 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Jerry Feldman wrote: > > I looked up a coulple just now. About a year or so ago, we had a security > talk, and at least one person in the group had a Sonicwall. Why, that would be - me! :-) > It is probably better to have a dedicated firewall between your home > systems and the cable modem. I can't imagine NOT having a firewall between my internal network and the Internet at large. The very thought gives me the shakes. > The advantage of the applicance firewalls are in their ease of > management. This is why I went with a SonicWall, but it's a two-edged sword. The management IS very easy; Sonic has a nice browser-based interface for checking networks status, opening up ports, etc. It also can run a DHCP server for your internal LAN; I've gotten to be a fan of DHCP, so on first blush that looks pretty useful, too. And it's low-maintenance; very low power consumption, no disk to crash, no noticable heat production, no fan noise, and very small (the size of a small 4-port hub). The newest versions contain an integrated 4-port hub, in fact. BUT - because it's a proprietary solution, you can only do what they let you do, and you can't fix bugs. One fellow on MediaOne has been struggling for the better part of a year with some weird DHCP lease renewal problem. Sonic also took a while to support PPPoE. And the DHCP server doesn't have any flexibility; you can't, for instance, define the WINS server address. They keep adding features to the firmware, but it's (of course) on their schedule, not miine. Overall, for me it's worked well, but I can imagine that a lot of people on this list might chafe at its limitations (to say nothing of its political incorrectness). But for less net-savvy consumers, these boxes are a godsend. > You can also get the software and use a low cost PC as a dedicated > firewall. That was Plan A for me; at the time (2 years ago) IP masquerading was a bit more exotic and less well documented than it is now, and I just never could convince myself that I had the rules right. If I were doing it today, I'd certainly consider a dedicated Unix box. > http://www.gnatbox.com/ > http://www.watchguard.com/ > http://sonicwall.com/ See also: http://www.linksys.com/products/product.asp?prid=20&grid=5 http://www.netopia.com/equipment/security/s9500/ I don't have any direct experience with either of these (though I do use a Netopia R7200 firewall at work, and it seems OK). -- Jerry Callen jcallen at narsil.com - Subcription/unsubscription/info requests: send e-mail with "subscribe", "unsubscribe", or "info" on the first line of the message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
