Hardware Firewalls

23K

Solutions

10

Articles & Videos

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I'm in the market for a new router.  I want a hardware DMZ.  I currently have a NetGear ProSafe FVS338, which is fine except for it lacks a hardware DMZ.
I do not need VPN support.
The other feature I'm interested in is ease of setup.  It doesn't need to be dummy-proof (i.e.  I don't want a "wizard" to do the setup for me).   I just don't want to deal with configuration like what's required for a SonicWall, with a completely un-intuitive UI and setup.
And no bells and whistles that require subscriptions / fees, por favor.

Please only post responses based on your personal experience.  I can Google for routers on my own time... looking for actual real-life recommendation here.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Dear All

I have a new Mikrotik cloud core router, I need some help, please.

Interface one - ISP

Interface Two - Network Switch DHCP Scope 192.168.88.**

Interface, 12,11,10 & 9 Brideged together for DL380 Gen 9 NIC Team DHCP Scope? 192.168.89.**

I would like to be able to ping anything in any of the two networks, but I can't seem to figure this part out and need a little help, please.

Thanks
Alex
0
My colleague was trying to configure the ASA firewall's management IP but somehow the prompt went and said that the wizard will factory reset the whole ASA firewall, is there anyway to recover back the configuration?

He did not backup but the firewall is left running and never turned off.
0
Dear Experts,

Does anyone know how to configure the default gateway for the Management Interface?
0
One of our locations has  Sonic wall TZ 300w. There are 2 subnets set up on this appliance :

X0 LAN - 192.168.40.xxx
X3 LAN - 192.168.50.xxx (Mitel 5000)

we need to be able to access the software on the X3 LAN from the primary LAN X0. So far I can ping the Phone subnet but when launching the Mitel software connection failed:

anyone with Mitel experience and sonic wall or any phone system with Sonic wall that can help us set this up? Both X3 and X0 are in the same zone.
0
I have a watchguard M400 (Fireware XTM 11.10) Firewall/Router with about 14 Branch Office VPN'c coming into it. We have a new software these BOVPN's need to access. There are two application servers running the software. I would like to load balance the connections to these servers. Can someone point me in the correct direction?
0
Hello Everyone!

We had some security cameras installed and the installer asked me to open port 8000 for the dvr.  We have a Sonicwall 1260 Pro and I followed the instructions for port forwarding.  I created the service for both TCP/UDP, port 8000 and then created the group.  I used the public server wizard to allow public access to the camera ip.  After everything was complete I used the site, http://www.yougetsignal.com/, to check if port 8000 was open.  Unfortunately, the port is still closed.  I'm stuck figuring what I could be doing wrong.  We do have 2 static ips for the site.  The other ip is used for the fax machine line.  i don't know if this could cause the problem.  Any help is appreciated.

Router: SonicWall 1260 Pro
ISP: Cox
WAN: 72.205.202.66
Camera IP: 192.168.168.62
Port: 8000
img.png
0
Recently we added a new TPG IPVPN Connection (MPLS Network with Hosted Firewall) to eth2 on our watchguard but cant get it to work properly (see attached picture)

For some reason i cannot ping any Sydney LAN IP Addresses (on 10.50.2.0/24 network) from QLD Office to Sydney Office.

What do i need to enable / configure on the wathguard so i can ping internal lan addresses from qld office ?

QLD Office LAN is on 10.4.26.0/24 network.
Sydney office LAN is on 10.50.2.0/24 network

From QLD office I can ping 210.10.228.14,210.10.228.13, 10.252.0.6, 10.252.0.5 OK, but if I try to ping the Watchguard LAN IP Address 10.50.2.90 or another device in the same Sydney network from QLD Office it times out. Any ideas ???

Sydney Office Watchguard Configuration is as follows:

I have 3 interfaces setup on my Watchguard x750e firewall with following parameters:

Eth0: IP: 210.10.228.14 (External) - This is connected to a ISP Managed Cisco 1900 Series Router. This is a routed subnet services TPG NBN Conneciton.
Gateway: 210.10.228.13
NetMask:255.255.255.252

Eth1: IP: 10.50.2.90 (Trusted)
Netmask: 255.255.255.0

Eth2: IP: 10.252.0.6 (External) - This is connected to a TPG NTU and is a IPVPN Connection. This also requires RIPv2 and has dynamic routing setup.
Gateway: 10.252.0.5
Netmask: 255.255.255.252
Dynamic Routing Configuration:
1. Enabled Dynamic Routing is enabled.
2. Enable RIP is enabled
Rip Configuration :
router rip
network 10.252.0.4/30
network …
0
hi experts,

 user's can't get to this website www.spotify.com. i already checked firewall and web filter and it's not blocked there. I ran out of ideas
0
Hi, we are preparing the rules for Zone-based Policy Firewall on Router c3925, however we need to confirm which traffic usually pass through a router, so that the rule will not block/allow any useful/bad traffic. So can we have a method to see it?

Is there a way other than: "show ip cache flow", "sh ip traffic" ?  

