Hardware Firewall

16-01-2008, 15:19

Afternoon,

Thinking of buying a 2nd hand hardware firewall - specifically a WatchGuard SOHO 6, because we supply and install them for our customers - well the WatchGuard range at least.

The reason being - I want to gain some knowledge of how they work, configuration etc.

I currently have a Linksys wifi ADSL router, so if I put the firewall on my network, the wi-fi would be protected would it as it would physically bypass the hardware firewall....unless I'm missing a trick...?

Lee

Aragorn · 16-01-2008, 15:28

Assuming you will be putting the firewall between router and wired PCs then yes, the wireless will be unprotected - although don't forget the Linksys will have a NAT firewall anyway.
If you want to actually block anything, you might want to set the firewall IP as a DMZ in the linksys - so that the linksys doesn't filter out the crap before it gets to the firewall!

16-01-2008, 15:32

Quote:

Originally Posted by Aragorn

Assuming you will be putting the firewall between router and wired PCs then yes, the wireless will be unprotected - although don't forget the Linksys will have a NAT firewall anyway.
If you want to actually block anything, you might want to set the firewall IP as a DMZ in the linksys - so that the linksys doesn't filter out the crap before it gets to the firewall!

That's were I thought it should go...at least normally that's how it would get setup:

Internet > Router > Firewall > PC's

I want to lean stuff like packet filtering - routing specific ports to <where ever> etc...

The Linksys is a bit limited in what it can do as a firewall.

Mr_love_monkey · 16-01-2008, 15:35

if you're buying from fleabay - make sure you get one that has the software for configuring it, with it (unless you can source it from elsewhere) - a lot of them on there don't come with any software.

16-01-2008, 15:40

Quote:

Originally Posted by Mr_love_monkey

if you're buying from fleabay - make sure you get one that has the software for configuring it, with it (unless you can source it from elsewhere) - a lot of them on there don't come with any software.

They are normally web-based - config built into the device.

Mr_love_monkey · 16-01-2008, 15:42

Quote:

Originally Posted by LSainsbury

The software is generally done with a web browser as it's built in.

ah, ok - the original firebox 2 & 3's had standalone programs for configuring, so without the software you couldn't even start it up properly.

16-01-2008, 15:49

I've got my ADSL modem set up in a bridged mode, with my Endian Linux Firewall controlling it. I also then have a wireless AP behind the firewall.
www.Endian.com

16-01-2008, 18:31

Quote:

Originally Posted by Mr_love_monkey

ah, ok - the original firebox 2 & 3's had standalone programs for configuring, so without the software you couldn't even start it up properly.

I believe with some of them you have a system manager which allows you to control / config lots of them - like a management console.

---------- Post added at 18:31 ---------- Previous post was at 17:10 ----------

Quote:

Originally Posted by LSainsbury

I currently have a Linksys wifi ADSL router, so if I put the firewall on my network, the wi-fi would be protected would it as it would physically bypass the hardware firewall....unless I'm missing a trick...?

Ooops - should have read before posting...there was a large typo which changed the entire context of the question! It should have read:

Quote:

Originally Posted by LSainsbury

I currently have a Linksys wifi ADSL router, so if I put the firewall on my network, would the wi-fi be protected as well, as the firewall would physically be bypassed as it's further down the chain? Unless I'm missing a trick...?

But even so - you got the gist of the question!

Matthew · 16-01-2008, 21:18

If you are going to buy one from the Watchguard range, personally I recommend one from the Core series but these are all subscription based. Alot of the higher end ones also need the system manager software to configure them but them are very reliable, we have some several hundred out there in out sites. Good bits of kit but cost alot of money.

Netgear do some firewalls which are worth looking at, these are much cheaper and are a similar setup to the Watchguard ones bur one a smaller scale from what I have seen. Have a look here, or on eBuyer, they do some really good deals from time to time if your lucky, if you are going to purchase a Watchguard range I would try and stick with them rather than eBay as alot are licensed and don't always come with them from eBay.

Just my bit on all this.

ic2 · 17-01-2008, 08:42

I run a watchguard Firebox Edge Ex10 at home on the XL package. I have a wireless router plugged into its "optional" network, which gives me protection of the firewall.

The only downside is browsing speed as I have UTM enabled on the box.

17-01-2008, 11:25

Quote:

Originally Posted by Matthew

if you are going to purchase a Watchguard range I would try and stick with them rather than eBay as alot are licensed and don't always come with them from eBay.

How do you mean - licensed?

Matthew · 17-01-2008, 16:13

With a Watchguard Firebox most have a license which allows you to use the Firebox, if its not up to date then parts of it are disabled as its a subscription based service.

17-01-2008, 17:36

Indeed - like the LiveSecurity - but I won't need that to use the basic functions....will I?

Matthew · 17-01-2008, 17:40

You shouldn't do but can't say for 100%. Just thought I would point it out in case you didn't know.

17-01-2008, 20:13

Well it arrived today - just sent an email to Watchguard to get it re-registered to me so I can get the latest firmware.