Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Domestic hardware firewall

  • 10-06-2016 4:08pm
    #1
    Registered Users, Registered Users 2 Posts: 1,908 ✭✭✭


    Could you please advice hi-speed (360mb) hardware firewall for someone who wants to set up his own web server at home. Or at least router with decent firewall if you think this will be enough? Mostly for web activity, no email or spam filtering needed, VPN would be nice, but not necessary.

    Almost forgot - price is main factor. Is it general rule for hardware firewalls (Zyxel, Cisco, FortiGate) to have licences for its features (renewal)?


Comments

  • Posts: 0 [Deleted User]


    zom wrote: »
    Could you please advice hi-speed (360mb) hardware firewall for someone who wants to set up his own web server at home. Or at least router with decent firewall if you think this will be enough? Mostly for web activity, no email or spam filtering needed, VPN would be nice, but not necessary.

    Almost forgot - price is main factor. Is it general rule for hardware firewalls (Zyxel, Cisco, FortiGate) to have licences for its features (renewal)?

    Personally a locked down Unix distro with iptables would do me, if you later wanted further functionality you can add as you go... For instance if you wanted a VPN solution then add OpenVPN. There are some specific distros designed for this (ipfire and pfsense) but personally i've never used them.

    The professional solutions (FortiGate, CP, etc) are generally expensive and require yearly licenses, off the top of my head I can't think of a commercial FireWall that doesn't require this but my experience has been with enterprise level solutions, I've never looked into entry level stuff before. Having a quick google it looks like Cisco and Zyxel have some sub €200 solutions which might suit you but I've no personal experience with them.

    Firewall is just one piece of the puzzle, make sure that person patches and keeps the server in a DMZ away from any other networked devices.


  • Registered Users, Registered Users 2 Posts: 1,908 ✭✭✭zom


    Personally a locked down Unix distro with iptables would do me, if you later wanted further functionality you can add as you go... For instance if you wanted a VPN solution then add OpenVPN. There are some specific distros designed for this (ipfire and pfsense) but personally i've never used them.

    The professional solutions (FortiGate, CP, etc) are generally expensive and require yearly licenses, off the top of my head I can't think of a commercial FireWall that doesn't require this but my experience has been with enterprise level solutions, I've never looked into entry level stuff before. Having a quick google it looks like Cisco and Zyxel have some sub €200 solutions which might suit you but I've no personal experience with them.

    Firewall is just one piece of the puzzle, make sure that person patches and keeps the server in a DMZ away from any other networked devices.

    There will be no other networked devices, just server. Kind of mini hosting training, but doesn't want to end up with bunch of expolites spreading internet with spam from that machine.

    I was considering separate PC with software firewall on it - how fast hardware I need to filter 360MB traffic? It may be not that competitive price-wise, I would aim in some small factor PC if any.


  • Posts: 0 [Deleted User]


    zom wrote: »
    I was considering separate PC with software firewall on it - how fast hardware I need to filter 360MB traffic? It may be not that competitive price-wise, I would aim in some small factor PC if any.

    https://www.pfsense.org/hardware/#requirements

    "101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters."

    Some further reading....

    http://arstechnica.com/gadgets/2016/01/numbers-dont-lie-its-time-to-build-your-own-router/


  • Registered Users, Registered Users 2 Posts: 1,835 ✭✭✭BoB_BoT


    Sophos have a free version of their UTM firewall for home use. Might be worth looking at - https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

    Also, if you're using a spare PC to run this, make sure you have gigabit NIC's.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    zom wrote: »
    There will be no other networked devices, just server. Kind of mini hosting training, but doesn't want to end up with bunch of expolites spreading internet with spam from that machine.

    I was considering separate PC with software firewall on it - how fast hardware I need to filter 360MB traffic? It may be not that competitive price-wise, I would aim in some small factor PC if any.

    Im confused. If you are only going to have a web server on it, what will the firewall be blocking access to?

    Does it even need to be hosted on the internet?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 134 ✭✭ishotjr2


    If its only a webserver then you need more a Web Application Firewall. That is tuned to find SQL injection/XSS...... etc... Developing signatures to discover attacks in stuff like Angular/Jquery/PHP etc..... will be a paid for service.

    The idea that iptables will protect you and that is what every firewall vendor uses is not true. You will at least need a Suricata/Snort on top, you need to know what you are doing here, which comes down to how much time you have to invest. (You can get the emerging threat signatures for free).

    If this is not a public facing website then just use a VPN. Or even use SSH as a SOCKS proxy there is even some firefox addons that make that easy. If this is a public facing website and you are not willing to buy a Web Application Firewall or pay for the signatures you should be confident that value of the information stored is proportional to the investment in security.


Advertisement