Re: Small Form Factor Firewall

<larstr@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
Will <westes-usc@xxxxxxxxxxxxxx> wrote:
: To a management station, I would expect no incoming connections, so I
: that policy enforced and reported.

Where are you planning on utilizing this? Internally or for SOHO users?

Corporate use internally, way behind the main firewall.

I believe most SOHO boxes doesn't currently support GigE. For small remote
offices I have utilized small firewall boxes from Sofaware
( If you're using Checkpoint firewalling you will
recognize these. Sofaware is a Checkpoint daufgter company.

You hit the nail on the head. 95% of the product on the market for cheap
firewalls is for home users who have slow WAN connections. There are lots
of small firewall applications on a corporate network where you want to do
something special purpose, with a server or group of servers, or a critical
management workstation. Sometimes you just don't have a clean way to
attach that to a main firewall segment and you have to put something with
the machine locally. As you point out, there isn't a whole lot of
product offering out there for a small intra-corporate firewall with gigE
interfaces on both sides of the firewall.

And to be honest with you, what I really need is something closer to an
ethernet bridge that does firewall-like packet inspection. It would be
awfully nice if for example I could use the corporate DHCP from behind the
small firewall I want to buy.

For internal networks you also have the options of Cisco NAC This
requires you to have Cisco switches etc and will handle gigabit load

Probably a major expense.

etc. If you're not using cisco you can get a product such as Trend

Other solutions that will give you such functionality on the Client is
Checkpoint Integrity
( or
( You can
also combine several of these and they can work together for optimal

Software firewalls are cheap but easily defeated by any sophisticated
rootkit trojan.