dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
861
share rss forum feed


JJJohnson

join:2001-08-25
Fort Collins, CO

Firewall that can easily do 50 Mbps incoming?

My Comcast connection was recently upgraded from 25 Mbps to 50 Mbps downstream. I find that the ZyWALL 2 Plus and the ZyWALL 5 firewalls that I own aren't capable of handling this amount of traffic when the firewall rules are enabled.

What is a reasonably priced (under $75 let's say) firewall that can handle this traffic? I don't need wireless or gigabit ethernet ports, since I use a separate gigabit switch and wireless access point for my home network.



Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T Midwest

Put an old PC to work and set up a pfSense firewall. It will handle 50Mbps without breaking a sweat, and it's free. It's based on FreeBSD and there are several packages you can use with it including Snort, pfBlocker, DansGuardian, etc.

»pfsense.org/



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
reply to JJJohnson

Check the 2nd link in this post »Need a new router ... looks good (I don't have any personal experience with it)



Trihexagonal

join:2004-08-29
US
Reviews:
·AT&T Midwest

pfSense is an Enterprise class firewall, what hardware you decide to run it on is up to you. It just depends on what you've got on hand or how much money you want to spend.

»forum.pfsense.org/index.php/board,5.0.html



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast
reply to Trihexagonal

said by Trihexagonal:

Put an old PC to work and set up a pfSense firewall. It will handle 50Mbps without breaking a sweat, and it's free. It's based on FreeBSD and there are several packages you can use with it including Snort, pfBlocker, DansGuardian, etc.

»pfsense.org/

While pfSense is generally a fine firewall/router product, its IPv6 capabilities are currently still a beta product, and I have seen many problems reported with using it with Comcast's dual stack implementation. If the OP uses Comcast's IPv6, pfSense (in its current beta form) may not be a good choice.
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.

HELLFIRE
Premium
join:2009-11-25
kudos:17
reply to JJJohnson

Start at smallnetbuilder.net, compare the max throughput and max simultaneous connections numbers
with what fits your budget.

IMO, anything within the last two years'll move 50Mbps no sweat... where things break down is when
you add SERVICES on top, like IDS / IPS / anti-X, VPN, etc., and any extra bells and whistles on top.
So far your list doesn't look too hefty, unless not all of the story's being told as to what you want to
do with this device now, or in the future.

Also, not to criticise your budget, but that low a number makes me think of the adage "cheap, fast, perfect,
pick two." YMMV.

My 00000010bits.

Regards



NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to Trihexagonal


x2 for the old PC.

Have recommended repurposed notebook a number of times in the pfSense hardware forum. I use an old Dell Inspiron 5100 with a PC card NIC for the WAN interface.



NOYB
St. John 3.16
Premium
join:2005-12-15
Forest Grove, OR
kudos:1
reply to NetFixer


The 2.1 pfSense beta is pretty good and getting better all the time. It is what I run.



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by NOYB:


The 2.1 pfSense beta is pretty good and getting better all the time. It is what I run.

OK.

However, I was specifically referring to current pfSense problems with Comcast's dual stack implementation. The OP is a Comcast customer, but from your posting history, I don't get the impression that you are a Comcast customer.

»[IPv6] pfSense - Anybody else having issues?
--
A well-regulated militia, being necessary to the security of a free State, the right of the people to keep and bear arms shall not be infringed.

When governments fear people, there is liberty. When the people fear the government, there is tyranny.


Phoenix22
Death From Above
Premium
join:2001-12-11
SOG C&C Nrth
Reviews:
·Comcast Formerl..

1 recommendation

reply to JJJohnson

said by JJJohnson:

My Comcast connection was recently upgraded from 25 Mbps to 50 Mbps downstream. I find that the ZyWALL 2 Plus and the ZyWALL 5 firewalls that I own aren't capable of handling this amount of traffic when the firewall rules are enabled.

What is a reasonably priced (under $75 let's say) firewall that can handle this traffic? I don't need wireless or gigabit ethernet ports, since I use a separate gigabit switch and wireless access point for my home network.

try the norton firewall that COMCAST.............gives you for free
works 4me.......at that speed...........they will give you the whole sweet suite.........install all then delete the comcast constant guard and voila..........you don't need to re-invent security
»xfinity.comcast.net/constantguar···T_33_640
--
101ST ABN Div. (AirAssault) "Rendezvous With Destiny!" "Night Stalkers/Phoenix Flight" For Buddy...who lived it! Whiskey for my men and beer for my horses! H.A.L.O!, 5th Grp., MACV SOG, 160TH AVN SOG, Death From Above, VFW, AmLegion