Re: any suggestion for a good hardware firewall

From: Leythos (void_at_nowhere.com)
Date: 08/27/04 

Date: Fri, 27 Aug 2004 02:32:15 GMT

In article <pt6ti051oolv86kmt14f9tbi4ulagd9fio@4ax.com>,
nospam@shopping.nowthor.com says...
> On Fri, 27 Aug 2004 02:13:16 GMT, Leythos <void@nowhere.com> wrote:
> >
> >>
> >> Leythos, why do you keep ignoring the ZyWALL's? ;-)
> >
> >Because, from all I've read on their site, all of them under $1000 are
> >just glorified NAT/SPI devices that offer little more than a high-end
> >linksys BEFSX41 unit or a BEFVP41 unit does. Sure, they have more CPU
> >power to manage VPN encryption, but that's the only advantage I see in
> >their documents.
> >
>
> What makes you say that? Besides being ICSA-certified firewalls, they
> most certainly do much more than NAT. In reality, you don't even have
> to do NAT. The firewall works just fine by itself.

Other than being certified, all of the documents, including the large
users manual, points to doing NAT and port forwarding as their means of
protection. From the look of it you can only assign one subnet on the
LAN side and one IP on the public side - this makes it a residential
firewall appliance. Most firewalls, at least the ones I'm installing and
using, allow for entire class A/B/C networks on the public network and
multiple subnets on each LAN or DMZ port - you would use something like
this in between the Plant Floor network and the Business Office network,
or between a office network and the accounting department systems...
Once nice thing about the firebox is that it can work in drop-in mode,
which means there is no NAT port mapping needed. 

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: Is there any thing like Bubbleip
    ... :the dynDNS, then it detects my network administrator's server address, ... There are four important forms of NAT: ... On a Statefull Packet Inspection firewall, ... Port Address Translation. ...
    (comp.security.misc)
  • Re: howto backtrack hacker?
    ... well first of all you should report this to your network administrator. ... There is a chance that he is "responsible" for this. ... that e is performing a port scan which is is allowed to do. ... chance with software firewalls. ...
    (comp.os.linux.networking)
  • Re: [fw-wiz] Internet accessible screened subnet - use public orprivate IPs?
    ... >The whole reason NAT was implemented was because of a very finite number of publicly routable IP addresses. ... The first firewalls I built offered NAT (inherent in the design and then later via ... "Proxy transparency" in Gauntlet) because a lot of the early firewall customers ... re-address their network or NAT ...
    (Firewall-Wizards)
  • Re: 56k dial up on laptop 802.11G ?
    ... Firewalls can also filter specific types of network traffic. ... Let's knock the NAT out of the box. ...
    (alt.internet.wireless)
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... >> one of their firewalls). ... >> But there was one claim that sounded like a serious problem for NAT ... >> device opens a port by putting it in the NAT table, ... way into the network? ...
    (comp.security.firewalls)