Hardware Firewalls





Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

Sonic Wall Configuration Help Needed
we need to setup sslvpn and site-to-site vpn configuration on two sonicwall and one cisco asa5506
we know the cisco side but we inherited the sonicwall firewalls
JavaScript Best Practices
LVL 13
JavaScript Best Practices

Save hours in development time and avoid common mistakes by learning the best practices to use for JavaScript.

Sorry for such a noob question.  We have a Watchguard T35.  Right now it has a Branch to branch VPN set up to another watchguard.

It also has the capability to make a vpn to a specific computer that's on the road, right?  What app(s) can be installed on the windows 10 computer that can do that?

Preferably free.  Does watchguard include software to do that?  Is there a standard the software needs to meet (does Watchguard have their own proprietary way of talking to endpoints?  or an vpn software works?

We are having an issue with resolving a website address internally.

Our original company website www.123.com, was redesigned and is now named www.1234.com.  Typing in www.123.com will resolve to www.1234.com.

However, if you are connected to internal internet and enter www.123.com, you resolve to www.123.com and you do not get forwarded to www.1234.com

This only happens with desktops/laptops, phones resolve properly.  Have tried with systems that were not part of local domain, issue is the same as long as connected to internal internet connection.  The website was never hosted internally.

We've looked through our Sonicwall tz400 and can't find anything.  Nothing on Barracuda web filter either (wasn't likely, but had to look).

Where could a rule/setting to cause this exist?

We are using SonicWall Model : 3600 and Firmware version : We are facing frequent disconnection problem of users session.

Please find the attached image for your reference.

Please advice.User-Session.PNG
I'm trying to allow WOL from the WAN (X1) to a PC on the LAN (X0)
I used IP helper , but  i can see in the packet monitor it is dropped
How do I trace the problem ?

Packet number: 31*
Header Values:
 Bytes captured: 144, Actual Bytes on the wire: 144
Packet Info(Time:06/14/2019 02:23:08.576):
 in:X1*(interface), out:--, DROPPED, Drop Code: 702(Packet dropped - Policy drop), Module Id: 27(policy), (Ref.Id: _1857_qpmjdzDifdl), 1:0)
Ethernet Header
 Ether Type: IP(0x800), Src=[cc:e1:7f:7f:e8:07], Dst=[18:b1:69:bc:d8:29]
IP Packet Header
 IP Type: UDP(0x11), Src=[], Dst=[]
UDP Packet Header
 Src=[49666], Dst=[7], Checksum=0x1ea7, Message Length=110 bytes
Application Header
 Not Known: 

Open in new window

I current have a customer that is constantly being readded to a blacklist . We have done some analysis of the firewall logs and notice a Mac address that is constantly occurring with a description of port scan detected. We have done analysis all switch Mac address tables and we are unable to find it . The IP address associated with the Mac address keeps changing and is also at time a public address . We also segmented the network and disconnected all wireless routers for a time period however after some time the same error reoccured .
I had this question after viewing Packet drop, No valid adjacency, ASA 5516x.

- We have a Cisco FirePower FTD with 2 WAN ports configured for DMZ purposes.  Our Infrastructure switches are Juniper EX-3300 and core router is Juniper EX-4550
- Each WAN/DMZ port is configured with DMZ A address 192.168.aaa.aaa/29 and DMZ B address 192.168.bbb.bbb/29 respectively, and those WAN/DMZ ports connect to ports configured with matching L3 vlan inet subnet interfaces on our core router
- The L3 core router ports are configured as ACCESS ports and have corresponding /29 Gateway IP OBJECTS created on the FTD (for use in the routing config)
- DMZ Host A is on the same LAN as our core router configured with DMZ C vlan 192.ccc.ccc.ccc/24
- DMZ Host B is on a different subnet across a P2P WAN link configured with DMZ D vlan 192.ddd.ddd.ddd/24
- Under DEVICE > ROUTING I have DMZ Host A Interface configured as ipv4, DMZ A Gateway IP, and under Networks I have: DMZ C Default Gateway IP, DMZ C /24 Subnet, and DMZ C Host Object
- Under DEVICE > ROUTING I have DMZ Host B Interface configured as ipv4, DMZ B Gateway IP, and under Networks I have: DMZ D Default Gateway IP, DMZ D /24 Subnet, and DMZ D Host Object

- Under SECURITY POLICIES > NAT, I have 2 policies each:
  - (outside, DMZ A, Dynamic) DMZ Host C Public > DMZ Host C Private
  - (DMZ A, outside, Static) DMZ Host C …
I am running an external pen test for a client and I want whitelist the scanner ip address before running the penetration scan. any idea how to do this in
Hi Experts,

Could anyone please explain to me the different options and items from https://www.canadianwebhosting.com/webservice/managed_security/

as well, the difference between software and hardware firewalls.

Thanks so much.
I have a new SonicWALL TZ400.  I am replacing at TZ215.  I have exported the setting from the TZ215.  Now I need instructions how to import them into the TZ400 and then change it on our network.

I believe I need to connect it to a computer then go to the browser, but I am not sure.    Need details please.
Python 3 Fundamentals
LVL 13
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

I'm currently looking for a system that has the ability to validate whether a device is 'company owned' based on a MAC address.  If the MAC address is not a company owned device, network services would be denied to the device.  

