Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I would like seek for expert advice for my diagram attached ,I am not strong in networking ,our company has purchase new device sonicwall TZ600 ,Aruba 2930F and HP 1950.Please review to the picture I send ,please guide me my question below:

1.For the firewall Uplink in the switch port how do I configure eg .untagged Vlan 100 or 6 and do I need to tagged Vlan ?

2.For the firewall interface which s configure 192.168.100.254 d I need to do anything ?

3.For the downlink and uplink switch to switch what should I configure ? because in cisco I notice that just trunk all and HP is untagged and tagged so which Vlan should I Untagged and tag ?Vlan for Uplink
0
Redefining Cyber Security w/ AI & Machine Learning
LVL 1
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

We has been order to OSPF Designconfigure the  FW follow the instruction but we a new to OSPF .I would like to seek for advice ,from the diagram i need to configure my FW1 INT:X3 172.16.32.1 and INT:X4 172.16.34.1 and FW2 INT:X3 172.16.36.1 and INT:X4 172.16.38.1 ? how they configure the switch ?This design havine any issue ?OSPF Design
0
Dear wizards, can you please recommend some best models of Firewall appliance?

The requirements are:
- Can detect and automatically block network attacks (IDS/ÍPS), virus, worms, volummetric ...

- Including routing, HA, failover features

- Reliable
0
I need to know whether my fortigate 60d is blocking outbund traffic from an internal IP.  Wireshark shows that traffic is hitting the firewall from the internal IP.

How do I accomplish this using fortigate gui or cli?
0
I am unable to connect to a remote site using Citrix Receiver software through our SonicWALL NSA 2600 firewall.
This is the case on several machines behind out firewall, when I test on a computer outside of out firewall the Citrix Receiver works OK.

The remote site is a vendor's site that we have no control over and they require that we use Citrix Receiver in order o connect to their web-server, the connection will not establish though and just gets stuck "negotiating" the connect. Or the reciever disappears and a black window appears instead of the remote machine.
 
cixtrix-reciever.jpg
0
I am converting to SIP at a company site.  I set up the fortigate 60d identical to another one of our company sites where SIP is already implemented.

The SIP Cloud provider tells me that the firewall is not "passing confirmation packets  the phone system (PBX) sends out when it detects an incoming call",
and this is causing their system to transfer the call to our failover number.

I have opened up all requested ports (TCP/UDP etc), configurd policy,and QOS to high priority- everything they suggested, and as I mentioned earlier, it is configured exactly like our other site's fw.

I suspect it is a configuration with one of their servers.  In any case, Logging for all events is enabled in the firewall policy.  How can I tell if the firewall is blocking/not passing back the confirmation packets they SIp provider mentions?
0
Dear Experts
We have hosted SugarCRM application on premise and for external users we have configured firewall that is hardware appliance fortigate 60C to function as SSL Web VPN where the users login to the firewall appliance portal and from here they access CRM application, they are able to login to the CRM through the  web VPN portal but the dashboard reports are not showing up, it shows blank dashboard but when we access directly to the CRM application we are able to see the dash board reports, please help me understand to where things are going wrong and how to fix it please.
0
Need to close an open port on Cisco ASA 5505 version 9.1. I have a compliance issue with port 5555 and need to block it. I know I need to create an ACL but want to make sure I configure correctly. I am also completing these changes remotely.
0
My client has a SonicWall TZ 105 firewall. Their network was hit with Ransomware. I need to determine whether encryption was the only malicious activity or if data was compromised. I know the date and time of the malicious activity.

How can I print a report of:
Outbound network traffic to all or specific WAN addresses by date and time?

Thank you very much for your help.
Bob
0
I have an ASA-5508x, adminstered by a vFMC. Both are running 6.2.2.1. Note that this is FTD, not the older ASA software.

I have a server behind the 5508, in a DMZ, that I want to have send email via an SMTP connection to Office 365. The problem I am seeing is with the FTD perfoming "SMTP inspection" mangling the SMTP session. This can be seen when I telnet to port25, and see a heap of asterixes.  ie
220 ***************************************************************************************.

Open in new window

This, unfortunatly, prevents my application from being able to start a TLS session, authenticate and relay.  

I am trying to figure out how to turn this off. I have checked the rule that is allowing traffic on port 25, configuring NO intrusion policy and NO file policy, but SMTP inspection still seems to be occuring.

 

How do I disable this, and have SMTP traffic pass unmolested?

