We're thinking about purchasing the firebox x750e. Any experience with these? I see a lot of negative feedback on the x500 series but could not find anything on the x700s.
Does the watchguard, netscreen, and sonticwall firewalls all require an annual renewal fee?
I see some x700s on ebay for under $500. What's bad about buying these used ones?
Anyone using a Watchguard firewall X750e or other in a past or current setup which can provide me with some feedback on their experience?
I am looking at introducing a Firebox running Fireware 10.
I am tried of not finding a good documentation on now to configure netscreen-25 firewall.
This is the current setup;
Ethernet Drop -> Netscreen (connected via straight RJ-45)
NetScreen -> Switch (Connected via cross-over cable)
This is the what I want to be able to do...
I am assigned a 76.36.57.32/27 subnet
Netmask 255.255.255.224
Gateway 76.36.57.33
1) Make Netscreen accessible via IP 76.36.57.34 for remote management.
2) I dont want netscreen to assign IPs for my wired devices because I've already set all their IPs and those are the ones I want to use.
Now, I did read the manual [url] and went to Network -> Interfaces -> Ethernet 1 Trust *edit* and in the "IP address" box I typed 76.36.57.34 and netmask "/27".
In the "Manage IP" box, I typed 76.36.57.39/27 according to the manual.
After doing all that, I cant access any of my "wired" devices behind firewall and neither can I access the firewall itself with the IP I assigned.
I have two netscreen 25 firewalls linked together via an ethernet cable.
If I connect the ethernet cable to switches I get around 90Mbps. However, if I connect the firewalls together I barely get more than 30Mbps (25Mbps average using iperf). All rules are set to talk to each other and the setup works, but I don't understand where the speed has gone.
The firewall ports and firewall performance per port is rated at 100Mbps and there is little traffic on the other network ports. I have both interfaces set to auto neg duplex as if set to 100 full I get even worse performance.
one day our sonicwall router decided to not let us connect to the web gui management using the normal gateway ip. We can't figure out why and we do not I repeat, DO NOT want to have to reset the router unless we can guarantee our configurations will be saved 100%
How do we console in to the router and turn back on the web gui management so we can connect through the default gateway ip?
We own a Sonicwall TZ 170
We are thinking of buying a SonicWall TZ 150 From:
[url]
Anybody have this model and have comments/concerns with it?
Also, how does the antivirus work? Does it scan each packet? It seems impossible to scan packets for a virus, seems like you need entire files don't you.
We are getting a 100mbps drop at the co-location center, is this device going to limit the available bandwidth we are able to use? On sonicwall it says it can support 30mbps using SPI firewall.
I've been looking at these two Firewalls for a quite some time and I am not sure which one I should go with. Price is not a factor since both are around the same price range.
The firewall is going to be in between my DROP and LAYER3 Switch.
So...FastE -> Firewall -> Layer3
As you can see, I dont want any fancy VLAN stuff or anything like that since my switch can take care of all that. I just want a firewall which is easy to configure and manage and has DDoS protection built-in.
If you have any other hardware based firewalls in the price range of ASA 5505 and Netscreen 5GT then I would want to hear about those as well.
I got a problem where mine is stuck acquiring an IP. I have a 64bit OS so I have to use Vmware 32bit os to use the program and my firewall is setup to be open for that particular VM but still it cant grab an IP. Ive left it enabled for around 30 mins it doesn't time out or stop or error. Someone else uses it who is in another location and was in the system yesterday so I'm not sure if she had any issues but said she had no problem getting in so it must be my setup.
View 0 Replies View RelatedI have a small rack of 15 servers (mostly running CPU intensive applications). Our average bandwidth consumption is a consistent 7mbps between all servers. I was researching to find a solution to filter incoming and outgoing email (provide hosting to a few people on one of the boxes), to prevent spammers from getting in or the occassional customer turned spammer from getting outbound.
I was considering the Firebox X Core x550e, to put in front of our units. Has any one had any experiance with them first hand? Can the unit handle it? It says 25,000 concurrent sessions, I don't think I have 25,000 concurrent sessions ever at any giving time going out bound....
I 'recently' got a FireBox v60 to replace my Fortigate 50's.
