Would like to get a router to connect a simple two-computer home network using a Ethernet DSL modem. Primarily concerned with security; not port jacks or ease of setup. So what's a good, cheap router that has robust firewall / security features?
I would recommend the Cisco Pix routers. I do tech support for a living, so I hear which brands break down more than others.
Check it out, this is big time Linux free firewall software you can run on old PC.
web-based management: After the firewall reboots, take a look at the Web-based management interface. Use a browser connected to the Green network and go to http://192.168.2.1:81/, or use the Green IP address that you assigned and add the :81/ port. You'll see a splash screen and login prompt. Enter "admin" and the admin password that you set during installation.
To get started, download the ISO file and burn it on a CD. It won't take very long, since it's only about 40MB in size.
If you want a firewall then check out the SOHO lines from WatchGuard, Sonic and Netscreen.
If you want a router that does NAT and is "called" a firewall, then any cheap unit will do as none of them are firewalls (even though they are called firewalls).
snipped-for-privacy@kittymail.com (Bob Ladbury) wrote in news: snipped-for-privacy@posting.google.com:
I haven't gotten one of these yet, but you may want to check it out.
"I would recommend the Cisco Pix routers. I do tech support for a living, so I hear which brands break down more than others. "
Dude, you're a crack head. First off, a PIX does not route, so get your terminology correct. Second, stop smoking crack.
I've said it before, the dude wants a DSL combo, get a NetScreen
5GT-ADSL. Dig.
don't do that unless you know linux real well and ipcop.
get a sonicwall maybe,
PIXen failover setup here has been running 24/7 for more than 5 years, only failure so far has been a case fan on the standby unit that was easily replaced. Extremely reliable. However, I wouldn't class them as cheap as the OP specified in his requirements.
Dan
You DO NOT want a Hotbrick. If you haven't bought one "yet", consider yourself lucky and look elsewhere.
I could tell you my horror stories, but it would just waste time and my energy and there are many other legitimate options out there.
"Jameseee" wrote in news:iFKQd.62$hK5.13 @bignews3.bellsouth.net:
Well, let's hear it. I could say the same about a Linksys I owned not that I had that much of a problem with it. But I have seen lots of posts with others whining about Linksys. As a matter of fact, I have seen lots of posts with all the brands such as Linksys, Netgear, D-Link, Belkin etc etc of people whining about a product.
What else is new? ;-)
Duane :)
I would like to hear about the Hit Brick experience, I was also considering purchasing one and would like to know about your experience too:
What year was it purchased? What Model was it? What was the problem? What did support recommend? What was left unresolved?
I was interested in one of these - LB-2 - but my ardour has been somewhat cooled.
Hotbrick do not build these units and it has been confirmed that this is the exact same unit as the Xincom 502. Xincom is in Oregon and Hotbrick are in Florida but the unit is built in Taiwan by some unknown company for *both*.
When it comes to firmware it appears this is also done in Taiwan (threads on dslreports.com re the Xincom). Nothing wrong with Taiwan as there are some great companies there - eg Asus and Zyxel is also from there.
But I am not overly fond of "badge engineering" as one is dealing in effect with a middleman who does not have as much control as one would want over the finished product. One can read about Xincom feedback on dslreports.com, some good and some less so. Essentially if one wants to graduate from the D-link/SMC/Linksys group (the RV082 appealed to me as well but this *too* appears to be made for Cisco/Linksys by a Taiwanese company and is also "badge engineered") you have to move to Zyxel and a step up -and following the Gilette razorblade model (firmware upgrades etc only obtainable after eg 90 days if one has a service contract)- to Sonicwall or Watchguard.
Peter
sonicwall overall the best deal in my opinion
OK. Here goes.
First, a Model 1200/2 -- Purchased roughly 2 years ago. Approximately a week after it was purchased, I noticed that the CPU Usage was constantly between 95% and 98%. It's a simple network with less than 20 computers; no web servers or email servers; no incoming connections whatsoever. This is a dual WAN port firewall connected to a T1 on WAN1.
Technical Support said that it was just a display issue and did not affect the functionality of the unit. It would be fixed in a future firmware release.
Approximately 8 months later (while still waiting for that firmware release), we had a minor issue with the T1 line and a DSL line was added as a backup. This works fine so long as both Internet connections are functioning normally. However, when the DSL line was experiencing problems, I went into the setup of the firewall and disabled the WAN2 connection until the problem could be resolved. Well, this doesn't work very well. If there is a WAN2 configuration (enabled or disabled), at least 1% of the outgoing traffic will attempt to go through that port. The result is many dropped connections waiting for a response from the WAN2 port and no response is forthcoming.
Technical Support: Let me put it this way. I'll let you know when I hear from them, which will probably be about the same time that the updated firmware for this unit is released. That's right; still waiting.
