[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Hardware Firewalls





Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi Experts, we have a client that has managed offices , they have leased lines coming into the business with older Junos and Cisco firewalls. What they want is a manged bandwidth approach so that a specific amount of bandwidth can be allocated per client and also should a particular firm need more they can have that and the provider can charge a little more.
We are looking at Sonicwall managed firewall with a product called Bandwidth Management (BWM). Is this the right product to allow us to control how much bandwidth?
There are approx 30 businesses under this one estate , and we were looking at a TZ300 firewall.
They have other sites as well so if this goes well we may introduce it there.
If there are any other ideas what might suit better please let me know.

Starting with Angular 5
LVL 12
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

Secondary VPN Connection Help Needed
We have a location that we are using for data processing
It has a current vpn to our location, they are setting up a failover connection to another ISP
How to setup a second vpn connection to the failover ip on the Fortigate
the Fortigate side does NOT have a secondary wan connection only the head end at this time
Do not need someone else to configure it for me just trying to find where to get more detail we have begun working on the Fortinet side, but keep falling into trouble when trying to setup the backup vpn on the Fortigate site
Just a gentle nudge towards to where to find this solution been scouring the net for hours so far
I blocked gamble.com for my company but still can access. We have sonic wall.
We have been using TMG 2010 Server as an front end protection for our network. Now we bought FortiGate 201E - UTM bundle.
We are planning to migrate to FortiGate 201 –UTM Bundle
Can somebody help me on how to install and configure it so everything that was working with TMG 2010 Server works with Fortigate 201E.

Thank you

If I am running a tcp ping tool on a virtual windows server that is hosting my website also, would it be possible to use the tcp ping tool to ping the visitor of my website to record the latency/round trip time without the stateful firewall blocking it?

The issues I came up with would be that all/most home-based firewalls are stateful firewalls, tcp communication can use only one IP and one port(if I am correct?) per application (website in this scenario). So I would have to have the tcp ping application listen in on the port using another IP, or open a new port (and IP) to communicate with the same website user. So my second question would be: would the stateful firewall block this communication since it is from a different port and/or IP even though it's on the same web server?
Hello gents,

I am at a customer site and they have a server in the internal zone, the network has Cisco ASA firewall.

They have a developer and on the server he wants to open ports 7000-7200, Do I use the Cisco ASA to open these ports ? or is this done on the server only.

I am not sure how to address this I need clarity on such type of requests from clients,

Recently we receive one project, we found that that is unusual network setup because the given the router TP-Link AC1200. Usually we are using MSR930 or Cisco Router as WAN router so that we can use the Public LAN IP given by ISP in our network (Scenario 1).
To overcome this issue, we are connecting the ONT to our Firewall WAN port directly and now we are thinking how to use the public LAN IP for our devices. Someone is said we can create VLAN or secondary IP, but I don’t have any experience for this setup
I hope that some expert can advise which is correct option and how-to setup in our SonicWALL TZ600.Thanks
Hi All

I have a Session Border Controller attached, at the moment, to a Sonicwall Firewall; is it safe, or sensible to take out the connections from the Sonicwall and have the SBC connected directly to the ISP?  I am difficulties getting the Sonicwall to pass SIP to the SBC.

Thanks in advance
I have some new VoIP phones and for some reason they will not configure on my clients network, when i took them home they work perfectly. I tried Wiresharking on a hub to capture the traffic, however i am at a loss as to what it means of what is causing the issue. The DNS is our Win2012R2 server and this then forwards on to the public Google servers.
Dear Experts, based on your experience, what are the important parameters that you will focus in defending DDoS attack when choosing Firewall model?
Many thanks!
OWASP: Avoiding Hacker Tricks
LVL 12
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

I want to change an ip range's dns-service from default to a policy I created.

current CLI:

set dns-service default

what would the commands be to change?

We have a Sonicwall that we are trying to set a 1 to 1 NAT WAN > LAN for a specific device for FTPS access.

From what I can tell the configuration appears to be correct, it's probably something really straight forward that one of you wizards can pick up on..

I've attached a screenshot of both the NAT policy and Firewall Policy.

There is nothing in the Sonicwall logs to indicate the traffic is hitting the Sonicwall oddly.

Any ideas guys?

Windows firewall ports (990) have been opened on the server in question .

External port scan on the public IP shows port 990 closed still.
It’s about network- we are using SdWan Velo Cloud switch for all our satellite offices . We are connected through MPLS technologies. Wr have one centralized SW firewall control all traffics in cordination with Velo Cloud switch. Dhcp, vpn everything enabled on the Velo Cloud switch . My perception is that, one Hq s firewall is well sufficient to protect our all offices or suggest me if we need firewall for our all offices?
Hardware Firewalls
I need to configure a basic zone based firewall rule on a Cisco 4331 to block most common attacks from the internet.

The Problem:
I'm having some issues with latency and slow uploads after having attempted to configure a zone based firewall rule on a Cisco 4331 Router.  

Further Details
A customer has a 100/100Mbps Fibre link and when directly plugged into a laptop, it comes very close to those speeds. When going through the Cisco router (without a firewall rule), it is around 90Mbps down and 30Mbps up with a latency of around 30ms (so something is already not quite right on the Cisco in regards to the uploads). With the zone firewall rule configured in the config below, it is still around 80-90Mbps down, but the upload is significantly further degraded to now only 4Mbps, with a latency of close to 200ms!

