SoHo Firewall Solution Needed

DominionZA

DominionZA

Executive Member
Joined
May 5, 2005
Messages
8,306
Reaction score
73
Location
Edenvale, Gauteng
Hey Peeps,

I am looking for a new firewall to manage my home and work environment. There seem to be so many options out there at the moment and I am not sure what to pick.
I decided to post at my favourite spot as I trust the opinions of you guys.

My current setup...

  1. Linksys/Cisco WAG320N ADSL router.
  2. Dell GX280 Server running Kerio Control. I have two ethernet cards in this machine. One internet facing (1 above) and connected to the ADSL router and the other connected to an Asus 8 port gigabit switch (3 below).
  3. Asus 8 port gigabit switch which hooks up 3 PC's in my home office, 2 printers and then runs through to the house connected to another 8 port gigabit switch. From here there a various cables running through the house to all the rooms etc...

The devices I have hooked up at random times (and sometimes all of them at one time).
4 * Notebooks.
5 * PC's
3 * Tablets
3 * Cellphones
5 * Media Players
3 * Internet enabled TV's
5 * Internet enabled media devices (WDTV's, LG ST600's, etc..)
3 * XBox 360's.

So in total around 30 devices or so chomping away at my connection.

On Kerio Control I have quite a few things in place to manage the connection so everyone can use it.

HTTP/SMTP gets highest priority.
XBox360's and certain PC games have ports setup with QoS to ensure lag free gaming when we go online even if someone is pumping away YouTube, downloads, etc...

For authentication of each device I have DHCP assign a static IP to each device, then each user (kids, wife and myself) have devices assigned to us via the IP's. Using transparent proxy each user is logged in via the devices IP's address.

I have scheduled times setup so kids are blocked from the net at all times and internet opened up between 16H30 and 21H30 each day and all weekend.

I also use DNS forwarding so requests Kerio cannot handle are forwarded to a DNS server of my choice.

In the event I find things are feeling a bit slow, or connection is laggy when gaming, Kerio offers real time monitoring where I can see each device on the network, the user assigned to the device and their current usage. When selecting a device I can see what connections it has open and what it is doing.

I also have the ability to set the max bandwidth allowed per user. Very handy feature.

Then of course there are the normal firewall functions... NAT, traffic rules, etc...

Now taking the above into consideration, I would like to replace my Dell/Kerio server with something smaller. There are quite a few routers on the market now that have gigabit ethernet, wireless and an advanced firewall setup. I get lost in the reviews though as some look good but user reviews rate them badly, then the ones that get rated high cost an arm and a leg.

My question to you guys is a simple "what do you recommend". I need something that can do all of the above and handle all the listed devices. I also don't want to spend more than R2,500 but will push R4,000 if the device is very reliable and highly rated. Or am I expecting too much?

The reason I am wanting to dump Kerio now is the machine is getting tired. It is about 6 or 7 years old now and has been running 24/7 forever.
With the recent updates Kerio has pushed through I am starting to have issues with the software too. So perhaps time to move on.

I would prefer a dedicate router with an advanced firewall. It does not need to be an ADSL modem. A simple WAN port will suffice. It would be a bonus though.
I am also open to any suggestions you guys may have to simply the setup I have. If any of you have some kind of kickass setup then please post. I am keen to gather as many ideas as possible to build my next setup.

If you have a recommendation then please state reasoning and why you think it would rock.

I hope I have worded this correctly and made it clear enough so you all understand my requirements. If not, please specify and I will try be clearer.

TIA guys.
 
Sorry, i dont have time for a long post, but here are my recommendations.

If you want a hardware device i would consider looking at the following three optiosn:

Draytek Vigor (28XX)
Mikrotik Routerboad
Cyberoam UTM Device

All three will give you most of what you are looking for. The Mikrotik routerboard would probably be the cheapest option, though is a little bit of a learning curve to set it up if you are not familiar with RouterOS.
The Cyberoam will do everything, but you probably looking at a bit more than your budget.
The Draytek Vigor devices are very nice and do pretty much all i think you are looking for, are easy to configure and probably will fall within your budget.

Hope that helps.
 
Okay, I felt pretty much alone so decided to revisit ClearOS - www.clearfoundation.com.
I abandoned the idea of a router with everything I need built in and decided to use my spare HP Microserver (replaces the old Dell GX280) and get a modern appliance install.

I looked at ClearOS (previously Clark Connect which I used years ago) and they have made significant strides in features and stability. I compared it to Kerio Control (which I currently use) and Zentyal (previously eBox).
ClearOS came up tops in a lot of the reviews and forum threads I read so downloaded 6.2 x64.

I needed a second nic in my HP Microserver so popped out and picked up a few PCIe 1Gb cards.

The install has just completed and I am now fiddling around with the add-ons and configuring everything. If anyone is interested I will post my findings and if it does everything I need.
 
