Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have been hit with ransomware.  Please see the attached screenshot.

The file extensions have been changed to STG.

They hacked into the network, created admin users and made them part of the Admin group, created shares etc.
0
The Firewall Audit Checklist
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Dear Experts
We have hosted application on-premises which is behind the firewall.  the application runs on Ubuntu 16.4 server OS and with the components of apache2, mysql5.7, php7.x. This application has to be accessed from the external network( though the internet) which is located in other county from their office where the users will be behind the firewall.  we have to allow the access to them hence I have asked to share their gateway ip so that I can enable access only to this IP.  our hosted application by itself has authentication however we would like to add one more layer of authentication but the remote users will not accept any client software installing on to their local systems like vpn client or OTP SMS, or pass code call back.  They only prefer web based access to the hosted application and they are okay if we send the second level security pass-code to their official email so that finally we can achieve 2 level of authentication which is in additional to allowing their IP only to connect to our network.  Following were my recommendations
1.      Over internet (leased line circuit) Site to Site VPN between their firewall to our firewall so that end users will not have any additional efforts or vpn client not needed, this they denied as their IT policy does not permit to configure their side firewall
2.      Suggested MPLS VPN between their work location to our network but this also been rejected.
Now I am thinking of some solution like placing the Cisco ASA SSL VPN…
0
Sonicwall NSA 2600 intermediately blocking certain PCs from Internet Access.  Just started a couple days ago and nothing has changed on the Sonicwall.  Randomly 2 PCs (that I know of) will be blocked from Internet & site-to-site VPN access until the main Sonicwall is rebooted.  Then connectivity will be restored until the Sonicwall blocks them again.
0
Hi, Guys, want to compare Sonicwall NSA 4600 and Juniper SRX 3400 in the aspect of security and reliability. Please help me to choose the best FW for my organization.
0
Hi all,

We have a VPN tunnel between two Sophos firewalls.

Location A = 10.102.0.0/24, 192.168.99.0/24 (VLAN99)
Location B = 10.102.1.0/24

The VPN tunnel is UP and communication between the main networks is working properly.

From site B, however, the DMZ network (VLAN99) in site A is only limited reachable.


From Site B -> I can ping the gateway (192.168.99.1) but the Printer (192.168.99.14) is not reachable. I should say only the gateway is reachable everything else can't be reached through the VPN tunnel from side b.

I have attached a screenshot of the VPN tunnel configuration of both sites.

Thanks in advance.
connection-between-site-a-and-b.png
0
Dear Experts

We would like to restrict users from internet (though they have login for the application server)  our objective is  users who have application login access  should still be allowed based on their mac address,  first level at our firewall check mac id allow or reject then second level application level authenticate , we are completely okay to allow the users who work from remote office which has strong firewall but the same users from their home or internet then mac id to be checked and it is not from the accepted mac id then it should deny the access . application is webbased linux , apache and mysql .below are my doubts
  I have been as asked this to implement however I am not sure the users who access this application is from their office  behind the firewall and they will have to pass their firewall in this case will it be still possible to validate user mac addess and grant or reject access from our firewall,  is this possible ,  through vpn is fine but what if vpn details are known to others and if they access from their systems hence mac restriction is been asked, can you please suggest control based on mac is it good to go or is there better solutions , thanks in advance.
0
Trying to setup a Remote Access or ConnectAnywhere VPN on a Cisco ASA but not having any success.  This is an existing device that we took over.  Ran through the Wizards for both with no success.  For the ConnectAnywhere, the website it created for the client/config download won't even show up.
0
Just upgraded a client from XFINITY internet to Hargray fiber.  The password to the sonicwall got lost so we reset the sonicwall to factory and set it back up with the new PPPOE settings for Hargray.  Everything seemed to be working fine until hours later when employees started having issues with a few certain websites.

Cannot reach some websites.  The main ones I have found are AOL.com, the local Tax Assessor website, and XFINITY email.

AOL.com and the Tax Assessor site gives : This site can't be reached ERR_TIMED OUT

XFINITY Email gives :  This site can't provide a secure connection    ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Another issue I noticed after looking at their issues is that I can't get the sonicwall to register.  When I click Update your registration button, it will not connect.  It also says in the Status at the bottom:  Dynamic Update Connection Failure Detected.  Please refresh to re-activate dynamic updates.