Second, a Model 600/2 -- Purchased roughly a year ago. Died within three months. Apparently purchased near the end of the product life because when I tried to get warranty service, I was told that we don't sell those anymore. They replaced it with the LB-2 AND a SoHo 401. Like an idiot, I took the replacements after being told that the LB-2 had "the same capabilities" as the 600/2. While this might technically be true, the apparent manufacturing quality of the LB-2 compared to the 600/2 is like comparing a Yugo (remember those) with a Hummer. It just has that feel that if you even turn it upside down, something might come loose.
At any rate, after getting the LB-2 configured and running properly, everything ran fine for 2-3 months. Then, one morning, I find 42 e-mail messages in my Inbox from this firewall sent approximately 3 minutes apart stating that the firewall was rebooting. The problem started and stopped on its own. This network is a different client with only 10 computers and NO ONE works at night.
Technical Support response: This unit will reboot when you make certain administrative changes. When I explained that no one was making any administrative changes, their response was "Well, somebody was. Check the log file." No one was in the office and no one logged into the Administrative Console of this device. No evidence of anything unusual except for the sudden appearance of 42 e-mail messages when I had received NONE before.
The problem went away and I was tired of the 24-48 hour delay for feedback from Technical Support, so I forgot about it and moved on. Then, this client wanted to have a VPN connection. OK. The 600/2 was a VPN/firewall and the LB-2 is a VPN/firewall. No problem. I thought I would do it the easy way and I purchased the Hotbrick VPN Client software. This was the wrong thing to do. After fighting with this for three days with no success, I submitted a help request via their website. Four days later (with no response to my previous request), I submitted a request for a refund as per their 30-day Money Back Guarantee and 100% Satisfaction Guarantee shown on their website. Two days later (with still no response to either of the previous requests), I sent an e-mail message to several e-mail addresses at their site and finally received a polite response informing me that problems with their website had caused "minor" issues. He also stated "I called you but you were not home. The privacy director on your phone system did not give me an option for leaving you a voice, this is why I am writing you via email." According to my Caller ID, NO other phone calls were received from Hotbrick and NO voice mail messages were ever received.
Since I had a job to do and I was not getting information from Hotbrick, I removed the LB-2 and replaced it with a USR 8200. With the USR 8200, I was able to make the VPN connection without incident and without the use of the Hotbrick VPN Client software. I informed him of same; told him I didn't think that ignoring my help requests for a week was a "minor" issue and that since they did not respond, I had to take other steps to complete the project. Under those circumstances, please issue a refund.
Four days later, I received a message back with an RMA# and was told that he would contact me when the refund was issued. Coincidentally, the next day, I went online to check the credit card and what do I find? Fraudulent charges are now appearing on my credit card; a credit card that had not been used in four months. When I called the vendor making the charge on my card to investigate, I was told that the purchaser had ALL of my information and that the purchased items were to be shipped to an address in Indonesia. He gladly reversed the charges and no harm done. I cancelled the card and had a new card issued. I realize that this is circumstantial and the theft could have come from another site, but I don't think so. I may be wrong, but I'm not taking that chance.
I, again, received the RMA# in another e-mail message 2-1/2 weeks later when I asked for the status.
Another 3 weeks passed with multiple e-mail messages back and forth and multiple voice mail messages left with them before I had the pleasure of speaking with the owner of the company who informed me of the following:
We ended our pleasant conversation with him beginning to show his paranoia. Apparently, my phone sounded weird at his end and he asked if I was on VoIP. I said No. He said "Oh, I'm on a speakerphone then." I said "No. Its
7:30 PM and I'm watching a basketball game in my living room. Why the hell would I have you on speakerphone?" I swear to God, he started to ramble something about witnesses and I said goodbye. A $72 piece of software and I'm going to have his phone call witnessed? For what, so I can waste more of my time to end up on Judge Judy?It is absolutely possible that the guarantees do not apply to software and it is absolutely possible that this fact is in the legal mumbo jumbo I agreed to when I made the purchase. A fact that I willfully acknowledged when I was told. This fact and this fact alone would have put an end to the matter 4 weeks earlier had someone just made that known. I have purchased other software that cannot be returned; I understand that. Tell me that right from the start and it would have been over. But, I'm not from California, so what do I know?
So, that's the story. At least the highlights. Their equipment, for the most part, appears to do what it claims. Known problems may or may not ever be fixed. Either the LB-2 VPN capabilities are lacking or their instructions are lacking, or both, but I had NO problems with the VPN once I removed the LB-2 and installed the USR 8200, so it isn't that I have no clue how to deal with a VPN. If you purchase Hotbrick, I would strongly recommend purchasing from somewhere other than their "secure" website as I have good reason to believe that it may not be all that secure.
I wouldn't purchase from them again, period. But, that's just my opinion.
Later.
