Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a DVR system for my IP camera systems and I have a sonicwall firewall. I need to access my dvr through my public IP address while out of office. I did the following steps:

Creating the necessary Address Objects

step 1
Then I did

step 2

Creating the appropriate NAT Policies which can include Inbound, Outbound, and Loopback

Then I did

Step 3

Creating the necessary Firewall Access Rules

then Firewall.png

I did these steps and still cant access the DVR system when outside my network.
1
Industry Leaders: We Want Your Opinion!
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hi Experts,

I am currently looking for a managed, software or hardware firewall option for a business grade internet connection and WAN. I don't know much about firewalls beyond what is available on your average home computer and I am a little unsure where to start.

Please can you tell me your thoughts on what is best for a business.

If I were to purchase a unit, is this something that can easily be learned, administered and managed in house or is this something that requires a real specialist?
Should I use a software, hardware firewall, or a managed offering?
What sort of costs can I expect for a reasonable solution?
What should I look out for?

Any expert advise would be most appreciated.

Thank you

Jim
0
Hello,
     We use RealVNC to to monitor a couple of PCs that are at a remote location. We have never had a problem using it but since upgrading the firmware on our  Sonicwall NSA 220 the firewall now stops the connection with the following alert: IPS Prevention Alert: MISC RealVNC Authentication Bypass, SID: 5828, Priority: Medium. How can I stop the firewall from blocking these events?

Thank you
0
I have a sonicwall NSA250 and i have a 50GB fiber coming into the office. I want to partitiont he bandwidth allow Vlan1 to get 40GB and Vlan2 to get 10GB. Can this be done in sonicwall?
0
Greetings,

The goal is to run dual internet connections simultaneously using an  AT&T PPoE DSL (yes, PPoE DSL) connection and a Verizon 3G/4G Wireless USB Modem and designate specific office computers to use a specific internet connection.
A few of the computers run remote backup jobs that we want to connect to the un-metered AT&T connection.
A few of the computers need to utilize the faster Verizon 3G/4G connection.

Planned Equipment purchases:
One Sonicwall TZ 300
One Verizon UML290 3G/4G wireless USB modem

Questions:
1. Can I achieve our goal with the equipment and WAN connections above?
2. Is there a another method that may accomplish the above? Any suggestions welcomed!

The Sonicwall is the desired device due to the ability to implement Gateway Security Services.

Thank you,

COM1
0
Hi,


how to block ransomeware in firewall , and what are the configuration has to do.
0
Hi Experts,

I have created a VPN Tunnel between 200D and 30E.
The 200D has a static IP.
The 30E has a dynamic IP over 4G
Yesterday I created the tunnel with success.
In the evening I switched off the 30E and today morning I booted the 30E again.
I have got a new IP on the 30E and now the tunnel is not coming up.
When I check the IPSEC MONITOR on the 200D I can see the old IP.
Why its not updated ?
0
I have a cisco ASA 5512 wit the below config.

my problem is that I cannot access EXTERNAL URLs, INTERNALLY.

For example, I can OPEN OWA outside and use it normally, but I cannot open the URL internally.  I cannot configure outlook 2016 internally either due to (i would imagine) not even able to reach autodiscover.

I thought it was some sort of DNS issue outside the ASA but it's not.

I narrowed it down to an ASA config by pluggin in the old firewall.

any help would be greatly appreciated.  I'm new to ASA's/CLI, please be patient with me :)
ASA Version 9.2(2)4 
!
hostname global.com-ASAFW
domain-name global.com
enable password Ts8.2CaITYiEag9Y encrypted
names
!
interface GigabitEthernet0/0
 nameif Outside
 security-level 0
 ip address XXX.xx.xx.195 255.255.255.0 
!
interface GigabitEthernet0/1
 nameif Inside
 security-level 100
 ip address 10.0.0.2 255.255.255.0 
!
interface GigabitEthernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
ftp mode passive
dns server-group DefaultDNS
 domain-name global.com
object service 3389
 service tcp destination eq 3389 
object 

Open in new window

0
I have a web site on my IIS server, which was accessible on the LAN.  I have two initial goals:  
1)  put the IIS server in a DMZ
2) configure the router so that the web site is accessible from the outside world

I moved the IIS server from the LAN port on my router to the DMZ port.  The router initially had firewall rules allowing access to the DMZ for all traffic from Any to Any.  I created a rule that denies access to the DMZ for all traffic from Any to Any, and then created a rule that allows access to the DMZ for HTTP requests from Any to Any.

I then created a port forwarding rule to forward HTTP/ port 80 to the internal IP address of the server.

I still can't access the web site externally.  And I can't access or ping the server from the LAN.
Ideas on what I need to change here?
Cisco RV325 router

access rules
port forwarding
0
Quick question.

I'm setting up 4 switches with end users connected. Between my core switch and router, I'm planning on putting in a hardware firewall.

Should the default gateway for the switches and PCs be the internal interface of the firewall (Cisco ASA) or the router?

All hardware is Cisco kit.

Thanks
0
[Webinar] How Hackers Steal Your Credentials
LVL 9
[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Hello Experts,

Would it be possible for someone to explain to me how a satellite server for updates work, whether it is patching or definitions?  Here's what I'm trying to understand:

The use case applies to remote users who don't connect via a VPN on a regular basis.  Is there a way to push the patch or new virus definition out if the user is not on the VPN? I don't think it matters what application is being used, for example, Altiris for patching, TrendMicro/Sophos, etc. for virus definition, etc.

I have heard of using a satellite server for this use case and need to understand how it works.