In our network, we use Cisco ASA devices.  From what I can tell, this is not a feature that could be implemented in the ASA itself, however I was wondering if there was a way to implement this somehow in the ASA?

My questions are these:

1.  Is there an off-the-shelf solution for this? and
2.  Is there any way to implement this type of control in an ASA?
I have a situation where I am using BGP for route propagation over my IPSec tunnels.   What I am observing is that learned routes through my major hubs are being reflected and advertised to lower level sites.   I am trying to get this to stop.   It seems that sites that are not intended to talk with one another and do not have defined tunnels are instead learning routes through my corporate office.      How do I get ONLY the routes defined for each site to be advertised and not all learned and connected routes from being advertised?   I am using Fortinet appliances.   This seems like it should be something fairly simple to accomplish.  

Thanks in advance for your help
Hi guys

I've been tasked with being able to secure the network perimeter at various sites. One of the vulnerabilities I am seeing is that at the main offices, I could easily plug a device to a port and get an IP address assigned to me. Now, of course I can't access things on the domain without having credentials.

But one of the things I thought of was to perhaps lock down all ports on  network switches so that they are inactive (other than those already active for current staff) and only turned active when we know who wants to plug into the network and when? So that we can track it on some sort of sheet or portal?

We're talking each site consisting of around 250 people and there being over 5 to 7 sites.

How would you manage it?

Thanks for helping
I have an issue with Fortigate 200e inter-vlan routing.  The 200e is running as a firewall and switch, there are no external devices

This is a new set up and one of the vlan cannot talk to another vlan.

Can anyone assist me setting up my vlans? Thank you
Configure new Meraki MX84 to replace NSA Sonicwall  I am getting an issue when trying to add to meraki the "address objects" from the sonicwall. I am not in the building where meraki is to be setup. I also have it setup with DHCP on my network but the IP is not in use from the statics provided from ISP.

i get the following error when i try to save.

There were errors in saving this configuration:

    Static lan route subnets cannot have the same subnet.
    The static LAN route "X1 IP" has an invalid next hop IP. The IP address 174x.x.17 is not on a configured subnet.
what are the steps to do a manual configuration backup of SonicWall firewall?
We have internet cameras that can be accessed in the office for our shop yard.  When a user tries to use the app on their iphone outside of the network it fails.  Won't log in.  The manufacturer says that I need to login to my SonicWall firewall and point a certain port to an ip address of the server running the camera software.  How would I do this?
GRE Tunnel Vs IP Sec Tunnel
I have done some reading online to understand the Difference between GRE Tunnel Vs IP Sec Tunnel, but it is not clear enough

IPSec  as well as GRE Tunnels encapsule IP Packets
IPSec encrypts the Packet , but GRE Does not.

SO when should I use IPSec and When should I use GRE ?

Thank you
Dear Guru,

As a presales Engineer, i would like to know if there is any reference websites to understand how to size a firewall ie what parameters to consider while selecting a model , as i am worried , that solution shouldn't undersize or oversize the requirement

BR ,
Become a CompTIA Certified Healthcare IT Tech
LVL 13
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

I have a branch office with a 400MB/s internet connection. I would like to be able to connect to our main office, which has an ASA 5520 via site-to-site VPN.

The branch office would need a device capable of delivering the full internet speed to local machines, and via split-tunneling, direct main office traffic over the site-to-site.

Recommendations? Budget is somewhat of a concern.
Hi, i have 2 Cisco ASA 5506 firewall with Sec+ licenses. I am configuring them for HA as well as WAN failover.

Now, on the WAN failover side, do i need to have unique public IP addresses for both WAN links to each firewall?

For ex:
WAN1 (ASA1) -
WAN1 (ASA2) -

I know on sonicwall this is not required.
I have an existing site-to-site VPN from an ASA5505 to a 5520. Both have static IP addresses currently (one is at my house, one is the home office). Recent changes with my cable provider will result in my losing the static IP at the house... How I can I maintain the site-to-site if my end winds up getting a dynamic IP address?
Hi Guys,

In SonicWALL TZ400 I have one incoming connection (X1) with 5 x public IP's.
I need to NAT 4 x internal hosts on port 443.

Is this possible with only one incoming connection on X1?

I am upgrading a network of around 70 users, with 3 busy vlan, 3 rj45 Wan, layer 3 . with large attachments probably the heaviest load.

Am wondering if anyone has any experience or input on:

1. Whether adding UTM will requirr a device larger than say 100d ?

2. Can UTM be split with say a 90d for email (gmail for business) and another 90d or 100d for other functions.

3. or just a larger unti with all UTM on ?

thanks in advance

hi guys

We're currently in talks with having our emails encrypted when sent out. We're on O365. Now, we would need to define exactly who needs to send encrypted emails.

But as it stands, the only work around that is being used is configuring O365 so that when the subject line 'encryptme' is inserted, that the message is then encrypted. I find this too be far too manual and people will forget.

If we were to use something like a smarthost  like Symantec or Mimecast, would that encrypt the message and get rid of all of our woes?  We have Checkpoint 12200 firewalls in place, i wonder if they could be of any help.

Any recommendations are most welcome.

Thanks for helping

Hardware Firewalls





Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.