Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a Cisco ASA 5505 configured to send netflow to a flow collector.  I need to disable all firewalling on the ASA so it just routes (no NAT).  This is for a lab deployment to measure flows through the firewall, but not block any traffic.

I don't know how to configure the firewall to accomplish this (I want to use the 5505 and not some other device due to its supporting Netflow v9, and it's freely available in the lab for me to use for this purpose).

Or do I just set both interfaces to be "inside" named interfaces with similar security levels and that will accomplish the goal?
0
Live Q & A: Securing Your Wi-Fi for Summer Travel
LVL 1
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

Hi,

I have five locations that have Sonicwalls and all five locations are connected by VPN.  The contract is up with the five Sonicwalls and the contract is up for renewal.  The owner wants to consider installing a different VPN firewall at each location.  He's has not been very happy with the Sonicwalls and doesn't want to renew the contracts for the Sonicwalls.  I've used Sonicwallls in the past and don't have any problem with them but the boss wants a change.  Each location has 4-5 Windows 7 or Windows 10 computers.  The owner wants to know if the Ubiquiti Edgerouter would be a secure solution using site-to-site VPN.  I've used the Edgerouter before but never in a situation like this so I don't know if it would be a good solution.  I was thinking about looking at a Fortinet VPN router to replace the Sonicwalls but I want to see what your suggestions are.  Why or why not would you recommend going with a Edgerouter for a site-to-site VPN between 5 locations?  Would Fortinet or Ubiquiti be a better (better value--same level of security) solution as a Sonicwall replacement?  Is there a better (better value) solution?  Thanks in advance for your help!
0
our two ADSL connections has download 12 mbps and upload 600-700 kbps . one of our application vendor is connecting via webex and informing us connection is very slow. but when we check with the  auto desk /ammi or teamviwer  working fine . what is the minimum recommended  bandwidth for this activity .
1
We have a Watchguard M200 firewall that we would like to limit inbound/outbound bandwidth to 20Mbps on our External (WAN) interface. Our ISP allows for 40Mbps total bandwidth. I've gone into Traffic Management and changed the interface to limit bandwidth to 20Mbps but this only seems to apply to upstream outbound traffic. Inbound traffic is still coming in at the fulll 40Mbps. Is it possible to also limit inbound traffic to 20Mbps?

Thank you
0
I work for a small company with roughly 50 users and have been asked to have an outside vendor perform security/vulnerability testing.  We have several servers, ranging from SQL, to Exchange, to Remote Desktop with a hosted firewall through Windstream.  I thought I would appeal to the Experts in the Experts-Exchange community for advice and/or recommendations for a good vendor that specializes in such things.
0
Every morning we come in and our connection to a hosted application is unavailable.  After a few hours of being in, the connection is some how restored automatically.  This connection is restored at the same time every day.....

I ran a timestamped ping test to the remote LAN IP over the VPN tunnel from a computer to determine when it goes down and when it comes up. The ping replies with "No resources" right at 11pm and then the connection is restored right at 9am.  You can find the ping file attached.

I don't think this is a physical connection issue on the local end because internet remains up the entire time and this only happens on this one VPN tunnel.  This seems like there might be a timed rule on the remote VPN side to terminate or block connectivity for that time but I could be wrong?

Any thoughts?
0
Hello,

I need to create an IE lock down group policy to block all internet access for some computers but allow exception for specified work related internet websites and also allow the internal websites

Please advise how this can be probably done.  

Many thanks.

Nav
0
Hi
Cisco ASA 5506 X, I mistakenly deleted the boot file - I meant to delete the ASDM version :-). So I can only boot into rommon. I have seen many articles about using tftp in rommon to copy an image but the problem I have is that the ASA interfaces are down. No link light. My Ethernet cable shows as not connected, so my TFTP server is not listening. I have tried using a normal patch cable directly between my PC and ASA, also plugging both interfaces into a switch.

Does anyone know how to fix this?

Thanks very much.