I didn't know the Firebox needed software to configure it or get it going... As i got it off eBay...
I am setup in a co-location facility. I just recieved my new SonicWall TZ180 which I am trying to setup.
Previously I had my server connected to the internet drop via a static ip address assigned via windows tcp/ip (1.1.1.2), nothing special there. Then I used Plesk and assign domains and ip addresses as normal.
My co-location facility gives me 4 static ip addresses, lets call them:
1.1.1.2
1.1.1.3
1.1.1.4
1.1.1.5
And an ip address called Network Gateway at:
1.1.1.1
And DNS ips at:
2.2.2.2
2.2.2.3
I am trying to figure out how I make this work now with the SonicWall. I am using Plesk, and I have already assigned all DNS settings and name servers to their proper static IP address, such as:
ns.mydomain.com -> 1.1.1.2
ns.myseconddomain.com -> 1.1.1.3
So I cannot use the local ip address (192.168.168.2) assigned to the server box by default by SonicWall using DHCP. I must use the actual static ip addresses assigned to me and already configured in Plesk. I have heard I need to use NAT, and assign the SonicWall the ip address of the network gateway: 1.1.1.1, then add the 4 standard static ip addresses into a pool in the sonic wall.
I am considering on implementing a new firewall in our colo which would have about 10 servers behind it which generates on averages 2.314 megabits/sec for everything.
I am looking at the new Watchguard x750e running version 10 of Fireware which seem like a good fit without breaking the bank but I have also thought of simply implementing a Poweredge server running CentOS and running an IPtables config to provide firewall services.
Anybody have any Feedback on the Watchguard unit or use a Watchguard product in their setup and can comment?
I have 2 locations, one with a Watchguard Firebox II/1000 and the other with a Cisco ASA 5520. I have configured a VPN between them and have run into a snag. The VPN tunnel works fine until it expires, but there is a significant lag in re-establishing the tunnel. The lag is enough to cause Backup and Data transfer failures due to timeouts.
Does anyone know how to configure the VPN tunnel to never expire, regardless of uptime or traffic volume? The Cisco doesn't seem to want to let me configure either phase for 0 or infinate kb expiration.
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?
after install apf firewall whole server blocked to everyone.. i can't get ping back as well. Any idea?
View 2 Replies View RelatedI'm planning to place some firewalls in my network, but I'm afraid of something.
I have never used cisco pix, checkpoints and others.. We currently use custom made linux solutions for that
When we use these ready-to-go boxes, do we need to NAT the internal server IPs?
Is it possible to use these ready-to-go solutions with REAL IPs in the servers?
Does cPanel work well with NATed internal IPs? Or shall I have some trouble?
Do you think it's safer to with NATed, or it will be better to use real ips instead?
I was wondering what everyone thinks the best Firewall software is for a dedicated server?
View 7 Replies View RelatedIm using the latest cPanel release. Using Pure-FTPD as the ftp server. I have CSF Firewall installed and configured and have also got [url]installed. on the dos deflate software ive set the ban limit to 250 connections.
But what my problem is that while downloading on ftp clients with internet that can download very fast that it will ban them. Ive kinda realised that it is to do with the DDos software but im unsure what i should do. Increase the limit of connections but that would mean that more minor Ddos attacks might get through so that would affect more clients. Or leave the limit at 250 and let clients get blocked for 20 minutes.
Or alternatively is there a way i can stop people getting banned via FTP completly. As i dont see that option on the Ddos or csf.
I´m running the remote desktop service and configuring a remote dedicated server right now.
So, I need to install a firewall in this machine, but I don´t want to be disconnected after the installation.
So, can anyone tell me of a firewall that don´t stop the connection of RDP just after installation and works with Windows 2003 Server?
secure a LAN network with 200 computers, a specific hardware solution (like CISCO PIX or so) might not be available.
Though, I'm considering a Firewall OS based Solution like pfSense, m0n0wall, eBox, Endian Firewall, SmoothWall, etc.
There are so many options and I have no experience with none of this. My Requirements are:
Web based configuration
Clean Interface with graphic statistics
Pretty Secure
Good hardware support
Free usage
Simple configuration
Support for high bandwidth usage
I think OpenBSD is pretty secure, is there any OpenBSD Firewall OS solution with this requirements?
