Re: Home firewall recommendations

In article <1139354346.888607.286780@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Kato <ktomatsu@xxxxxxxxx> wrote:
I am thinking ahead, upgrading my home system with the future in mind.

I'm currently running an SMC Barricade (SMC2804WBR) consumer wifi

However, I am thinking of getting something more sophisticated - say

What kinds of threats do you want to be able to protect against?

Do you need the device to watch HTTP and FTP and detect viruses on
the fly? Same for HTTPS? Same for POP, IMAP, SMTP?

Is this for a "block all unauthorized from outside, but assume
everything from inside is authorized" situation, or do you assume
that you need to protect against viruses trying to go outward, or
do you assume that you will want to block outgoing programs that take
evasive action to negate firewalls (e.g., Skype, several IM programs).

You mentioned kids deeper in the thread: do you need differential
outgoing access (you can go somewhere they can't)? Do you need
web site censorship^B^B^B^B^B^B^B^B^B^Bfiltering ? Traffic shaping?
Time-based access controls?

At some point might you get multiple external IPs? Will you be running
any servers? Do you need multiple physical interfaces (for DMZ)?
802.1Q VLAN support? Any need to firewall internal devices from each
other? If so, what internal data rate must be supported (since external
ISP rates are generally much much lower).

You mentioned VPN -- any -incoming- VPN traffic? Which particular
VPN technologies? e.g., will you need to be able to form GRE tunnels?
Will you need to be able to do "Layer 2 Transparent VPN" so that you
can get IPX, Appletalk or other non-IP across the VPN? Will you need
NETBIOS broadcasts to traverse the VPN, or will you be Ok with
WINS and/or LDAP? Will you need WebVPN support?

Will you be needing PPPoE? Multiple PPPoE accounts?

If you need to be able to define port forwarding (static port address
translation) then what parameters do you need to be able to select upon?

You will certainly want Stateful Packet Inspection, with integrated
NAT (network address translation) adjustments to protocols: which
protocols will you need inspected?

Relevant Pages

  • Re: Industry Standard Security and guest wifi access best practice
    ... with IPSEC VPN clients has not been positive. ... Then they probably won't support other forms of security. ... to switch all connections into SSL mode. ... Use WPA to encrypt wireless traffic, ...
  • Re: VPN disconnection
    ... Server 2003 SP2 or the Scalable Networking Pack on a Windows Small Business ... Please Run the Configure Remote Access wizard to configure VPN. ... Microsoft CSS Online Newsgroup Support ...
  • Re: VPN drops
    ... we can try to set up several VPN connections ... hardware (DSL router) limitation. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
  • RE: Windows XP + std. VPN client issue need HELP
    ... A suggestion would be to contact Microsoft Product Support Services via ... Microsoft CSS Online Newsgroup Support ... VPN client issue need HELP ... | Windows XP sp2 OS with standart VPN client. ...
  • Re: Need help with remote access solution
    ... from having a VPN connection into the client's network? ... Remote access can be via a modem, via a VPN into the DMZ, or by any other ... switched to the Remote Support Client. ...