Alasdair
0
Office:
I have an small office that has one windows 2012 R2 Standard server (which is a Domain controller too .) with several other workstations and all seems to works fine.
The office use Sonic wall TZ300w Firewall.

Home Office:
I have an home office with windows 7 Pro that was joined with the Domain prior to be moved and relocated to Home office.
The Home Office use Sonicwall TZ100

The Sonicwall GVC (VPN Client) is used to connect the windows 7 Pro to the Office. Upon established connection, I can ping the server or any other computer by IP and also by Name, in addition I can Map the resources of the shared folder on the server.

The above statement will be true from the office and I can connect to the windows 7 shared folder (MAP) and can ping by IP and by name. However after a while everything stay the same except the map driver to windows 7 will break and is not available. I still can ping the the remote windows 7 by name and IP but \\192.168.168.5 or \\homebackup will fail.
Can someone please assist where the problem might be (TZ100, TZ300, GVC, Server)?
BackupChart.pdf
0
Palo Alto Firewall - Having issues bringing up with HA element - HA 2 and backup is coming up ok but HA 1 isn't.

Any advice would be appreciated.
0
Protect Your Employees from Wi-Fi Threats
LVL 1
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

how to setup IPsec VPN between Mikrotik and Fortigate routers
0
ISE Policy set using AD attribute.


Hello all,

I am having some trouble using a Policy set that is set to look for if a User has the Dail-in attribute to either "Allow or Deny" however I am noticing that this attribute does not come up with every user that is logging on via Anyconnect.

So we have some users that are able to log in and some that are not because this attribute is not being pulled for some users.

Please fell free to ask any questions.
0
Hi Guys,

I want to whitelist the particular URL from Fortinet 100D firewall,

I tried google and enable "URL Filter" under "Webfilter" and made that website as allow - still not working.

please advise me steps to whitelist particular urls - as im new to fortinet and im afraid to make any changes which causes any issues in environment.
0
Hello,

I have been using a Netscreen SSG-5 firewall for my home office since 2009. For the first 5-6 years or so I logged into it fairly regularly to check on status, tweak configuration, and update the ScreenOS.  I have not logged into it for the past 2-3 years. I recently received an email from Lifelock warning me about VPNFilter malware that is targeting routers. This made me think about checking the status of my SSG5 to make sure it has the latest firmware and ScreenOS and to possibly change the password.  The problem is when I try to connect to the firewall at https://192.168.X.XX/ using Firefox I get an error message that the Secure Connection Failed with this specific error message:

Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP

I then tried using Chrome and received a similar error message:

This site can’t provide a secure connection 192.168.X.XX uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Internet Explorer also failed.

It has been a few years since I have worked with the firewall and I am a bit rusty in terms of the technology.  I did some searching and learned that the latest versions of Firefox, Chrome and IE won't accept weak "ciphers" and that my SSL and/or TLS are outdated.  I found something about RC4 not being safe.  I also think my certificate has expired.  It has been a few years and this is is a bit Greek to me.  All I know …
0
Sonicwall log notification needs to be disabled but I can't find the settings in log.  Also, this particular IP address is knocking on my firewall door 30 times in the last day.  Anyway to notify anyone to have them knock it off or should i should simply disable the notification; and carry on with my business.

Alert from Network Security Appliance *** [18B169879C90] [Possible TCP Flood, Flood Protection, Firewall Settings]
0
Hi,
We have two SRX series firewalls (100H) in an HA configuration running software version 11.4.R7.5; I Need to allow stunnel through from a specific IP (external) and port through to a specific local machine and port on our internal LAN, and I can't find any information on how to do this - I'm not that familiar with Juniper firewalls, so am unsure of what to do;
Please help!
Thank you
Robin human
0
Hello, Could you help with this issue ? i can't push a policy in checkpoint i have this error
eror database checkpoint
COuld you help me ?
0
Today we are using ASA 5515-X  as an Internet facing firewall in our datacenter. It has reached the "End of Sales" stage. We are looking into the 5516-X and are considering this device as the natural migration step. Is it possible to simply transfer the configuration used in 5515-x to 5516-x?
0
I have an issue where I'm sure someone is hacking our network, specifically four machines.  I have witnessed them going into my home folder and deleting my trash on these machines.  They are also able to change the camera settings.  For example, they're zooming in to locations.  They are doing playback.  This all happens between the hours of 12am-2am.