James
I was only commenting on the reliability of the PIX in response to Shizali's post. My PIX are not at home, they are used in a business environment for to protect my LAN and public servers and to restrict local user access. Things like virus scanning and parental control are not a requirement for me (virus scanning is handled on a per desktop and centralised systems for email and file transfers, and a third-party system like WebSense is available for web content filtering keeping the PIX doing what it does best) - the ability to run 24/7 under almost constant load dealing with average of 5000+ simultaneous connections and easily handling the throughput of a saturated T1 line along with internal (private LAN to DMZ) data transfers of up to
100Mbps, plus transparent stateful failover to a standby unit in case of maintenance or primary unit failure is what I need in a firewall :PDan
security;
Bob,
I think everyone has gotten a bit "over technical" with you because some valid information is missing from your post/question.
My guess is you have a DSL or Cable Modem connection to your "two-computer" network and not a T1 or other "business class" network connection. In which case, I think the request for a "router" is redundant. What would you need a router for in this configuration? Maybe you need one between your two computers. That would seem silly, but I have seen sillier! :-)
If I am to continue on this assumption then what you REALLY want is a "good cheap FIREWALL" that has robust security and features, then that question is a little easier to answer.
Sonicwall, Watchguard, PIX, Checkpoint SOHO, etc. all good products. BUT they have subscription licenses based annually for updates (and you simply MUST continue to update your firewall, whichever you decide on..). So unless your "cheap" statement actually meant somewhere in the neighborhood of $350+ initial and around 40% of that annually afterwards then you need to be looking at a personal firewall (software on the machines), or an open source solution.
I hate to sound like a broken record, but m0n0wall will do you MORE than fine
Just my humble opinion, and many appologies if a assumed incorrectly!
Good Luck!
Smooter
OK thanks for the reply. ;-)
Duane :)
You're right, but why the need to guess? I wrote in the line you quoted above that I had a DSL modem, and wanted to set up a simple two computer *home* network. That would rule out a T1 business setup, wouldn't it? Why would I need a router,you ask? That's a good question. That would be because I couldn't get any help in my previous attempt to set up a simple peer to peer network. Apparently, even the networking experts are stymied when you ask them to help you set up a simple 2 computer ad hoc network under Win XP. Several days of trying to educate myself in networking, researching half-baked articles on p2p networking from Microsoft and many other sites, all of which left more questions than they answered, proved fruitless. You're also right that I was looking into a router simply because I wanted a hardware firewall. But since everyone I talked to for assistance in setting up my p2p network -insisted- that I forget about that and use a router (even though, as you point out, one would hardly need one for 2 computers). I was even 'verbally' attacked on the net, just for mentioning that I wanted to set up a home network system sans router.
But even though I was sure I could do it, it made little sense for me to continue with my idea of a simple p2p network, if I was already going to get a router anyway. Even though I wanted to do it just to prove everyone wrong, that you -didn't- need a lousy router just to network a couple o' lousy computers! In any case, I certainly didn't have $500 professional Cisco routers in mind or complicated mad-scientist schemes involving hardware firewall emulations using discarded PCs, floppies and Linux wares, when I posted that I was looking for a CHEAP router for my *SIMPLE* *HOME* 2-computer network. The responses were not helpful, but at least they were humourous. When it gets this crazy, I realize I'm better off just doing my own research. After this, I whittled it down to 2 *cheap* but *good* routers, with *robust firewall features* (this means SPI at the very least); the Netgear RP614 and the D-Link DI-604. Of the two, I picked the Netgear RP614. (If you want to talk about silly, I also got one for my friend. He only has one computer). Cost? $19.99 CDN. (down from $60. Staples had a sale, $40 rebate....). See? It's not as complicated as it seems....
snipped-for-privacy@kittymail.com (Bob Ladbury) wrote in news: snipped-for-privacy@posting.google.com:
That's what you requested *robust firewall / security features* and that's what people tried to help you with on your request.
Anyone could have told you to go get a cheap NAT (no firewall) router with FW like features if you had made that *clear*.
BTW, setting up a simple p2p between two machines without a router is not that complicated (piece of cake), but you're better off having the router do it, since it's a plug it up and go device with little or no configuration on your part.
Duane :)
I think Bob has fallen into the "age old" issue of trying to share resources (printers, disk space, internet access, etc.) between two Windows boxes without the loving comfort of a domain and the ease of shared permissions...
Bob, if you want to share resources on your two machines like I just stated, save yourself some pain and suffering, and make sure you have the EXACT same usernames and passwords present on each system. Make sure that each user that you want to have permissions on the other system to certain resources is setup on that machine with it's respective EXACT user. (is that confusing enough...don't know a better way to say it...). Add each machine to the others Hosts file (or LMHOSTS if you want to..) with it's static IP (on a small network you can leave the machines setup for DHCP there shouldn't be any reason at all for them to not get the exact same IP every time), and name.
What will happen when you try to access the other machine is the following: your active username and password will be passed to the machine/resource your trying to access. If the username and password exists in the local user database on the resource the resource will then authenticate you and as long as that user has permissions to that resource you in business!
Pass through authentication! BTW: Blank passwords WILL NOT WORK!
HTH
Smooter
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.