Re: Small Form Factor Firewall



Will wrote:
Does anyone make a small form factor firewall that is manageable by a web
interface, with a rule based configuration similar in principle to
Checkpoint's, but is designed for individual computers or a very small
network? I'm interested in possibly putting a few of these in front of key
network management stations. Because of rootkit viruses, I no longer
believe that in what a software firewall's logs tell me. The rootkit can
simply hide network activity in the kernel and report back only what it
wants you to see. Because I would use these firewalls one per workstation,
I don't want to be spending $1K or $2K per box.

you could use a small soncwall (tz170)
Some very desirable features:

1) A hard lockout on the firewall that would prevent any configuration
changes or administrative logins unless a button or knob were pressed.
Having a hard-wired read-only mode would prevent a trojan that sniffs your
keystrokes from doing much of use with the userid and password of the
external firewall.

it doesn't have a button but you can disable http/https managment on any interface
(e.g. disable for inside/outside interface, enable for opt interface, if you need to change config, connect with laptop
to opt interface or console)
2) Low cost, under $500/firewall.

i think they are about $400-500
3) GigE Support. These are being used on an internal network and I don't
want to sacrifice speed.

not sure, check specs
http://www.sonicwall.com/products/index.html
4) Support for mail alerts as well as alerting back to a GUI gadget on the
Windows desktop.

it can send mail alerts and I think syslogging
Are there any good options for this product?


M
.



Relevant Pages

  • Re: ntpd fails on boot
    ... very complex network setups (multiple NICs of different brands, VLANs, ... If your network interface takes 60 seconds to come up and get configured ... daemons that rely on such connectivity, ... connected + configured during network configuration time, ...
    (freebsd-stable)
  • Re: SBS R2 ISA2004 Dark Arts
    ... ISA in SBS as intended or you'll get into trouble. ... I have to get the back firewall configuration to work with the ... network in the rules/policies. ...
    (microsoft.public.windows.server.sbs)
  • Re: wireless and router; security issue
    ... issues like yours (and allow configuration with AD group policy). ... and the filesharing service of my network connection. ... The firewall I have is McAfee firewall 7.x, ...
    (microsoft.public.security)
  • Re: SBS R2 ISA2004 Dark Arts
    ... Right now the front firewall is not an ISA ... NIC-2 faces the internal "Live" network. ... I have to get the back firewall configuration to work with the ...
    (microsoft.public.windows.server.sbs)
  • Re: Lets talk about firewalls - what do we as a group think a firewall should be/have?
    ... part of the same network as the LAN. ... Each interface of a firewall should be distinct from ... interfaces, so a "DMZ interface" is not a requirement. ...
    (comp.security.firewalls)