Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,
What's a good way to practice your skills on firewalls, like ASA, palo alto or any other.
It seems like you can do labs on routers and switches and build your own topology in GNS3 or packettracer but I don't know how to get familiar with firewalls, is it just a matter of you just have to get thrown in fire to learn.
thanks for your input..
0
On Demand Webinar: Networking for the Cloud Era
LVL 9
On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

I have a TZ105 and i setup SSL VPN with NETBIOS enabled. I configured the Client Settings DNS Server address for our internal dns server. So i can now ping hostname.domain.local but cant ping hostname. Any Suggestions?
0
my asa 5510 is unable to run post. i am tryping to configure it using putty but it is showing nothing with just a blank screen
0
I have a DVR system for my IP camera systems and I have a sonicwall firewall. I need to access my dvr through my public IP address while out of office. I did the following steps:

Creating the necessary Address Objects

step 1
Then I did

step 2

Creating the appropriate NAT Policies which can include Inbound, Outbound, and Loopback

Then I did

Step 3

Creating the necessary Firewall Access Rules

then Firewall.png

I did these steps and still cant access the DVR system when outside my network.
1
The product will come with its' operating system only , for training, does palo alto offer the service 30 days evaluation (like Microsoft) when expire you have to re-install it again.
0
Hi Experts,

I am currently looking for a managed, software or hardware firewall option for a business grade internet connection and WAN. I don't know much about firewalls beyond what is available on your average home computer and I am a little unsure where to start.

Please can you tell me your thoughts on what is best for a business.

If I were to purchase a unit, is this something that can easily be learned, administered and managed in house or is this something that requires a real specialist?
Should I use a software, hardware firewall, or a managed offering?
What sort of costs can I expect for a reasonable solution?
What should I look out for?

Any expert advise would be most appreciated.

Thank you

Jim
0
how can I find out if my Fortinet firewall 60B is passing traffic on certain ports in both directions?
my scenario:
Fortinet 60B
application server internally that has port 9000 open
from all outside port tests we see port 9000 open
how can I tell certainly that the problem is either the firewall blocking port 9000 or these is some other problem.
I am trying to see if also if syslog messages will show the port 9000 discards
all help is greatly appreciated
0
I am new to  ASA firewall concept, I would like to know that  ASA firwall works  based on interface name or IP address, for an example if the traffic comes from outside(internet), and if we want all traffic to (inside) office network, do we need to say any IP address within specific range goes to inside interface ?  For an example how do we allow VPN traffic through firewall?
0
my zyxel usg every time that I reboot charge in config one .zysh(I can read this in my logs),never I setup into it a script,then I am worried about this,nothing in the gui appears,I do not see nothing in start up config but couple of moths ago my cpu was working with 70%, it's not usual(no more than 25%, And now after finish configurate again start up config bad appears and the usg use the lastgood config, and l2tp doesn't work at all 'peer connection failed',

Many thanks
0
Hello,
     We use RealVNC to to monitor a couple of PCs that are at a remote location. We have never had a problem using it but since upgrading the firmware on our  Sonicwall NSA 220 the firewall now stops the connection with the following alert: IPS Prevention Alert: MISC RealVNC Authentication Bypass, SID: 5828, Priority: Medium. How can I stop the firewall from blocking these events?

Thank you
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE
LVL 4
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

I opened a case with Sonicwall but no word yet.

I was just curious if anyone had the answer, I know this scarcely requires an expert lol but.....

I booted up a machine with an old NetExtender rev from 2014 and it forced me to update the client when I connected to my NSA 4600  and it installed 8.6.256.

But I can't find any place to download that version, MySonicwall.com only has 8.0.241.
All my equipment is under maintainence and I was curious if anyone had the setup file for that build.

I tried uninstalling NetExtender and downloading setup from my NSA but it just re-installed 8.0.241.

On a related topic can  update the version stored on my NSA 4600 or is that just part of the firmware build.

Thanks,

Ken
0
I have a sonicwall NSA250 and i have a 50GB fiber coming into the office. I want to partitiont he bandwidth allow Vlan1 to get 40GB and Vlan2 to get 10GB. Can this be done in sonicwall?
0
I plan to move somewhere where Google FIber is offered and host a website using a server I bought.

I'm reading three books on Ubuntu Server, and I'm assuming I should buy a business firewall.

Can someone explain how they work compared to software firewall, if you should run both, and link to some possible products that would be good for a web server.

Thanks.
0
Greetings,

The goal is to run dual internet connections simultaneously using an  AT&T PPoE DSL (yes, PPoE DSL) connection and a Verizon 3G/4G Wireless USB Modem and designate specific office computers to use a specific internet connection.
A few of the computers run remote backup jobs that we want to connect to the un-metered AT&T connection.
A few of the computers need to utilize the faster Verizon 3G/4G connection.

Planned Equipment purchases:
One Sonicwall TZ 300
One Verizon UML290 3G/4G wireless USB modem

Questions:
1. Can I achieve our goal with the equipment and WAN connections above?
2. Is there a another method that may accomplish the above? Any suggestions welcomed!

