Re: Small Form Factor Firewall



Will wrote:
Does anyone make a small form factor firewall that is manageable by a web
interface, with a rule based configuration similar in principle to
Checkpoint's, but is designed for individual computers or a very small
network? I'm interested in possibly putting a few of these in front of key
network management stations. Because of rootkit viruses, I no longer
believe that in what a software firewall's logs tell me. The rootkit can
simply hide network activity in the kernel and report back only what it
wants you to see. Because I would use these firewalls one per workstation,
I don't want to be spending $1K or $2K per box.

you could use a small soncwall (tz170)
Some very desirable features:

1) A hard lockout on the firewall that would prevent any configuration
changes or administrative logins unless a button or knob were pressed.
Having a hard-wired read-only mode would prevent a trojan that sniffs your
keystrokes from doing much of use with the userid and password of the
external firewall.

it doesn't have a button but you can disable http/https managment on any interface
(e.g. disable for inside/outside interface, enable for opt interface, if you need to change config, connect with laptop
to opt interface or console)
2) Low cost, under $500/firewall.

i think they are about $400-500
3) GigE Support. These are being used on an internal network and I don't
want to sacrifice speed.

not sure, check specs
http://www.sonicwall.com/products/index.html
4) Support for mail alerts as well as alerting back to a GUI gadget on the
Windows desktop.

it can send mail alerts and I think syslogging
Are there any good options for this product?


M
.