1. Home
  2. Networking Firewalls
  3. Firewall (cheap) that supports PPTP inbound to firewall

Firewall (cheap) that supports PPTP inbound to firewall

I have a new client that needs to access their 3 system network from remote locations, the want to use PPTP inbound, terminating at the firewall, to access the entire network. In most cases I would have installed a WatchGuard 500 (since they are a very small office), but that's too much money for their project.

I've looked at the ZyWall units, but they don't say if the support users connecting to the firewall directly (from remote locations) using PPTP and then accessing the network.

Anyone got real experience with a NON-PC based solution, must be an appliance, that is under $500 and doesn't require proprietary VPN software?

Thanks, Mark

Reply to
Leythos
Loading thread data ...

D-link 804 and other does IPSec , then you install an IPSec client on the pc-s.

Reply to
phn

It was nice of you to point this out, but I specifically asked for PPTP. Having worked with many firewalls and routers, I'm already aware that most of them support IPSec.

In case anyone else missed it, I specifically need a PPTP solution.

Reply to
Leythos

A cisco pix 501 will do pptp and costs under 500 USD.

greg

Reply to
Greg Hennessy

A small Linux box running iptables and poptop

formatting link
I have a number of these working nicely in the field.

Oh bugger, I just noticed you said NON-PC and must be an appliance. Sorry, but I'll post anyway because others might find it useful.

Reply to
Mike

The reason is reliability and stability. In all the years that I've been doing this I've never found anything more stable and reliable than a dedicated appliance device. There is nothing "strange" about a inexpensive firewall that permits external PPTP connections.

I can already setup a PC with nix and various firewall products, that's not something that this solution needs.

The requirement is an appliance that has stability, reliability, ease of management (even for a non-firewall type), and PPTP inbound terminating at the firewall appliance.

A PC running any OS/firewall does not meet the needs for this job.

Reply to
Leythos

Now that is strange: why NON-PC ???? You would buy any strange box with proprietary software in it, but not a PC with just a proprietary BIOS ?

Or do you mean NON-WINDOZE ?

In that case, nothing cheaper than a Pentium-1 box (people throw these things away these days) and a Linux-IPTables firewall. Can be done without a hard disk, right from a floppy or a CD, without a video card (managed over the net). Needs little memory too. Two ethernet cards in it.

Bring along a Unix guy to set it all up.

frgr Erik

Reply to
Erik

Not pptp but another CHEEP solution to this problem is to run a Linux firewall and use Safe Passage as the VPN instead of running PPTP. Safe Passage tunnels all internet traffice including Windows Filesharing via SSH (even tunnels DNS requests). So just run an SSH server on the same linux firewall and you're all set. Note that with Safe Passage you have to go directly to the domains or IPs of the windows machines or printers you are trying to access via the VPN (since UDP can't be tunneled). Email and everything will be secure.

See

formatting link
for more information on Safe Passage.

Reply to
joe briggs

You know, I'm always amazed at how people want to answer a question, with very specific needs, with something that does not meet the needs of the solution.

If I wanted to just enable RAS on the clients server and do a PPTP pass through on the router I would be just as secure, no additional hardware, and have it a lot easier to manage for them than installing a Linux based solution.

I called the Zywall support team and was told that their units are just high-end routers, that they don't support PPTP inbound connections, only IPSec connections - which would work if I wanted to do it that way, but there are a large number of routers that support IPSec that are cheaper too.

I appreciate you taking the time to reply, but your reply does not fit the constraints of the solution path.

Reply to
Leythos

Mark, Have you looked on ebay for reconditioned/used watchguard's?

I recently picked up a FB III 700 for around 300GBP works like a dream and was in "as new" condition with a 20 seat MUVPN license thrown in.

Just my .2p

Reply to
Robin Grayson

Yes, I have, and I'm considering that option. The problem with ebay is that the units don't come with a valid key, no warranty, and no live security service. While I have the software, the licensing is a issue if you want to install for customers - the Live Security license is $975 USD in most places.

Reply to
Leythos

Yeah, that does pain me when I have to pay that.

But what do you actually need from the livesecurity?

I've not tried it, but is it not possible to download the latest software from a valid subscription and update the non-subscribed FB with it? Or does it check the serial number etc on install?

Reply to
Robin Grayson

Sorry, maybe I should have read your post properly before replying!

Reply to
Robin Grayson

While you can easily use one subscription key/firmware to update many units, it's not ethical or legal. They provide one key per box and that means one $975 license per unit.

Reply to
Leythos

Last I checked, the Snapgear units supported pptp terminating at the firewall. Have you looked at those? They were bought out by another company, can't remember its name.

They're nice units, based on Linux. I had a couple for a while.

Brad

Reply to
Brad

I got Comtun 4.5 at

formatting link
the price could be as cheaper as 67 USD.

"Brad" escribió en el mensaje news: snipped-for-privacy@4ax.com...

Reply to
Fidelio

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.