Which Firewall

[TEggHead]

who says WinRoute is only for large scale LANs? come'on! Granted, it's commercial, but at a price of ~$150 for a 5-user license and free .x upgrades, having started with 4.0 when I got my hookup (3yrs back) and have had three updates sofar. the price may seem high, but you get

Packet Filter
DHCP server
DNS forwarder
Mail server
Proxy
WebCache
NAT router (a bit of digging and you can specify which portrange to use for NAT)
Port Mapping
VPN support

I think this is the best 150 ever spent (although it was a bit less 3yrs ago) ...I would have liked it even better if it had some more options regarding tcp flags (ACK and SYN only)

They have a lite version too especially for home lan's beit with a bit less options

Has anyone tried CHX-I ? It's an MMC snap-in much like the default IP security in W2K (but with a lot more options)...

http://www.idrci.net/idrci_tryit2.htm




Edited by - TEggHead on 24 Aug 2002  13:25:08

Edited by - TEggHead on 24 Aug 2002  13:41:38

[oltelman]

Larger than mine, for now.  Have contemplated a dedicated machine for WEB router & firewall.  Would eliminate the need for several programs that run on each workstation now.
Other than a good educational toy, I have no need for most of the features you've listed.  I understand there are certain advantages & it would add another layer of protection to my personal network.  I just haven't gotten that far yet!
I'm curious!  Have you or do you run a personal firewall?  If so, then which is easier to maintain?  Which do you feel more secure under as a user, not a server (i.e. Mail, WEB)?  

TIA

 

[geekster]

I'm currently using Sygate Personal Firewall.  The current version is without a doubt a top-notch firewall.  According to Steve Gibson's port scanning test at GRC, all my ports are stealthed. It monitors your computer at the Ring 0 level, and will even stop suspicious activity before it is fully loaded.

I've used ZoneAlarm and Tiny Personal Firewall with great success.  However, the latest versions of ZoneAlarm started giving me problems with my computer.  I really love Sygate's current incarnation.  TPF requires a more technical-oriented approach when configuring.  (You really need to know about rules.)
While ZoneAlarm does everything behind the scenes for you, Sygate is easy to configure, yet flexible enough, like TPF, where you can further define the rules for each program, or modify them to your satisfaction.

Try it, you'll like it.

>>>>>>> tHe gEEkstaR

--------------------
"All warfare is based on deception.
...to fight and conquer in all your battles is not supreme excellence:
supreme excellence consists in breaking the enemy's resistance without fighting." --The Art of War

[TEggHead]

quote:
I'm curious!  Have you or do you run a personal firewall?  If so, then which is easier to maintain?  Which do you feel more secure under as a user, not a server

I've sofar only ran AtGuard (mostly for its adblocking rather than firewall protection ) I have tried TPF because I like the ability to map executables to ports, but I'd rather configure a packetfilter than a rulebased thing like TPF or AtGuard (I configured both thru training, i.e. prompting if it don't have a rule for it) and when I had all rules for allowed and needed programs entered, I simply blocked the remainder.

I also tried TFP as Main Gate so to speak (on the box connected to the net)  but quickly reverted back to WRP as it is a heck of a lot of configuring if it sees two NICs, WinRoute has them completely separated by interface and incoming/outgoing, so rulesets are much easier to maintain and, both TFP and AtGuard show rules in one big list...which can get confusing at times if you have many rules...

I tried ZA one blue moon, but found it did not give me the control I needed. Already having one commercial package in place I wasn't planning forking out for a copy of ZAP, so never tried it.