Many thanks in advance,
0
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi, we are having Router Cisco 3925 between LAN and WAN, however it seems like the money is required for AnyConnect VPN on Cisco 3925. We found that pfSense (Free) can be deployed to serve VPN connections however we need to understand its pros and cons.
-So can anyone explain please?
-Should we deploy it or purchase license for AnyConnect?
-Do you know any free Cisco VPN solution that we can configure inside our C3925?

Our priority is:
- Compatible with current environment with minimum impacts to about 400 users
- Easy to configure and troubleshoot
- Price  

Many thanks in advance,
0
I have 5 IP/s available from my ISP. One IP is for am internal website (registered at godaddy) and we are using 1 for our router IP that I plan to use for port forwarding (VPN, RDP). I am unable to assign the Wan interface to 2 different IP's. Could not find answer in manual.
0
Hi im facing a problem basically we are replacing our cisco router with asr 1001 for the internet connection.

While creating the PPPOE configuration i noticed that pppoe-client is not working on the interface which im trying to configure for WAN side interface.

I appreciate if someone has experience with regards to this router. and can guide me with the full configuration for pppoe.

Thank you
0
I have the above phone trying to VPN with a Dell SonicWall TZ400. When I put in the VPN information, listed below, the phone fails and gives me error codes that Phase 2 no response. I will list the three error codes I also see, if anyone can point me in the right direction.

SonicWALL

SonicWall VPN Settings:

Policy Type: Tunnel Interface
Authentication Method: IKE using Preshared Secret

IPsec Primary Gateway Name or Address: 0.0.0.0

IKE Authentication:

Local IKE ID: Domain Name
Peer IKE ID: Domain Name

IKE (Phase 1) Proposal:

Exchange: Aggressive Mod
DH Group: 2
Encryption: 3DES
Authentication: SHA1
Life Time: 28800

IPsec (Phase 2) Proposal:

Protocol: ESp
Encryption: 3DES
Authentication: SHA1
Enable Perfect Forward Secrecy: Checked
DH Group: 2
Life time: 28800

In advanced tab, the only thing checked is Keep Alive.

PHONE

Server: 50.XX.XX.209
IKE ID: VPNPhone
PSK: *****
IKE Parameters: DH2-3DES-SHA1
IPSEC Parameters: DH2-3DES-SHA1
VPN Start Mode: Boot

Password Type: N/A
Encapsulation: RFC
IKE Parameters: DH2-3DES-SHA1
IPSEC Parameters: DH2-3DES-SHA1

Copy TOS: No
File Srvr: Blank
QTest: Disable
Connectivity Check: Never

Errors

1/3
IKE Phase1 received notify
Error Code: 3997698:18
Module: NOTIFY:305

2/3
IKE Phase2 no response
Error code: 397700:0
Module: IKMPD:353

3/3
IKE Phase2 no response
Error code: 3997700:0
Module: IKECFG:1184
0
I had this question after viewing Windows Remote Desktop through PIX 515.

I am trying to get the group LaptopWiFi to access TMServers using RDP, I have set static IP's for the laptops but I cannot seem to get traffic through the PIX firewall.

PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password XXXXXXXXXXX encrypted
passwd XXXXXXXXXX encrypted
hostname TMILPix506
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 10.22.4.21 TMDC2
name 10.2.2.21 TMILBusFTP
name 10.2.2.198 IL_FBServer
name 10.2.2.196 IL_FBServer2
name 10.2.2.193 IL_FBServer3
name 10.22.4.44 TMFTP
object-group network TMServers
  network-object host 10.22.4.20
  network-object host TMDC2
  network-object host 10.22.4.31
  network-object host 10.22.4.32
  network-object host 10.22.4.30
  network-object host 10.22.4.40
  network-object host TMFTP
object-group network LaptopWiFi
  network-object host 192.168.33.241
  network-object host 192.168.33.242
  …
0
ASA Version 8.4(6)
!
hostname parASA
enable password TKUWW7Nj5Nf9I..m encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.2.2 255.255.0.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 23.25.8.129 255.255.255.248
!
ftp mode passive
object network internal_lan
 subnet 192.168.0.0 255.255.0.0
object-group icmp-type ALLOW_ICMP
 icmp-object echo
 icmp-object echo-reply
 icmp-object traceroute
 icmp-object unreachable
 icmp-object time-exceeded
access-list INBOUND extended permit icmp any any object-group ALLOW_ICMP
access-list outside_in extended permit icmp any any echo-reply
access-list outside_in extended deny ip any any log
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
!
object network internal_lan
 nat (inside,outside) dynamic interface
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 23.25.8.133 1
route outside 0.0.0.0 0.0.0.0 23.25.8.134 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp …
0
Dear Experts,

Tomorrow I have to go onsite to configure an ASA 5516-X to replace the client's exisiting firewall.

