Network Protection ... What types are you using?


#21

This thread has brought on some interesting discussion and I will admit to this being an area where my knowledge level is in the “amateur” range.

Curious still if anyone had any opinions/comments on the Zyxel Next Generation VPN Firewall with 1 WAN, 1 SFP, 4 LAN/DMZ Gigabit Ports I mentioned??

I’ve also looked at the -

I know I’m cheaper but I’m looking at <5 users on my home network, which originates in my office some 90’ away.


#22

The first customer-answered question on that Zyxel states that it is getting out of date and not being updated. I would have no idea.

bunga bunga!


#23

I have no experience with the Zyxel, the comments about quirky interface might put me off if I was trying to recommend it to someone else to configure. It also seems to be an older model.

The sonicwall would probably be my first choice out of the above list, the older Cisco would very likely require decent network config expertise, has no wireless, and wouldn’t be as up to date as the others.


#24

In your case a security gateway would be the best option. Make sure it does have deep packet. Some you have to update the firmware to get that.

It would go between your gateway and your router. Also recommend using your own wireless access point that is on the user side of the security gateway and connected to the router. If you decide to go that way, when setting things up use MAC authentication and specifically allow only the devices you want on the network. Requiring MAC authentication does a good job of shutting down those with in range of your wireless. Be sure to disable the WiFi in the modem when using your own AP.

The gateway modems that are being used by some of the internet providers are easily breached and would negate all benefits of beefing up hardware.


#25

I buy only cheap routers and smart wifi devices on AliExpress. If you can get over your curser moving by itself every once and a while and those annoying antivirus popup warnings, it’s great.


#26

both


#27

As I mentioned I use SonicWall devices and subscribe to their subscription service. You get quite a lot, including deep stateful packet inspection and security updates. And the machines are very reliable. I like that they are relatively user friendly unlike some of the other good firewalls (I’m talking Cisco, specifically). The one thing I’m not thrilled with is that you must use their VPN client soft client for remote network access from a notebook, instead of the built-in VPN client from Microsoft.

If it matters they were recently purchased by Dell and managed by Dell Enterprise Security team (if I understand correctly), which is comforting. And the one time that I needed technical support it was relatively painless. I also know at least one Fortune 500 hundred company with government contracts that uses SonicWall.

Another low-cost brand that I have heard good things about is Unifi/Ubiquity, but I don’t have the need or time to take a good look. I’m not claiming that this is a hardened enterprise class product but IMHO SonicWall is good enough for my protection.

Of course you still need to use soft OS based firewalls, and practice good user security no matter what you use to protect your network. I have personal knowledge of a hardened enterprise network getting taken offline in a ransomware attack when the CEO plugged in a USB device to his desktop.