Suggestion from my side :

1. Smoothwall (free Linux-based firewall)
2. PC with 3x NIC's (one for RED (internet), GREEN (your normal network) and PURPLE (your wireless network).
3. Add these mods to the base Smoothwall install :
- Full Firewall Control
- URL Filter
- Advanced Web Proxy


Advantages :

- You now will have time-based control over which IP's get internet access. (Full Firewall Control)
- You will be able to throttle traffic per subnet, or per IP (Advanced Web Proxy).
- You will be able to block access to sites (URL Filter).
- You will also be able to see which device's using up bandwidth (bandwidth bars/traffic monitor).
- PURPLE devices will not be able to see your GREEN network (by default) but you can set up rules with Full Firewall Control and MAC addresses should you need wifi devices to see your GREEN network. By default, GREEN can access PURPLE.
- It's free, you just have to download and configure the stuff.
- DNS forwarding should be possible, although there's nothing wrong with Smoothwall's DNS server. You can, if you want, assign a different DNS server to your DHCP clients. But it's up to you. I prefer to let Smoothwall handle all DNS requests.
- Base Smoothwall install can run with 64Mb RAM and 6Gb HDD. If you want to add mods (and other add-ons) you should bump the memory up. In the above scenario, URL filter+Advanced Web Proxy+Smoothwall should be happy with 256Mb RAM and a hard drive larger than 10Gb.

Smoothwall can also be run virtualized if you want to.

Hope this helps :)

Regards

Ook
 
I also recommend Clearos. It is really user friendly and works well. Another low power solution I use at home is Gargoyle. ( http://www.gargoyle-router.com/index.php ).

I run it on a WNDR3700 v2 and it is great for setting up QOS and controlling bandwidth usage. For home use it is great as through DHCP you can force device mac addresses to fixed local IP addresses.

If you have kids you can also see what sites are being accessed and see searches that have been made. It does have not have active content filtering, but for that I put K9 on the kids computers.
 
waynehooper said:
I also recommend Clearos. It is really user friendly and works well. Another low power solution I use at home is Gargoyle. ( http://www.gargoyle-router.com/index.php ).

I run it on a WNDR3700 v2 and it is great for setting up QOS and controlling bandwidth usage. For home use it is great as through DHCP you can force device mac addresses to fixed local IP addresses.

If you have kids you can also see what sites are being accessed and see searches that have been made. It does have not have active content filtering, but for that I put K9 on the kids computers.
Click to expand...

I spent most of today playing with ClearOS. Early this evening I dumped it and did a fresh reinstall of Kerio. COS just nowhere near as polished as Kerio.
I think my troubles were originally a faulty nic which started this whole project of mine. After moving to the HP Microserver everything is running very smooth. What I have done different though is put my ADSL modem in bridge mode and the internet nic of Kerio to PPPoE.
I have yet to find something that can match the realtime monitoring of Kerio.
Keen to give this Gargoyle a bash. Where did you get your router, and is it a 32MB?
 
It has 8mb flash memory and 64mb RAM http://www.netgear.com/home/products/wirelessrouters/high-performance/wndr3700.aspx#two

I bought mine from BTD in East London, but you should be able to get it from any computer dealer. Gargoyle will work in other routers as well. Look at the list on their site.


Mike Smit said:
I spent most of today playing with ClearOS. Early this evening I dumped it and did a fresh reinstall of Kerio. COS just nowhere near as polished as Kerio.
I think my troubles were originally a faulty nic which started this whole project of mine. After moving to the HP Microserver everything is running very smooth. What I have done different though is put my ADSL modem in bridge mode and the internet nic of Kerio to PPPoE.
I have yet to find something that can match the realtime monitoring of Kerio.
Keen to give this Gargoyle a bash. Where did you get your router, and is it a 32MB?
Click to expand...
 
waynehooper said:
It has 8mb flash memory and 64mb RAM http://www.netgear.com/home/products/wirelessrouters/high-performance/wndr3700.aspx#two

I bought mine from BTD in East London, but you should be able to get it from any computer dealer. Gargoyle will work in other routers as well. Look at the list on their site.
Click to expand...

Thanks dude.
I already checked the compatible list. None of the routers I have are there.
You reckon yours works well so will get the same :)

EDIT 01: I found this model at a couple of online shops with an average price of R1,500. Does that sound right to you?
 
Last edited:
Cisco

Go CISCO or go to the dog box :)

Cisco Firewall Solutions

Just get the system ( Affordable if you know where to look )

How can running 90% of the Internet infrastructure be wrong ?

( NO I do NOT work for Cisco -- I just collect their kit -- we all have SOMETHING wrong with us :whistle: )
 
b@nD said:
Go CISCO or go to the dog box :)

Cisco Firewall Solutions

Just get the system ( Affordable if you know where to look )

How can running 90% of the Internet infrastructure be wrong ?

( NO I do NOT work for Cisco -- I just collect their kit -- we all have SOMETHING wrong with us :whistle: )
Click to expand...

All my wireless access points, switches and ADSL router are Linksys/Cisco. I wanted to get a Cisco box with everything in it but too pricey from what I found.
So where do I look :)
 
That sounds about right. Just make sure that it is a v2 model.



Mike Smit said:
Thanks dude.
I already checked the compatible list. None of the routers I have are there.
You reckon yours works well so will get the same :)

EDIT 01: I found this model at a couple of online shops with an average price of R1,500. Does that sound right to you?
Click to expand...
 