1. I need to install FirePower, Advanced Malware Protection, IPS and URL Filtering.

2. Configure IPS so that traffice from the internet goes into the IPS and to the destination

3. Configure Mgmt interface at GigabitEthernet 0/1 - Do i need to configure using same IP Subnet or different?

4. How to send traffic from ASA to FirePower and FirePower back to ASA

5. Configure vlan for dmz interface for a newly purchased server

Can anyone point to me on where I can get a crash course to configure the ASA 5516-X for 30 May's deployment?
0
give me configuration of this topology
IMG_20170527_111506109.jpg
0
I have a Juniper that's not sending blocked traffic to rule hits to syslog.  How
can I view what's being blocked or allowed on the Juniper itself - CLI or
GUI? Thank you.
0
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

We have a sonicwall firewall (DELL Sonicwall TZ600), that is restricting access to pinterest.com.  We have both pinterest.com and pin.it listed as sites to always be allowed by our content filtering.  Is there anyway to get pinterest to come through, without allowing all social media?  We have confirmed different PCs with different Windows OS versions and different browsers (firefox, chrome, IE, and Edge) cannot get into the site.  They get to the pinterest login screen, but then after that they get an empty screen, and do not get access to the site.
0
We have sonic firewall and of course it allows me to export the logs in csv. If I want to show just a simple chart to show on tv screen. Do we have any plug in we can use in general?
And how to export like 500pm daily.

Thanks
0
Hello experts!
I need some help.

Ive setup my vpn to connect via LDAP where my users can be authenticated by the Active directory.  This works great!
This give them access to the network but not to the network resources.  (This would answer the first part of the question)

For example: Once my user logs into the VPN, if my user were to access the file server, it prompts them to login in to the server itself.  

it does this with every server my user tries to access.  it is as if they do not have access to the Domain itself.

i know there are several way to do this. The laptops are assigned to the user by the organization. so there are no personal device allowed

to connect.

One way i was thinking and would love to do is,
- setup the local laptop to join the domain (that easy, I can do this if i connect to the VPN first) but before joining the domain i

need to have the user log on to the VPN Anyconnect prior to logging on to windows.
I figure if the laptop is already logged on the the organization network,  The user can then log in (Via Ctrl, Alt, Delete) as if it was a

standard local workstation at the office.

I don't seem to know how to set that up on a Windows 10. I've seen plenty of information on similar setups with Win7, Win8 and Vista but no

Win10. Win 10 setup a very different. Previous version setups don't seem to work.

If anyone can help me set something like that or has a better suggestion that would be a …
0
We use twilio and sonic firewall in the company for our voip phone system.
And the issue is packet is drop more frequency and do not know what is the issue.

Most of the drops came from inbound calls.

Twilio has no issue.
0
My client has 3 physical locations, all just switched over to Charter Spectrum Business running on an Engenius ESR600 wireless router.  2 locations have no problems ever.  The third location has 6 computers, of which 5 will lockup using the AMS360 website.  The computers have never frozen except during AMS360.  The computers never once froze before switching to Charter Spectrum.  The 6th computer is the only laptop in the office and doesn't use AMS360 much if ever.  So I began testing power to computer stations, but no power issues could be found at the two highest occurrence PCs.  To make things worse, the problem never effects two computers at the same time.  The software can run in IE or Chrome, and the problem are the same on both browsers.  Most of the time, the browser is not responding and never recovers, but you can open another instance of the browser and work just fine.  On a slightly more rare occasion, the user will report one of the AMS360 tabs will go gray (Not responding), and when the go to another tab and work there for a short time it may lock up (No mouse, keyboard or any input).  They have waited an hour to see if anything will change, which it doesn't.  I don't really know the actual frozen vs not responding broswer %.  I have seen first hand an unresponsive PC at this client and the browser not responding.  All computers are Windows 7 SP1 64-bit.  They are a mix of Lenovo ThinkCentre and Dell Optiplex computers.  I have installed all updates and drivers …
0
I have had an ASA 5505 for about 10 years and decided to upgrade to the ASA 5506 with Firepower Services.  The network topography has not changed and the interfaces are as follow: Inside, InsideMgnt, DMZ, and Outside.  I recreated all of the various types of objects and duplicated my ACLs.  Everything has been working as it should for the last 5 days or so I thought.

Today I noticed that our Xerox copier can no longer scan to email. I am getting an error "017-714 : Smtp over ssl failed"  We use Office365 and configuring an MFC to scan to Office365 email can be problematic at best, so I spent the better part of today trying to troubleshoot why it was not working.  After several hours I started to wonder if the problem might be with the ASA 5506.  So I fired up the 5505 and swapped out cables, and sure enough scan to email works just fine.

Once again, all of the ACLs are exactly the same.  I do have Firepower setup and configured, and although I have created an Intrusion Policy, I have not enabled "Drop when Inline" and am only monitoring the events for now.

Any ideas why the 5506 would prevent the Xerox on the Inside interface from authenticating over SSL to the Office365 mail server when using the exact same settings as the 5505 which works?  By the way, Outlook clients on the Inside interface have no problems communicating and authenticating to the Office365 mail server via the 5506.
0

Hardware Firewalls

23K

Solutions

10

Articles & Videos

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.