coomarlin
join:2000-12-29
Morgantown, WV
| SPI firewall?
I'm in the market for a new wireless router/firewall. I hear a lot of talk about SPI being an important feature. Some of the routers I've looked at do not list SPI (D-Link 524).
Is this a must have feature, or are most of the firewall capabilites of modern wireless routers pretty much the same?
The two primary routers I was looking at was the D_Link 524 and the Netgear 614. The Netgear lists SPI but the D-Link doesn't. |
|
DFWDraco76
Premium
join:2001-02-21
Plano, TX
clubs:
 ·Verizon FIOS
| I can't speak to the routers you've mentioned, but here is some info on SPI that may be helpful: »www.homenethelp.com/router-guide···wall.asp
--
my humble website: »www.utdallas.edu/~bal023000 |
|
jack b
Gone Fishing
Premium,MVM
join:2000-09-08
Cape Cod
clubs:
 ·Comcast
| reply to coomarlin
Get one with SPI.
It's a higher level of packet monitoring than just is it a returning packet.
[snip]
"The firewall looks at the source and destination IP addresses, the source and destination ports and the sequence numbers to decide if the packet belongs to a current open connection. If there is a connection open that applies to the packet that has arrived from the Internet then it will be allowed through, otherwise it will be rejected."
--
~Help find a cure for cancer~Proud Member Team Discovery |
|
TerryMiller
Premium
join:2003-10-23
| reply to coomarlin
Since most consumer routers don't disclose exactly what they implement as SPI I consider them all the same until you get incoming and outgoing firewall rules. If there is some feature you want like remote logging then use that, otherwise get what's cheapest and run a software firewall for logging and outbound protection.
Just my opinion, I'm sure there are others.
--
My family site |
|
mboy
Premium
join:2001-04-13
Little Falls, NJ
| reply to coomarlin
I would steer clear of any of the Dlink SOHO routers. I have used a few and think they are JUNK. Not stable (software), not built very well. I do have a bunch of Dlink 24 port 10/100 switches I like tho.
I would highly reco a BUffalo WBR2-G54 wifi router, even does WPA-AES with the latest firmware. Has evwerything you want, even can block all wifi clients communicating with each other if you want, and has a client you can install on a PC that will pop up and give you access alerts.
Very stable router and can be found cheap when on sale (paid like $20 AR for mine).
I also have had much success deploying the SMC 2804wbr routers in a # of installs for family and clients. Father has 1 I set up, has 3 wifi clients on 24/7 and about 4-5 wired PCs on 24/7.
Both have SPI and I believe both have inbound/outbound filtering as well. |
|
Mei Guo Ren
join:2001-11-05
Silver Spring, MD
3 edits | reply to coomarlin
The linksys WRT54GS uses a 200MHz Broadcom processor running Linux (2.4.5 kernel, I think) and it has an SPI firewall. If you look at a router's specifications or manual and it shows port forwarding and an ability to block specific ports, protocols, WAN IP addresses, it is probably SPI (statefull packet inspection). I've assumed that the linux-based ones are using IP Masquerading (NAT) and IP Tables firewall, since these are built into the kernel. If you get a linux-based router with open-source firmware/OS, you may be able use 3rd party firmware that gives you more features and options.
--
Addicted to Linux since 1998. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
1 edit | reply to mboy
Hey Mboy can you test them for me.
Turn NAT off and see if the clients are still protected by the firewall. That is a better test than reading the marketing crap.
THe ZyXEL home routers P334W for example has an SPI firewall and the firewall does remain protecting when NAT is turned off. The buffalo makes good wifi but their core router features are nothing special, you would be better off to go with another router that does have SPI the
linksys wrt54GS.
MG, the P334W has a 225MIPS 175MHZ engine and IM sure the wrt54GS has the same or slightly higher guts, so I think your specs pertain to the wrt54G only. In any case from my knowledge yes, a working SPI firewall.
The test is throughput, both the P334W and Linksys wrt54GS have gobs of throughput with firewall turned off, easily 25Mbps plus............ With the firewall activated this drops to around 8Mbps. (price to pay for higher level packet inspection.)
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner" -
(Llama Works Equipment ) - |
|
mboy
Premium
join:2001-04-13
Little Falls, NJ
1 edit | reply to coomarlin
Can't test it, I use my Buffalo as an AP only. Have my Snapgear SG550 doing all of my routing and firewalling duties (yeah, that one does bridged firewalling among MANY other things).
How much is that Zywall you are talking about. The poster was talking about SOHO routers which can be had for $50.
Again, I paid $20 for my Buffalo.
I don't think your Zywall is in that (lower)class.
Actually, just took a peak at it. Seams pretty good, can be had for $100, bit is still significantly more then a Buffalo, Dlink etc (% wise).
I saw VPN mentioned, but I did not see anything about what type of encryptionj it offers.
Does it support WPA AES?
If it is in the original posters bugdget, it looks like a nice unit. |
|
coomarlin
join:2000-12-29
Morgantown, WV
| reply to coomarlin
Well I picked up a Netgear WGR614 v5 from Staples today because it was cheap. $49.99-$20MIR=$29.99
It says it does double firewall NAT and SPI and also WPA. It's a 802.11g 54 router. I'm not planning on using the wireless portion of it right now, but maybe soon in the future I might. |
|