Seek

Mike Smit said:
All my wireless access points, switches and ADSL router are Linksys/Cisco. I wanted to get a Cisco box with everything in it but too pricey from what I found.
So where do I look :)
Click to expand...
MTN IranCell apparently ...... [ROFL]

Actually; look for the preferred buyers at Gov IT auctions.

Gov IT ( big municipalities ) have no idea of the worth of stuff.
The BIG suppliers sell the Gov BEE "consultants" a solution today -- then tell them tomorrow it is no good -- then sell them a new solution.
The "old" solution at some point then goes to auction.

You have to know your stuff though because at this level Cisco is just a "box" ( might be a bit last years model and need some cleaning ) you also still need all the other bits to make it all work. ( WIC's , IOS , Memory etc etc )

You have already paid for it via your taxes -- so do not feel bad if you get it for "scrap" :)
 
Mike Smit said:
Hey Peeps,

I am looking for a new firewall to manage my home and work environment. There seem to be so many options out there at the moment and I am not sure what to pick.
I decided to post at my favourite spot as I trust the opinions of you guys.

My current setup...

  1. Linksys/Cisco WAG320N ADSL router.
  2. Dell GX280 Server running Kerio Control. I have two ethernet cards in this machine. One internet facing (1 above) and connected to the ADSL router and the other connected to an Asus 8 port gigabit switch (3 below).
  3. Asus 8 port gigabit switch which hooks up 3 PC's in my home office, 2 printers and then runs through to the house connected to another 8 port gigabit switch. From here there a various cables running through the house to all the rooms etc...

The devices I have hooked up at random times (and sometimes all of them at one time).
4 * Notebooks.
5 * PC's
3 * Tablets
3 * Cellphones
5 * Media Players
3 * Internet enabled TV's
5 * Internet enabled media devices (WDTV's, LG ST600's, etc..)
3 * XBox 360's.

So in total around 30 devices or so chomping away at my connection.

On Kerio Control I have quite a few things in place to manage the connection so everyone can use it.

HTTP/SMTP gets highest priority.
XBox360's and certain PC games have ports setup with QoS to ensure lag free gaming when we go online even if someone is pumping away YouTube, downloads, etc...

For authentication of each device I have DHCP assign a static IP to each device, then each user (kids, wife and myself) have devices assigned to us via the IP's. Using transparent proxy each user is logged in via the devices IP's address.

I have scheduled times setup so kids are blocked from the net at all times and internet opened up between 16H30 and 21H30 each day and all weekend.

I also use DNS forwarding so requests Kerio cannot handle are forwarded to a DNS server of my choice.

In the event I find things are feeling a bit slow, or connection is laggy when gaming, Kerio offers real time monitoring where I can see each device on the network, the user assigned to the device and their current usage. When selecting a device I can see what connections it has open and what it is doing.

I also have the ability to set the max bandwidth allowed per user. Very handy feature.

Then of course there are the normal firewall functions... NAT, traffic rules, etc...

Now taking the above into consideration, I would like to replace my Dell/Kerio server with something smaller. There are quite a few routers on the market now that have gigabit ethernet, wireless and an advanced firewall setup. I get lost in the reviews though as some look good but user reviews rate them badly, then the ones that get rated high cost an arm and a leg.

My question to you guys is a simple "what do you recommend". I need something that can do all of the above and handle all the listed devices. I also don't want to spend more than R2,500 but will push R4,000 if the device is very reliable and highly rated. Or am I expecting too much?

The reason I am wanting to dump Kerio now is the machine is getting tired. It is about 6 or 7 years old now and has been running 24/7 forever.
With the recent updates Kerio has pushed through I am starting to have issues with the software too. So perhaps time to move on.

I would prefer a dedicate router with an advanced firewall. It does not need to be an ADSL modem. A simple WAN port will suffice. It would be a bonus though.
I am also open to any suggestions you guys may have to simply the setup I have. If any of you have some kind of kickass setup then please post. I am keen to gather as many ideas as possible to build my next setup.

If you have a recommendation then please state reasoning and why you think it would rock.

I hope I have worded this correctly and made it clear enough so you all understand my requirements. If not, please specify and I will try be clearer.

TIA guys.
Click to expand...

Did you try ipfire or endian firewall ?
 
b@nD said:
Go CISCO or go to the dog box :)

Cisco Firewall Solutions

Just get the system ( Affordable if you know where to look )

How can running 90% of the Internet infrastructure be wrong ?

( NO I do NOT work for Cisco -- I just collect their kit -- we all have SOMETHING wrong with us :whistle: )
Click to expand...

You sound like an old forum member who used to go on about cisco and type randomly in upper and lower case..

Here are some reasons to not go to cisco:
1. to get a FW with 8 1gig ports, you are going to pay a fair whack
2. They are far, far behind on the UTM side,
3. learning curve for new users, ASDM is garbage
4. Fortigate is easier to use, has more UTM features
5. Checkpoint is a better product
6. I suppose the IOS firewalls are ok, but i would still pick a fortigate or CP over it.
7. There are free solutions that can do what the user requires.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X