]

Hi


I have big LAN with local ip's from 192.168.1.1 to 192.168.1.255. I have ADSL connection shared in WINDOWS 2000 SERVER to accesing internet for all my clients. Now I try to find best firewall for me. I need to monitoring all of the ip's inside. I need to block or allow ports for this local ip's, blocks urls and ftp connections for all local ip's, etc. But not for all at once. For example my ip must have full acces to all the internet and ports outside. What firewall should I use, please help me. The price is not important. Thanks.

Miha

[Yaa101]

This is how i did it.

I am on MXStream adsl with a Alcatel Speed Touch (ex) Home.
I hacked it, well hacking is a great thing to say let's say i changed it's master behaviour and turned it into a Pro model.
Then you have a full fledged *nix machine with a microkernel, firewall, a damn fine nat/pat which works like a angel both ways, a webserver, a dns client/server, a dhcp server, a dynamic router and a telnet/cli server.
This all in a box of 200 x 170 x 30 millimeters.
In pro modus you skip your pptp tunnels and do your thing in raw ip over your DSL line and have it in a persistant mode so that when ever you have sync, you have connection.

I have put off DHCP and DNS in the device as i don't serve DHCP and hardly serve any services on my inside LAN, most servers are for the outside world for my fellow developers to collaborate in software development, yes a developers box.
I run Bind 9 DNS server for my internal DNS services, one of the few i also use internal.
It runs on a P1 Linux 2.4.8+ machine and servicable through a SSH2 connection as that box also has a SSH2 server, stealth hided for outside btw... the SSH service...
Further if money does not matter get a Communigate Pro Mail server, it saves you a lot of grief from setting up SMTP,POP,IMAP,webmail,realying, etc...
It has all in one package to become a mail provider overnight...

On my development box I have 2 Apache webservers running 1.3.22 and 2.0.28 i think... lol... further on request i put on my Jakarta-Tomcat servlet server.
FTP access to the document directories and irc server with private channel.
And way more tools such as compilers, virtual machines and interperters.
This box has exactly the same configuration in both Win2k server and Linux 2.4.10 mode...

The above Alcatel box is in fact nothing more then a linux box, a pentium 2 class will do.
This gateway machine must be a *nix machine as windows have a crippled ip stack with it's winsock implementation.
Even with the famous xp raw sockets (don't make me laugh) windows can never be a respectable gateway machine.

So if your service is inwards oriented (bringing internet inside) then choose for a linux box with either a flop solution or with a full distribution with the right servers configured.

[stephane]

go an see at www.sonicwall.com
look for the SOHO or TELE2 products

[Robert McGoram]

I'll second the vote for Sonicwall!

I was in a similar situation, and it was 'decided' for me by head office in the US that we were going to use Sonicwall.

The company I worked for had a full-time team of 'Security' personell and at the time of choosing a firewall, they had tested more than 10 different 'Security Appliances'.

In my experience the Sonicwall SOHO2 was simply stunning! It's performance, logging, installation and technical support were 2nd to none!

We encountered one of the first instances of Phase1 timeouts with Firewall-1 and Sonicwalls and within 2 days of reporting the bug, there was an update posted on their website for download.

Also the VPN thing was 'a piece of piss'.

There are a number of 'add-on' options including Filtering and Anti-Virus which we took up as well..... I would NEVER suggest a firewall should be 'Set and Forget' but this thing comes pretty close!

By the way - If you like the Sonicwall's features take a look at NAI's PGP Security appliance as this is simply a Sonicwall with the Anti-virus provided by NAI.

Also if you want a cheaper version (Not nearly as powerful and frankly the support sucks) however, if this doesn't bother you, you can still get a good firewall from Netgear by using their FR318 - Again, this is Sonicwall micro-code and OS at work, but in a more simplistic package.

Hope this helps.


Regards


Robert