Mysonicwall.com shows the device as offline.  It's like it can't connect back to the site.
0
Customer has a watchguard T10 firebox firewall for a pos system.  The POS server connects directly to the trusted network port. no other computers connect to that network.  

Customer wants to setup an access point for wifi.  The watchguard has a 3rd port.  I want to activate it as a second network and allow wireless devices to access the internet.  

The watchguard firewall does not have built in wifi.  We purchased an access point that we plan to connect to the 3rd port.

This is a restaurant, there are no office pc's or network printers.

Need suggestions on policy's, the device has contenfilter subscriptions.  I want to enforce them on the 3rd port too if possible.
0
Configuring Sonicwall NSA 3600 emails. I am having an issue configuring an NSA 3600 unit. it sends a log file nearly every few seconds.  Is there a way to configure it to just send the log daily?
0
Upgrade your Question Security!
LVL 12
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

If you have a Sonicwall to protect the network and Anti-Virus on each computer/server, is it safe to turn off Windows Firewall?
0
Hello Experts,
I am trying to configure SSL-VPN web mode on my Fortigate 100D on 5.4.4 FW to allow remote access to my file server without connecting via FortiClient. I am able to log into it and am presented with the VPN homepage. I see the bookmarks I configured. One is an SMB/CIFS  type mapped to my file server share that the user account has NTFS read access for on the server. When I open the bookmark, a new browser tab opens with a new login screen. I enter my creds, but the next page load hangs, eventually failing with an ERR_EMPTY_RESPONSE error showing on my browser. I have also tried fully qualifying the username by prefacing it with domainname\ with no luck. I also tried the domain admin account.

If in the portal configuration, I change the bookmark's Single Sign-On option from Disabled to Automatic, the same behavior is exhibited except I am not presented with the second login screen, it just goes straight to the hanging page load in a new tab.

I have an IPv4 policy to allow the VPN-authenticating LDAP user group access to the file server for SMB. Its incoming interface is the SSL_VPN tunnel interface (ssl.root). I couldn't even log into the web mode portal until I added this policy, so I know it is doing something. Just to test whether this policy was too narrow, I opened it up to accept all sources, all destinations, and all services. No luck. (As a side note, strangely just having this policy, which again only allows access to the file server for only SMB…
0
Hi - I'm working with an older Sonicwall TZ 100, where the firmware was last updated in 2009 (Sonicwall Enhanced 5.3.0.0.-160 - May 21,2009) and they've been having some flaky internet issues, and I'm wondering, being that the firmware is so old, is it ok to update to the latest version from a version thats 9 years old? (the latest appears to be version 5.9.1.10-1o - Oct 2017) Has anyone ever done this with firmware that old, and will I have any issues? Any help would be appreciated - thank you
0
Hi guys,

I know juniper has a default username “root”
Is there any way to change the username root to some other name ?
If root cannot be changed. Any ideas to secure  admin user account of juniper ? Because if it’s root, I think it can be easily guessed
0
I have inherited several small business customers with 1 - 3 PCs in their office.  Most run Norton Security.  A few get hammered with viruses constantly.  

I am under the impression that a hardware firewall would give them a significant extra layer of security.  Is that correct?

If so, I would like to find out if there is a hardware firewall device I could use for all of these customers, regardless of what type of router they have, that is reasonably priced AND easy enough to manage.  To me, a reasonable price for a small office might be a few hundred dollars.  And "easy to manage" would mean it is as simple as Norton Security, where all I ever have to do is set up a firewall rule so they can access their shared data on one of the PCs on the network.

