Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

In the market for a physical hardware firewall. Suggestions?


  • Please log in to reply
8 replies to this topic

#1 CarrotKomii

CarrotKomii

  •  Avatar image
  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 17 May 2021 - 09:11 AM

I have a 250ish budget and i'm not a business just a home owner that has been constantly barraged by someone or some people over a year and i'm finally ready to invest in a firewall. I use malwares firewall controller on the software firewall side but I have no hardware firewall. I've heard SOPHOS XG is great but I have little experience. Id like to have all the new features that make older firewalls obsolete. Anyone? ideas? 



BC AdBot (Login to Remove)

 


#2 ET_Explorer

ET_Explorer

    Bleepin' Forum Reporter


  •  Avatar image
  • Banned Spammer
  • Member rank image
  • 5,495 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:53 AM

Posted 17 May 2021 - 09:19 AM

External Firewall is useless, microsoft defender has built-in firewall and its the best and its free.



#3 CarrotKomii

CarrotKomii
  • Topic Starter

  •  Avatar image
  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:53 AM

Posted 17 May 2021 - 09:28 AM

Not with the persistent threat actors i'm dealing with. I need every single advantage I can get. an OS based firewall is NOTHING if i'm under an OS hijack scenario. Elevated privileged remote connected actors can bypass that easily. Not so much a hardware firewall.


Edited by CarrotKomii, 17 May 2021 - 09:29 AM.


#4 EmanuelJacobsson

EmanuelJacobsson

  •  Avatar image
  • Members
  • 346 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:53 PM

Posted 17 May 2021 - 09:36 AM

Not with the persistent threat actors i'm dealing with. I need every single advantage I can get. an OS based firewall is NOTHING if i'm under an OS hijack scenario. Elevated privileged remote connected actors can bypass that easily. Not so much a hardware firewall.

If youre so worried about elevated privelege/bypass exploits then use an standard user account, it additionally nullifies 94% of exploits targeting Windows.


Edited by EmanuelJacobsson, 17 May 2021 - 09:37 AM.


#5 jontheeye

jontheeye

  •  Avatar image
  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:53 PM

Posted 17 May 2021 - 10:24 AM

Hi

 

As you budget is quite low, I would look to a software based filewall. I quite like pfsense. (www.pfsense.org). Put two network cards in an old PC and that will give you full control about what traffic flows between the outside and inside of your LAN.

 

If you had a bigger budget, I would look at Juniper boxes (maybe and SRX300) and an old favourite of mine, the Firebrick (https://www.firebrick.co.uk)

 

Incidentally, you DO need a firewall, Microsoft defender is not the best, for example, it can't resolve/reverse DNS, it can't even geo-code your IP traffic. Firewalls are much more that creating NAT rules - A firewall has to be able to rip open and analyse in real-time ever single packet entering and leaving your network.

 

Also, and sorry for being blunt but if you network, systems and data are important, could you not extend the budget to something more than the cost of a decent office chair?

 

Anyway, good luck with your project.



#6 buddy215

buddy215

  •  Avatar image
  • Moderator
  • 20,250 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:53 AM

Posted 17 May 2021 - 10:35 AM

Lots of info and some tests you can run to check vulnerability of your present setup at GRC | ShieldsUP! — Internet Vulnerability Profiling


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
If we are to have another contest in the near future of our national existence, I predict that the dividing line will not be Mason and Dixon’s, but between patriotism and intelligence on the one side, and superstition, ambition, and ignorance on the other. Ulysses S. Grant...Republican president who correctly predicted the cause of Trump's attempted coup.

 

 


#7 N0vajay05

N0vajay05

  •  Avatar image
  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 13 May 2022 - 11:24 AM

You can purchase any number or former enterprise servers or desktop machines that can run pfSense for around $100-150. Would be perfect for what you're asking. Dell R210 or R220 can be found on eBay all day long and does great with pfSense. There's one on there right now for $160 with 8GB ram, done.



#8 0lds0d

0lds0d

  •  Avatar image
  • Members
  • 5,000 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:08:53 AM

Posted 13 May 2022 - 02:43 PM

Use a Linux firewall on an older refurbed desktop, add an extra network card (or use it's WiFi or add a WiFi dongle for networking to your LAN) and install a free Linux firewall.

 Best Free Linux Firewalls Of 2022 | TechRadar

 

Use something like this....$1 - $250 Desktop Computers | Newegg.com

 

Features to look for should be antivirus scanning (maybe expensive), stately packet inspection of connections, IP blocklists, spam/phishing filter (free filters) and maybe some form of advertisement filter to keep malware ads out.


Edited by 0lds0d, 13 May 2022 - 02:54 PM.

Colossians 3:12-3


#9 Shplad

Shplad

  •  Avatar image
  • Members
  • 6,687 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:09:53 AM

Posted 12 August 2022 - 05:08 PM

What Emmanuel said. And I also second (third?) the recommendation

for something *nix-based. Personally, from everything I've read, I'd

go with the free version of PFSense. It really is quite excellent and

there's a lot of room to grow.

 

The learning curve is significant, though. Not difficult, it's just not

as simple as your average home router. I only used it once years ago,

but very powerful and pretty intuitive interface for what it does.


- Use this to collect and post information about your PC hardware, software and configuration (Whether or not you have crashing).

 

Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 & Vista

https://www.bleepingcomputer.com/forums/t/576314/blue-screen-of-death-bsod-posting-instructions-windows-10-81-8-7-vista/

 

 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users