Link to home
Start Free TrialLog in
Avatar of ASPboy
ASPboy

asked on

Zyxel Router as a firewal

I have a small network of 25 Workstations connected to a Zyxel Prestige 100 Router. There is no proxy server or hardware firewall, except for the filters that can be accessed from the router menu.

My question is - Is there an easy way to set up these filters to act as a decent firewall without being an expert in protocols? I know little about protocols, etc. Is there a step by step tutorial somewhere?

Looking at the manual is of no use and other sites I've looked at on the web were very technical.

Please can someone help me with this???
Avatar of jwalsh88
jwalsh88

here is a site that deals with edge router hardening.
http://www.garykessler.net/library/firewall.html
Avatar of ASPboy

ASKER

Thanks for the quick response.

Although the info is fairly basic, it still does not take me through step by step on how to set up a firewalls solution.

Knowing very little about filter rules, I want to be absolutley sure that what I'm setting up is accurate.

Can you suggest anything along these lines?
sorry you are using a router I have never even heard of so I cant give you step by step instructions.  I will try and find some info but I am not expecting to find much
Step by step instructions would be difficult with something I have not used.  But I can tell you that you can get a decent amount of protection from a router if you know how to program it.  By using NAT you are hal way there. By not have anybody serving from inside your network you have cut you chance of being hacked a great deal more.

The port filtering is usually easy to do on a Cisco product, or even a cheaper Linksys router.  I use a lot of Cisco Pix devices, and they are pretty easy to deal with. If you want a detail step by step instruction you will have an easier time if they use standard CISCO type commands, or  a GUI interface like the Linsys device.

I offer this last comment. If NAT is turned off on a CISCO product, you turn it on by isuing a NAT command. In other words, it is turned on by using it.
 NAT (inside) 1 xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx 0 0
This command would have the IP address of the PC you want to allow out to the Internet using NAT. CISCO of course.

You can also issue one comand to allow everybody out using NAT.

I wish I could be of more help.

               Joe Massimino
Avatar of Les Moore
This question appears to be abandoned. I will allow one week before I close this question
with the following recommendation:

- delete

if there is any objection to this recommendation then please post it here within 7 days.

thanks,

lrmoore@nw
EE Cleanup Volunteer
I object because he was given as much inforamtion as could be supplied with the limited information that he supplied.  He would have had to respond to this thread to get more help, or to let us know that he solved his problem. He didn't bother to follow it up, but he was supplied with as much information as possible.
ASKER CERTIFIED SOLUTION
Avatar of SpideyMod
SpideyMod

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial