bsippl
join:2002-02-21
Columbia, IL | What firewall to get?
I am planning on getting a firewall but can't decide which one to get. Right now I am thinking about ZoneAlarm Pro or a router. What do you guys recommend, if a router, what brand?
Thanks |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
 ·Speakeasy
| Why not get both the ZAP (or Zone Alarm Free) and a router? One is the 2nd layer for the other. The router would block incoming and ZAP/ZAF would handle the outgoing. If you can afford both, I would go for both.
--
JKK Age is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature! |
|
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
| reply to bsippl
A firewall and a router are not the same thing. A router's NAT feature acts similarly to a firewall for inbound connections, meaning it blocks incoming unauthorized requests, but it does nothing for outbound connection attempts, such as the type a trojan or other malware would make if it managed to infect your system. For that reason, most would agree that running a software firewall, regardless of whether you have a router, is a good idea. Having both is nice, as it provides a layered defense for inbound intrusions, but is not absolutely necessary.
As far as which software firewall - as long as you're choosing among the more well known ones (ZA, Sygate (avoid if you plan to use a local proxy of any kind), NPF/NIS, Kerio & a few others), it really comes down more to personal preference than which is "better" as all should do a good job of protecting you if setup correctly. The only advice I can give here is to pick one that suits your needs and level of understanding - for example, if you don't know anything about the various protocols, ports, etc. and aren't willing to take the time to learn, don't pick a primarily rules based firewall, as you'll end up with a "leaky" ruleset.
hope that helps.
--
Pinky: I think so, Brain, but "Snowball for Windows"? |
|
bsippl
join:2002-02-21
Columbia, IL | I got a Netgear RP614 Router which came with Freedom Personal Firewall software, is that software any good?
»www.freedom.net/products/firewall/index.html |
|
gkweb
join:2003-06-09
76800
| reply to bsippl
Why not have a sticky on the forum about "what firewall to choose" ?
The question is asked so often that i think it could be a good idea 
Of course the answer could be very short like "depending what you need" ;-D |
|
StraitShoot
Who Loves Ya Baby? - Theo Kojak
Premium
join:2003-02-08
Clinton, MA
| reply to bsippl
You can go to BestBuy and pick up a Dlink 604 for $20 (after rebates) !!!!
I would get that, plus add Zone Alarm Free or Pro for $40!
Or Norton Personal Firewall
Irregardless, the Dlink is a NAT, you still need a software firewall, but $20 bucks is hard to resist!!
I think this Dlink is good only for this week...
Forgot to mention Outpost... (www.agnitum.com)..
That actually is very configurable... Very good Firewall..
The active content needs work, though..
--
Stavros! Why are you eating again, Stavros?
[text was edited by author 2003-08-19 22:07:36] |
|
hayc59
VoodooChild
Premium
join:2001-02-26
David R.I.P.
| reply to bsippl
may i recommend one??
OutPost by Agnitum!! Highly Rated and fun to!!:)
»www.agnitum.com/products/outpost/
and i know they have a great forum for help and
more fun:)
»www.outpostfirewall.com/forum/index.php?s=
so take that leap of faith and give it a shot!!:)
i think you might like it!!
--
Proud Owner of OutPost Pro |
|
Tom McCune
@rr.com | reply to Zupe
RoadRunner,
I think you gave some of the best input I've seen in a single post on this subject. I would add that some routers, such as the BEFSX41 that I use, also have Stateful Packet Inspection in addition to the NAT protection. |
|
teh
Gekke Kraai
Premium
join:2003-03-21
Malaysia
| reply to hayc59
I agree with hayc I started using Outpost.
Check out for software firewall test results:
»www.pcflank.com/art41c.htm
»perso.wanadoo.fr/jugesoftware/fi···est.html
Based on those links is why I dropped NIS2003 and installed Outpost.
[text was edited by author 2003-08-19 22:13:03] |
|
Hutch
My Throne is the Dunny
Premium
join:2000-10-14
Out House
·Internode
| reply to bsippl
I suggest you use a Firewall that suits your needs. There are many of them to choose from. I suggest you try them all.
I prefer ZAP. Others prefer Kerio/NIS/Sygate/Outpost/Look 'n' Stop just to name a few.
--
*TeamZ*Member |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
·Speakeasy
| reply to bsippl
Hey everyone. The poster already has a software firewall as noted in his/her comment:
I got a Netgear RP614 Router which came with Freedom Personal Firewall software, is that software any good?