The Sonicwall is the desired device due to the ability to implement Gateway Security Services.

Thank you,

COM1
0
Dear All,

Is there a complete list of Address Objects that I can add into my Foritgate firewall policy?
0
I need some help. I have a client that has moved into an office and is sharing their space. There is cat5e structured network around the building. There is a router with DHCP turned off providing the buildings owners with an internet connection to their network. What I want to do is connect my client's existing switch and windows server 2012 essentials r2 server (which is both a domain controller and a DHCP server) to the existing router (building owner's router) so that I can share the internet connection to my client. Essentially I will break out all of the ports on the network that my client will be using and connect to my client's switch. That switch then connects to my client's windows server. The existing network and all settings work just no internet connection. The server has two NIC cards if that helps at all. The building owner runs their own windows DHCP and domain controller server. Essentially the only physical connection between the two networks would be through the building owner's router. The router does have available ports. Any suggestions?
0
I'm quite new with Firewalls and need some quick configuration tips, make zywall up and run with some basic open ports browsing, email (port 995), chat, youtube. Would like to know what do I get out-of-the-box when I start and switch on for first time my new Zywall usg100
0
Dear Experts,

We configured the management ip address for the firepower.

We can see the tab appearing at the top but the button did not appear.

We restarted the firewall and the tab also disappeared.

When we go back to view the ip of the sourcefire, it is there.

How do we get the firepower tab and button to reappear.

Do we need to configure the access-list?
0
Dear Experts,

I want to activate the FirePower license but how do I do so?

I know I have to configure the IP address but somehow when I did that, it somehow factory resets the whole ASA 5516-X firewall.

How do I get the FirePOWER tab to appear and activate the license?
0
Get HTML5 Certified
LVL 9
Get HTML5 Certified

Want to be a web developer? You'll need to know HTML. Prepare for HTML5 certification by enrolling in July's Course of the Month! It's free for Premium Members, Team Accounts, and Qualified Experts.

Hi,


how to block ransomeware in firewall , and what are the configuration has to do.
0
Hi Experts,

I have created a VPN Tunnel between 200D and 30E.
The 200D has a static IP.
The 30E has a dynamic IP over 4G
Yesterday I created the tunnel with success.
In the evening I switched off the 30E and today morning I booted the 30E again.
I have got a new IP on the 30E and now the tunnel is not coming up.
When I check the IPSEC MONITOR on the 200D I can see the old IP.
Why its not updated ?
0
I have a cisco ASA 5512 wit the below config.

my problem is that I cannot access EXTERNAL URLs, INTERNALLY.

For example, I can OPEN OWA outside and use it normally, but I cannot open the URL internally.  I cannot configure outlook 2016 internally either due to (i would imagine) not even able to reach autodiscover.

I thought it was some sort of DNS issue outside the ASA but it's not.

I narrowed it down to an ASA config by pluggin in the old firewall.

any help would be greatly appreciated.  I'm new to ASA's/CLI, please be patient with me :)
ASA Version 9.2(2)4 
!
hostname global.com-ASAFW
domain-name global.com
enable password Ts8.2CaITYiEag9Y encrypted
names
!
interface GigabitEthernet0/0
 nameif Outside
 security-level 0
 ip address XXX.xx.xx.195 255.255.255.0 
!
interface GigabitEthernet0/1
 nameif Inside
 security-level 100
 ip address 10.0.0.2 255.255.255.0 
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
ftp mode passive
dns server-group DefaultDNS
 domain-name global.com
object service 3389
 service tcp destination eq 3389 
object 

Open in new window

0
Hello,

I have a Sonicwall TZ 300 firewall being used as a gateway router for a network. The IP address scope is 10.1.1.1-10.1.1.255 on the X0 interface.

I would like to setup another network with the SAME IP address scope of 10.1.1.1 etc.. on the X2 interface to build and test another server which is eventually going to replace the server on the X0 interface. This second network has to be isolated from the the X0 interface so the two servers/networks can exist without seeing each other. Is this possible? How can I do this if so?

I have it working now as long as I use another IP scheme (10.0.0.1...) but I want to use the same IP scope to make it easier to transition to the new server down the line.
0
I have a web site on my IIS server, which was accessible on the LAN.  I have two initial goals:  
1)  put the IIS server in a DMZ
2) configure the router so that the web site is accessible from the outside world

I moved the IIS server from the LAN port on my router to the DMZ port.  The router initially had firewall rules allowing access to the DMZ for all traffic from Any to Any.  I created a rule that denies access to the DMZ for all traffic from Any to Any, and then created a rule that allows access to the DMZ for HTTP requests from Any to Any.

I then created a port forwarding rule to forward HTTP/ port 80 to the internal IP address of the server.

I still can't access the web site externally.  And I can't access or ping the server from the LAN.
Ideas on what I need to change here?
Cisco RV325 router

access rules
port forwarding
0
Quick question.

I'm setting up 4 switches with end users connected. Between my core switch and router, I'm planning on putting in a hardware firewall.

Should the default gateway for the switches and PCs be the internal interface of the firewall (Cisco ASA) or the router?

All hardware is Cisco kit.

Thanks
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.