If such a device exists, please point me in the right direction, along with any details and pros-and-cons.  Or, if I'm off on the wrong track here, help me understand why.  TIA
0
All of a sudden last Friday, users have started having problems accessing some secured (banking, CC processing) sites & I'm not finding any indicators as to why.
I'm running a sonicwall TZ 300 & can't seem to find any info in any log files that would point me in the right direction. when going to certain sites, I just get a waiting for site message on tab & page never loads.
any suggestions?
0
I have a Sonicwall NSA 250 appliance and I want to enable remote administration to one of my available public IP addresses using https.  Trying to set remote administration on the Internet WAN interface always directs it to http and not https.  How do I set this up?
0
I am unable to access our Cisco ASA 5505 via ASDM because we don't know IP address. We were setting up the ASA to act as a DHCP server and made a mistake and changed the IP address. We have the credentials to access it via the ASDM but without the password it won't work. I've tried to access it using Putty but it's asking for a password we don't have.  Is there a way to figure out what IP it is set for?
0
can we use letsencrypt certificates for Sonic wall firewall.
issue: DPI SSl is enabled for users & firewall self signed SSL certificate is pushed to clients by GPO. but when applying the filtering rules for mobile users (smart phones, Iphones, IPads & other computers that are not part of internal domain) they get SSL not trusted error. cannot perform https filtering with this error. so is there any way to use a publicly trusted certificate for my sonic wall local IP or any workaround to filter https for those clients.
Sonic OS 6.5 later  

thank you.
0
KuppingerCole Reviews AlgoSec in Executive Report
KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Can you recommend an ISP for our small remote Sales office at New York City? We need 10-20M bandwidth with a backup line. The ideal ISP can provide a separate backup line -- meaning once the main line is failed the WAN connection would switch straight over to this backup line. And the backup line is included in the cost of main line.
0
I'm looking for some guidance on how to allow Remote Users to access system applications. We currently are running a phase 1 setup where users are sent home with company equipment and use Sonicwall Global VPN software and Remote Desktop to remote into their own computers, located on site.

This is not, however, ideal, as it requires equipment on both ends.

Ideally what I'm looking for is to have a way for a user to have equipment at home, use a secure VPN connection with the Sonicwall Global Client, and then have the user access a desktop that is not in use. One way, obviously, is to have a bank of PC's with one dedicated to each person, but this seems cost prohibitive. So my thought is a virtual desktop.

I currently have two Windows 2016 Servers running my main system, including DNS and Active Directory, among other, core services. Is there a way I can build virtual desktops within that server? Should I have a separate server dedicated just to this task? What would be my starting point? Would I use Microsoft's built in Hyper-V? Would I use VMWare in some way?


The first group will probably be only 5-10 users, though this number may go up. I know there are options like Citrix which would provide a web interface but the way our applications are setup they would require a direct connection and so I don't know if Citrix and the like would work, though I am looking into this as well.


We have hundreds of available DHCP over VPN connections through our …
0
Dear Experts,

I am about to do a VPN entry in an ASA firewall ASA5515.

The thing I don't remember how to do is create a copy n the nvram in case I need to reboot the ASA  so it restarts with the saved configuration.

I mean if need it reboot the firewall so it goes back to the previous configuration.

Thank you!
0
I have a Cisco ASA 5505 configured to send netflow to a flow collector.  I need to disable all firewalling on the ASA so it just routes (no NAT).  This is for a lab deployment to measure flows through the firewall, but not block any traffic.

I don't know how to configure the firewall to accomplish this (I want to use the 5505 and not some other device due to its supporting Netflow v9, and it's freely available in the lab for me to use for this purpose).

Or do I just set both interfaces to be "inside" named interfaces with similar security levels and that will accomplish the goal?
0
Hi,

I have five locations that have Sonicwalls and all five locations are connected by VPN.  The contract is up with the five Sonicwalls and the contract is up for renewal.  The owner wants to consider installing a different VPN firewall at each location.  He's has not been very happy with the Sonicwalls and doesn't want to renew the contracts for the Sonicwalls.  I've used Sonicwallls in the past and don't have any problem with them but the boss wants a change.  Each location has 4-5 Windows 7 or Windows 10 computers.  The owner wants to know if the Ubiquiti Edgerouter would be a secure solution using site-to-site VPN.  I've used the Edgerouter before but never in a situation like this so I don't know if it would be a good solution.  I was thinking about looking at a Fortinet VPN router to replace the Sonicwalls but I want to see what your suggestions are.  Why or why not would you recommend going with a Edgerouter for a site-to-site VPN between 5 locations?  Would Fortinet or Ubiquiti be a better (better value--same level of security) solution as a Sonicwall replacement?  Is there a better (better value) solution?  Thanks in advance for your help!
0
our two ADSL connections has download 12 mbps and upload 600-700 kbps . one of our application vendor is connecting via webex and informing us connection is very slow. but when we check with the  auto desk /ammi or teamviwer  working fine . what is the minimum recommended  bandwidth for this activity .
1

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.