Since I know nothing about either of these 2 things as to specifics, about all I can say is if the router came with a firewall, would it be necessary for this person to have anything else? I would think not, but again, Freedom is not one of those that I have paid much attention to. I know that it has been mentioned here semi often, but that's about all I know.
They have both a router and a software firewall. Would anyone concur, on that basis, nothing more is needed? I don't know about the router either. Mine is a Linky, and I know little enough about that one as it is.
--
JKKAge is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature! |
|
Jettubby
join:2002-09-30
Burlington, KY
| reply to bsippl
Well if you don't mind spending a few bucks get a Cisco Pix 501. It's got a nice Gui interface so no more of that command line stuff required. There's even a setup wizard for those that want it easy. It's pretty much set up plug & pray and integrates very nicely with cable or DSL modems. One extra thing I do it set it to deny ICMP replies. So far very happy with it. CDW will let em go for about $395.
--
"May the forces of evil become confused on the way to your house." - George Carlin |
|
sat
join:2001-01-25
WA | Sorry for the OT, but does Kerio firewall still have the loopback bug? I use proxomitron, and wont let go. |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to bsippl
Rule allowing loopback, but reserving blocked ports... |
--
I'm not good,
I'm not nice,
I'm just right.
I'm the Witch.
You're the world. |
|
sat
join:2001-01-25
WA
| Thanks - yes, I think I am confusing it with Sygate (which was a very good firewall btw, I removed it due to the loopback issue). I think Tiny/Kerio had problems with standby/hibernate on my computer, so they had to go, and Im using ZA Free now.
I'll probably go Outpost (pro) soon. |
|
callihn4
join:2002-01-10
Space
| reply to jaykaykay
I would go for both. ZA Pro 4 is on sale at Best Buy here this week for $20.
»www.bestbuy.com/site/olspage.jsp···p=%20%20
You should get a router with a built in firewall that has at least SPI.
Look at Zyxel and Netgear products and see if you can find one that fits your budget. Zyxel would be my first choice of the two.
»www.zyxel.com/product/category.p···21873683
»www.netgear.com/products/routers···lvpn.asp
--
If Operating Systems Were Women? : »www.sigkill.com/os/ |
|
ukmitch
Travelman
Premium
join:2002-09-27
Redcar UK
|  reply to gwion
>"Kerio never had a loopback bug, you may be confusing it with Sygate? Sygate has an implicit allow on all traffic to 127.0.0.1"
------------------------------------------------------------
Is there any workaround for this.
Any specific rule in Sygate?
I now use Sygate as my firewall, but I also have Ad-Subtract which acts as a proxy server and so I have a potential problem here - although on the Sygate forum, the loop-back bug is described as "theoretical"
Perhaps I need to change firewalls, as I want to retain Ad-Subtract at all costs?
--
Cheers! - ukmitch |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ
·Speakeasy
| reply to bsippl
C'mon, guys. Let's get back on topic and answer the specific question the original poster asked.
"I got a Netgear RP614 Router which came with Freedom Personal Firewall software, is that software any good?"
Do they really have to buy another router and get different firewall protection or is what they have acceptable?
--
JKKAge is a very high price to pay for my maturity. If I can't stay young, I can at least stay immature! |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to bsippl
Well, that's the bug. In Kerio, you can change the rules allowing loopback (they're "explicit" rules, that you make and edit, as most packet filters handle them) --- Sygate puts in an "implicit" rule (it's coded into the firewall, and can't be edited or disabled) to allow 127.0.0.1; probably a feature, rather than a bug, to a lot of beginning users, actually... but a real issue for proxy users and people with special needs. It also limits some of the diagnostics you can do using the packet filter and the logs... but I digress... bottom line, much like many of MS' "features" -- one man's pudding's another man's poison.
--
Do not put your faith in a cape and a hood.They will not protect you the way that they should.And take extra care with strangers, even flowers have their dangers,And though scary is exciting,Nice is different than good. |
|
Zupe
Premium,MVM
join:2001-11-29
New York, NY
clubs:
| reply to bsippl
said by bsippl  :
I got a Netgear RP614 Router which came with Freedom Personal Firewall software, is that software any good?
Having never used either, I can't really make any definitive statements, but Netgear is a well-known, popular brand and I'd imagine the router would be fine - you might post in DSLR's Netgear forum - »Netgear if you have any specific questions.
As far as the firewall - I know very little about Freedom Firewall, though I've heard it mentioned occasionally. While it's probably fine, if it were me, I'd be inclined to choose one of the more well known firewalls, as among other things you'll find more support here and elsewhere for setting them up or solving any problems you may encounter.
--
Pinky: I think so, Brain, but "Snowball for Windows"? |
|