What better firewall to vps?
In my vps not use csf or iptables
Virtuozzo has bug that.
What do you think of this two firewall? which one is better overall?
View 14 Replies View RelatedI am looking to setup a Firewall etc... on a VPS and would like to know what is the better one and easy to use etc...
CSF or APF and BFD ?
know of any hardware firewall (or suggest) which is under 300 USD and can protect around 5 servers with a total bandwidth capacity of 100 (+/-) Mbps. I am really no security expert
Of course, it should have web based management, online documentation (not really needed) and something special for prevent DoS attacks automatically (really fed up of them).
If possible if you can link me directly to an online store that can ship it Internationally / Europe?
I was having attacks so I installed CSF firewall which did a great job. However on a few of my sites, specifically proxy ones, every second or third page you visit will be a 403 Forbidden error. After about 20-30 seconds, you can refresh and it goes away. I suspect CSF is causing this, because it just started to happen after I installed it. Is it thinking there are too many connections or too much bandwidth and its blocking me or other users just using the proxy? Is there a way to make it slightly more tolerant?
View 3 Replies View RelatedI am a non technical type that is trying to start a web based business. I am thnking a dedicated server will be the best option for me but as I looked at the quotes from several different web hosts I noticed that the firewall services that they provide are very expensive. 100$ a month - 150$ a month.
Are there other firewall options that can be installed on the server that we as administrators can install and use?
I have had a fair few hack attempts from ip numbers that are on the same
provider ;telewest' that i am on - is there anyway of getting this takne further other than contacting isp?
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:04 mark-scorfields-computer ipfw: 12190 Deny TCP 122.24.44.198:2426 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:49:08 mark-scorfields-computer ipfw: 12190 Deny TCP 211.75.135.2:2261 82.39.142.27:135 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1026 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:16 mark-scorfields-computer ipfw: 35000 Deny UDP 204.16.209.44:51324 82.39.142.27:1027 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:50:36 mark-scorfields-computer ipfw: 12190 Deny TCP 121.34.113.29:27207 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 21:59:38 mark-scorfields-computer ipfw: 12190 Deny TCP 58.221.225.230:4151 82.39.142.27:135 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1027 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:38 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36236 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1026 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:00:39 mark-scorfields-computer ipfw: 35000 Deny UDP 220.164.140.236:36240 82.39.142.27:1027 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:45 mark-scorfields-computer ipfw: 12190 Deny TCP 125.195.44.229:2212 82.39.142.27:135 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:48 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628 82.39.142.27:2967 in via en0
Jun 9 22:03:51 mark-scorfields-computer ipfw: 12190 Deny TCP 82.39.189.11:4628
Lately one of my servers have been getting syn floods and ddos attacks (repeatedly for the last 2 weeks). The attacks are not as bad as they were the last 2 weeks, but my software firewall (iptables and csf) is not doing the job anymore. It can't handle such large attacks.
I picked up a netgear firewall, but it has dhcp and lan, which made it have no use to me. All my servers are on static ips, so I would be unable to use a lan.
Is there a firewall available which would allow me to setup something like this (Server 1 is the one getting attacked):
Internet ---> Firewall ---> 48 Port Switch ---> Server 1, Server 2, and so on
or
Internet ---> 48 Port Switch ---> Firewall ---> Server 1
Other servers come off the Switch
I saw the Cisco Pix on ebay, but am not sure of all the features it holds. I basically need a firewall without any lan capaibilites, no routing, just a plain firewall that will protect from DDoS and Syn Floods (if possible, also email me the logs). Also needs to push up to 20Mbps (100Mbps would be best though).
I looked into m0n0wall and pfsense, but their software didn't make any sense to me. I tried setting it up on a PIII 700Mhz with 768MB Ram but never got the webConfig to work.
Price is not a huge issue, I just need these attacks to end. any suggestions on software firewalls let me know.
Which is the best firewall in linux unix servers..................
View 4 Replies View RelatedI have a client who requires a firewall with VPN support. He will be utilizing around 10mbit of traffic at most. What would be a suggested firewall to go with that would properly handle vpn?
View 10 Replies View Related