It would be preferable if I can do this in a rule, or in some other way make it apply to just a single host, but if it has to be implemted globally that is workable.
0
Managing Security Policy in a Changing Environment
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Need to setup a Cisco Asa 5500 to allow only certain ip4 addresses in from the wan to the lan on ports 5060, 5061 tcp and udp.  I want to block all other ip4 addresses from the was trying to access port 5060, 5061 tcp udp from the wan to the lan
0
Dear Experts, in this diagram, can we use Cisco router instead of ASA Firewall 5515?

diagram.png
We'd like to setup the failover between Routers/Firewalls. Is there any other diagram which we can achieve it?

Behinds the Router/Firewall, we have Exchange 2016 servers, Active Directory servers, ERP servers, SharedFile Servers. Which ports/configurations should we consider to allow traffic through Firewall/Router? Many thanks!
0
how to allow IMO messenger through a firewall. viber & whatsapp can allow through firewall ports opening. but IMO seems to connect using port 443. if i have static IP range or port range then I can allow through firewall. I am using PFsense with squid proxy.
0
HI !

I have a problem accesing some sites, i checked my ip and i found  that my ip is listened in XBL, i tried to remove from that list but nothing, can anyone help me with this issue.

Thank you
0
Can someone tell if this connection is normal?  for some reason I have several computers that has about 1000+ connection to microsoft.com.edgesuit.net.    Please see attached file.  - thank you
0
We have a customer that is moved to NBN here in Australia, as a result, we have to replace the router in front of the Cisco ASA firewall.
We have applied with the ISP to get additional external IP address (been given 57.65.54.65 as the main IP address, and 203.234.234.232 /29) as the extra IP addresses as we have two servers in the network which both need port 443 accessed externally.  We have created DNS records and are hitting the ISP router fine. We have setup forwarding on this router to forward the traffic to the outside interface of the ASA.
However, we having issues getting the traffic to relevant servers inside the network. As per diagram, we need port 443 on 57.65.54.65 to forward to 172.16.1.10, while the extra subnet they provided us needs to forward to 172.16.1.11. The cisco ASA is running 9.2. Thoughts?

Basic Network Diagram
0
VAPT Test from fortinet.  I tested using this http://metal.fortiguard.com/
Now I want to test from outside by typing public IP.
IS there anyone who can guide me?
0
I have a nat rule on my firewall and want to add more ip addresses to it. It wont let me edit the wan rule to add it. Any idea on how to do this? I am using sonic wall.


ESther
0
HI , I am having FG 110c firewall , with 110 MBS aggregate bandwidth. The firewall is going end of support, We are planning to buy a new firewall. Currentlyour measure application including email is in premises, We are planing to move to cloud with 500 employee strength. Please suggest how to calculate maximum throughput and number of session to decided a firewall, Vendor i suggesting FG 101E . Plesae suggest.
0
Keep up with what's happening at Experts Exchange!
LVL 12
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Please advise how to setup a Fortinet Firewall with an Edge layer for my servers to be protected from my LAN?

Can you advise a site or the areas I need to focus on to understand how to proceed?
0
Hi

I'm having issues with Cisco Any connect VPN client not allowing remote connections, specifically ports 139-445.  Running port query is showing that there are some ports open but not ones for the IP address assigned to the virtual network adaptor.

We have the old Cisco vpn adaptor running and those ports are ok.

Ideas?

Thanks
0
PAT through ASA 5506 doesn't load GUI of destination

Client has a single static public IP. They have a camera system and door controller system that they need to manage remotely. Using PAT for the cameras on http works fine, however trying to access the door controller does not work on port 90. I have a PAT and ACL for the door controller which passes packet tracer and not seeing any blocks, but alas the web interface of the door controller does not load, just sits there white screen until timeout. I have tried everything I can think of and running out of options. This used to work with the old firewall and for some reason I have been able to get it to work in the past with this ASA but it was hit or miss so I started over, now it doesn't work at all. What is wrong here? I noticed that in the PAT settings there is a "real" and "mapped" port option and in the past it started working when removing the "Real" port. I see the requests coming in from random ports so I wasn't sure if this could be part of the problem. Obviously routing all requests on the outside interface to the door controller is not ideal and breaks my remote access to the firewall.

FYI loading the GUI internally from a web browser on port 90 of the inside IP 192.168.0.16 works fine. It just doesn't seem to pass the data through the firewall. The logs just show connection built and then tear down.

Config is attached, I appreciate any input as to how to get this to work!
0
hello,
is there anyway  to snif facebook user account ...
just the user account name or email or the username from my firewall ?
i see a report from on of isp that is have the user id and the ip source ...
thanks
0
hello
is there any way to cash youtube videos without mitm senario ?
0
Hi, Guys, want to compare Sonicwall NSA 4600 and Juniper SRX 3400 in the aspect of security and reliability. Please help me to choose the best FW for my organization.
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.