Re: SonicWALL vs. NetGear vs. LinkSys (Pricing/Functionality)

From: David (davidwnh_at_adelphia.net)
Date: 05/12/03 

Date: Mon, 12 May 2003 21:46:53 GMT

You really need to take a look at specific model's datasheets. Most have PDF
downloads available on the web. Feature sets vary widely amongst product
lines even.

You have four basic ways of firewalling. NAT, Stateless packet inspection,
stateful packet inspection, and application proxies. Some firewalls use one
method and others use a combination or all. Your basic cheap cable/dsl
router uses only NAT, however some or most of them are now including various
levels of limited packet inspection which together with NAT makes them
half-decent. Even these don't really don't compare with some of the
mid-priced devices because their packet inspection is rather crude. For
example most of them don't allow you to write rules that inspect for certain
combinations of invalid state flags or look for other discrepancies that can
be found in the malicious packets' headers. Then there is the addition of
other features like VPN's, IDS, extended logging, etc. which many of the
cheaper devices don't offer.

So for an average home user that may not need VPN connectivity and may not
care to understand what TCP-IP flags are all about, whose limited by
relatively little bandwidth, who has a fair amount of control over who uses
the machines,who isn't exposing servers to the internet, etc., a cheap
device with maybe a free or cheap desktop firewall would suffice. No reason
to pay for additional functionality that you don't understand enough about
to implement, no less might not be able to squeeze into the budget.
Sometimes an individuals money is better spent on a cheap device along with
a CDR, DVDR or tape backup system.

What additional functionality one needs above the basics depends on what the
device will be protecting. If someone has servers they are exposing to the
internet they often want to further segregate things so that the servers are
behind the firewall however in a distinct network from their desktops so
they need a multi-adapter device that has more extensive packet header
inspection. If someone needs to extensively access their network from remote
locations they may want VPN capability.

You generally get what you pay for, but the real question is are you paying
extra for features you won't be using?

You might see if you can find a firewall buyer's guide on the web that
explains what certain functions do to see if your usage would benefit from
specific features. Google "firewall buyers guide" or "firewall types" and
see where it takes you.

> I am aware of SonicWALL's generally
> well regarded reputation (see above)
> and I even have some experience with
> a few of their SOHO & TELE series units
> (Internet Security Appliances with VPN),
> but I was hoping one of you can help
> me understand how their units compare
> to the much less expensive units from
> NetGear & LinkSys.
>
> For instance, how well would the units
> from NetGear & LinkSys that sell for $69
> compare to even an older SonicWALL TELE2?
>
> Speaking of which, does anyone know of
> any sources of new or used TELE2 units?
>
> Thanks in advance!