I'm using:
Windows 10
Palo Alto Networks
Security Camera Milestone software.  https://www.milestonesys.com
The cameras are made by Mobitics.

What I've narrowed it down to is this happens when the security camera milestone software is up and running on the four machines.  When I turn that software off there's no connectivity or suspicious things going on.

What I need to know is how do I find out who is doing this?  How can I get an IP address?  Are they inside my network or outside my network?

I would even appreciate a recommendation of a security company that knows how to track intruders down.

Note:
I've checked the parking lot and areas of the campus to see if someone is psychically here, but I don't see anyone.  I've also contacted Milestone software and they've recommended I change my password and the camera's password, but we are still having an issue.
0
Free Tool: Path Explorer
LVL 12
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hello,
I want to allow my wifi users to work only with WhatsApp so is there any list of domains or ip pool for whatsapp
I have mikrotik and I will use it to do that.
thanks.
0
So i have a Standard home broadband Netgear router (DGND3700v2) it connects  to ADSL using a phone line.

can I use a RJ11 TO RJ45 converter and then plug that phone line straight into the outside ethernet port of an ASA5506 and then configure the port to use PPPoe with the credentials from my ISP? would that work?

Thanks
J
0
Hey Guys,

 I am a complete newbie to Cisco so excuse my ignorance,

I have just setup the device and want the Outside interface  to receive traffic from my  home Netgear broadband router and then pass it through to inside interface.

How do i go about doing this? I have tried different ways but none seem to work.

All I want is the ASA to act as the firewall.

current setup is as follows



Netgear Router / Modem 10.0.1.1 (gets dynamic ip from ISP using PPPOA and does the NAT) Please note my router does NOT have bridge mode option
ASA 5506 Outside Interface ip 10.0.1.7 (Static)
ASA 5506 Inside Interface ip 192.168.1.1

The bit i can't work out it adding static routes and do I need to NAT on the ASA as the router already does that

Thanks
J
0
Hi ,

we have subsidiary company with around 150 Users . it is linked to us (HO ) over IPVPN (1 MB)  and services getted from Us are :

1- CISCO IP telephone ( currently around 75 Users)
2- ERP ( about 50 USers)

thier existign Setup :

1- Domain COntroller ( seprate totally from us ) + Antivirus server ( 1 physical box)
2-finance system
3-Backup Server
4-Sonicwall NSA2600
5-Switches
7-Router for IPVPN

the managment is thinking to host the setup for the subsidary company so my questions are:

1- how I can do the proper sizing for the link ? so i ensure the users are not feeling slowness
2-what equipment should i move from there and what i should not ? best desing fro myour experince
3- how the internet should be provided to thier users ? from us or locally ?
4- what are the adv and disadvanage for such plan? should we recommend this plan or let them continue as they are
5- risks?
6- what are the pre requisits needed in the HO Data Center for hosting those equipment
0
I need help converting a NAT policy from ASA ASDM to Cisco FTD. Before anyone recommends using the convert tool, the ASA version is too old to convert.

Here is my original ASDM rule:
Original ASDM rule that needs converted
I need to configure that rule on the FTD which has quite a few more options. Any help would be greatly appreciated.
How the NAT rules look on FTD
0
Hello- I am in desperate need of help. I implemented a Cisco SG200 Smart Switch. There are only 24 gigabit ports, so I attached a 24 port unmanaged Cisco switch to it. However, most (not all) computer and VOIP phones are not able to obtain IP addresses from the UTM connected directly to the Smart Switch. The LAN adapter on the computers say "Unidentified network".

I have been researching this for 6 hours and I can't figure out why these devices are able to get an IP address.

Thank you.
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.