Also to point out, the ISP requires shaping which is why there is a shaping rule configured below as well:  
shape average 100000000 98000000 0

Open in new window

I'm very new to configuring Cisco routers, so I need some help as to where the problem might be?

Thank you.

Here is part of my Config:

class-map type inspect match-any internet-traffic-class
 match protocol http
 match protocol https
 match protocol dns
 match protocol icmp
class-map match-any CCP-Transactional-1
class-map match-any CCP-Voice-1
class-map match-any CCP-Routing-1

Open in new window


I was told we are joining a new company who has the same IP scheme as our present company.  How do we resolve this issue with the least amount of time?  Can you provide some documentation as to the process, maybe videos from youtube or some where?  I believe they are in a data center environment and was told they are the same IPs, but some how we need to connect them together with the same IP scheme?
I wanted to know, within Palo Alto, how to connect a secondary address for fault tolerance regarding our ISP provider.  I'm new to PA and need this info quickly...not sure if I'm stating the question properly...

I basically need to make sure our PA devices how a second way to communicate to the outside world, just in case our primary ISP goes down.  

Can you also provide some documentation and maybe any videos as to the process.

I have a PFsense router at my location and there has been some malicious activity coming from a device on my network.  Our ISP has notified us that they think that it's a problem with port 23 and if I block it that should fix the problem.  I've blocked port 23 outbound and inbound on all of the interfaces.  The complaint to our ISP gave a reference to BitNinja to check on the malicious requests sent from our network.  Here's a copy of the last request:

    "PORT HIT": "98.#.#.#:21349->185.#.#.164:8899",
    "MESSAGES": "Array
                [01:36:54] => REMOTE HI_SRDK_DEV_GetHddInfo MCTP/1.0

I see that on 11/2/18, the malicious activity was on port 23.  Now, today I see that it's going on port 5680.  And the latest request was 8899.  

I don't know what device is doing this.  I've scanned the network and don't see any unknown devices on the network.  Here's something strange that happened.  There was a car in our parking lot with dark tinted windows and ghetto rims.  He was always gone when I came by the office.  I was talking to someone in the office and they said that that strange car was back.  I asked if they saw the driver.  She said that he was sitting in the back seat.  I remoted onto a computer in the office and scanned the network.  An IP address showed up that shouldn't be there.  I pinged it but it didn't respond.  …

Have a smaller client that has been using a Cyberoam CR15ing for quite a with a Google Fiber connection and a LAN of about 15 endpoints. They recently moved, but the ISP is still Google Fiber. They had to leave the GF box, but we configured the new one identical to the original. So the only difference should be the public / external IP of the GF box - which is set with the CR15ing as the "DMZ" (all traffic passed through to this device). This is bridge-mode setting for the GF box, but the Cyberoam still gets an internal IP on its WAN side. Not sure any of this matters, as the exact same config worked for years at the previous location with same ISP, same hardware, act.

At the new location, the internet connection and outbound traffic seems fine, but the inbound is not working right. Some traffic is getting through, but it seems selective. The FTP virtual host / port-forward is not allowing a external connection, but I cannot figure out why.

The firewall logs are not showing anything hitting port 21.

Also, we keep getting a flood of Local ACL denied events in the firewall log.

See screens below. Please advise if you have any ideas.

Our time clocks communicate with several IP Address and I need our Cisco 501 Pix firewall to allow inbound/outbound (two way) traffic to and from this list: - - - - - -

All for HTTP (80), HTTPS (443), SMTP (25) ports
Attached is our Pix 501 config file.  It is not clear to me if the access-list acl_out properties are set up correctly and if I need to additional lines for fixup protocol.

Also, does the Windows DNS Server Firewall setting need to be modified or added to?

CompTIA Security+
LVL 12
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Trying to get a simple port redirection working on an ASA 5506 (9.9.2):

1.  Only one IP on outside interface, so all internal hosts are using PAT for external connections.
2.  Need HostA ( to have requests to outside interface on port 80 forwarded to it.

Diagram shows what I mean.  Requests TO should be forwarded to  No other traffic needs to be handled inbound.  Outbound everything should continue to use the interface IP, which I have configured as:

nat (inside,outside) source dynamic any interface

I'm having trouble getting it to do the outbound translation.  I did a network object for the host and added the NAT argument in there:

object network host-10-0-0-10
      nat (inside,outside) static interface service tcp 80 80

Then I added an access list entry:

access-list outside_access_in line 1 extended permit tcp any object host-10-0-0-10 eq 80

I can see doing a show xlate that the hosts are making outbound connections on random ports, but I don't see an entry for on port 80 like I thought I should.

So the simple question is how do I get requests to to forward to
Hello Experts,

I want a generate a utilization report from ASA outside interface, I do not see any tools as such except for cisco prime infrastructure. Can we generate Egress report ?
Hey Folks, were trying to move DHCP off of our Firewall right now over to our Server that is running DHCP. I take it that as long as we have identical scopes including the reserverations and changing lease times for our machines to get new DHCP leases, we shouldn't see any issues arise. Is there anything else to take into consideration before proceeding?
Hi Experts

I just setup a Cisco Firepower 2100 appliance and the setup is completed.
But I can access the device only via management interface which is

I need to access the firepower mainly from outside, how do I enable management access for "outside" interface ?
Post by:abcd ab0111s
How to access my Dell sonic wall from my phone?
Hardware Firewalls

how to understand this error and resolve it correctly. tks


Hardware Firewalls





Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.