Thank you,
Steph M
0
please advise
I need to be able to run the executable (installer for cisco anyconnect)
security-warning.PNG
0
I've got a Watchguard 500 series at the main office and a 2 series at a home office.  I've needed to setup a VPN between the two devices to get an IP phone to function properly.  

With the current home office setup I have one interface set as 'external' and connect the cable modem directly here.  Then I have a 2nd interface as 'trusted' which connects to the users home router.  The phone and computer connect to the home router and the VPN works fine.

At the new home office location however the home equipment is a cable modem/router combo - so I have no dedicated WAN port - just 4 LAN ports.

Maybe I'm over thinking this but I'm stumped on how to configure this with the different home router/cable modem combo.

I've been using 'mixed' mode and am wondering if I need to be using 'drop in' mode - ?
0
Dear guys, I have this scenario:
- The original IP network which ISP provide: 13.14.24.160/28 (no worry, it's fake)
- I don't know why the IT guy who worked here before request ISP to split that network to 2 subnets: 13.14.24.160/29 and 13.14.24.168/29
- However, I was handover the instructions to get Internet for LAN network as the attached picture without any other explanation

Can anyone help me to answer these?
- Please explain the way end-users in LAN network to go the Internet. Which IP network should we configure in users' PCs?
- Please give me some ideas that clarify the purpose of the splitting?
- Can I place the pfSense firewall in the Router position? If so, is there any device/configuration we need to focus?

Many thanks as always!
Diagram.png
0
I'm in the market for a new router.  I want a hardware DMZ.  I currently have a NetGear ProSafe FVS338, which is fine except for it lacks a hardware DMZ.
I do not need VPN support.
The other feature I'm interested in is ease of setup.  It doesn't need to be dummy-proof (i.e.  I don't want a "wizard" to do the setup for me).   I just don't want to deal with configuration like what's required for a SonicWall, with a completely un-intuitive UI and setup.
And no bells and whistles that require subscriptions / fees, por favor.

Please only post responses based on your personal experience.  I can Google for routers on my own time... looking for actual real-life recommendation here.
0
My colleague was trying to configure the ASA firewall's management IP but somehow the prompt went and said that the wizard will factory reset the whole ASA firewall, is there anyway to recover back the configuration?

He did not backup but the firewall is left running and never turned off.
0
Dear Experts,

Does anyone know how to configure the default gateway for the Management Interface?
0
We have a Barracuda spam/Firewall 300 here that's got about 30,000 blocked/deferred messages in the outbound queue that I need to get deleted. I can't even bring up the outbound queue in queue management. I spent over an hour with Support and they cant connect with the guy couldn't figure out how to connect with it....that's a different issue. How can I clear these out? Its killing our mail throughput?? I know its got SSH but I can't connect to it. I'm not local to the system but I've got full admin rights. I cant even pull the export out of it.
0
In a Palo Alto networks firewall, how can you see which member of an HA pair is Active?
0
[Live Webinar] The Cloud Skills Gap
LVL 4
[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Hello Everyone!

We had some security cameras installed and the installer asked me to open port 8000 for the dvr.  We have a Sonicwall 1260 Pro and I followed the instructions for port forwarding.  I created the service for both TCP/UDP, port 8000 and then created the group.  I used the public server wizard to allow public access to the camera ip.  After everything was complete I used the site, http://www.yougetsignal.com/, to check if port 8000 was open.  Unfortunately, the port is still closed.  I'm stuck figuring what I could be doing wrong.  We do have 2 static ips for the site.  The other ip is used for the fax machine line.  i don't know if this could cause the problem.  Any help is appreciated.

Router: SonicWall 1260 Pro
ISP: Cox
WAN: 72.205.202.66
Camera IP: 192.168.168.62
Port: 8000
img.png
0
We currently have a Dell Sonic Firewall that is our firewall as well as our company router.  This is our main router for all of our sites in the company.  We have 16.  We implemented through our EMR (Electronic Medical Records) software an upload to a billing company.  They in turn configure and print bills and send them out to our customers.  This has worked fine for over two years.  When this was implemented, we were not required to make any firewall changes at all.

A week ago, the user doing this procedure received an error that the file could not be uploaded.  She called the EMR company, who in their effort to troubleshoot the problem, changed the upload method from ftp to sftp.  She then tried to upload and she got an additional error that port 22 was unable to send.  Seeing that error, the EMR said that the problem has to do with our firewall.  I spoke with the billing company who tried to do a trace route to our external IP.  They were unsuccessful, but I was able to do a trace route to them.  The only caveat is that the user can do this procedure from home with no problem.

I am willing to make firewall changes if necessary, I just don't know what they would be or why it is necessary now, if no one has made any changes other than the upload method from ftp to sftp.

Please help.  I am desperate.
0
The VPN Connection has been giving us issues the last 2 days.
When connected, we are able to access the shared folder and edit/add/delete files. Sometimes an error comes up that says: There is a problem accessing \\servername\SharedFolder.
This has only been happening when using the VPN connection. This error will display a few times and will go away but will come back. I have been pinging the server at the same time as the error so I don't think the server is losing connection.

Any help is appreciated.
0
hi experts,

 user's can't get to this website www.spotify.com. i already checked firewall and web filter and it's not blocked there. I ran out of ideas
0
I have been seeing quite a bit of traffic attempts from a specific ip address to access the above described firewall
how can I block this specific ip address without just blocking all?
0
Hi, we are preparing the rules for Zone-based Policy Firewall on Router c3925, however we need to confirm which traffic usually pass through a router, so that the rule will not block/allow any useful/bad traffic. So can we have a method to see it?

Is there a way other than: "show ip cache flow", "sh ip traffic" ?  

Many thanks in advance,
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.