Hi,

I'm looking for a firewall, probably as an appliance rather than a software solution, that will handle multiple internal networks (2 or 3) and have the ability to apply basic QoS based on protocol or source device. I guess I would go for a software solution on a dedicated PC if one was highly recommended.

In a nutshell, I've got multiple teenagers in my house and I want them on a segregated network (to protect my PC from their crap ;)) and, just as importantly, I want to throttle their Webcams / WoW patch downloads and P2P, to make sure my important stuff (filing my accounts online and/or playing BF2 :D:) takes priority.

I'm used to working with Checkpoint and FortiGate friewalls and so I guess I'm looking for the SoHo version of a corporate brand - but that sounds a bit 'techno-snobish'....

Whilst I can (and am) searching for QoS and Firewall on the web, I'd really like to hear from anyone who has an opinion for/against any particular device - personal recommendations mean far more than marketing bumph...

Thanks


Ian

pfSense has QoS i think.

www.pfsense.org.

I use it. Its pretty damn good. Stable. Supports as many networks as you have network cards. And has a load of other features.

Its based on BSD so its very secure, but it requires virtually zero *nix experience to use it (unless you want to start customising some of the really fiddly features or installing your own patches).

Also the other advantage is that its free.

I need something like that for Windows, as ISA 2006 doesn't run on AMD64 builds of Server 2003.

I would recommend pfSense, it works very well and I use it at home.

I am yet to find a reasonably priced SOHO appliance that can actually handle QoS and Traffic Shaping properly, many claim to do so but don't work.

I've looked for a SoHo equivalent of the Fortinets. They're just so good IMHO.

Trouble is, the SoHo Fortinets are silly prices.

I need something like that for Windows, as ISA 2006 doesn't run on AMD64 builds of Server 2003.

You aren't serious? Well, obviously you are - otherwise you wouldn't have said it - but it's a bit of a surprise.

A friend runs 2006, and that might be an option. On the one hand, I'd need to buy a new PC big enough to host 2003 and ISA 2006 and if I'm going to be spending a couple of hundred quid, I'm more tempted by an appliance. On the other hand - ISA will do the cacheing as well, so is more versatile...

Emmmmm - not sure.

I've looked for a SoHo equivalent of the Fortinets. They're just so good IMHO.

Trouble is, the SoHo Fortinets are silly prices.

I manage a 300a and 1000a at work, and I like them. On the positive side - hotfixes and bug fixes come out from the developers within a couple of days of raising a call - which is incredibly quick for any big vendor.

On the negative side, many other vendors don't *need* to issue hotfixes and bug fixes quite as often as Fortinet :mad:

And the Fortimanager is, IMHO, complete garbage, but it gave me an excuse to write my own browser based log viewer, using Syslog output from the FG - any excuse to write some code :D:

But as a rule, I like the products and the way you can seamless add in all the other features (web based filtering, AV, IDS).

If I had to buy shares in a security product company, it would be Fortinet :):

Ian

pfSense has QoS i think.

www.pfsense.org.

Thanks - that's exactly the sort of thing I was looking for. I used to do some casual *nix admin, so I enjoy some 'work', but don't want to end up spending days download package after package to resolve file dependancy issues (sore point with another 'appliance' I'm working on at the mo).


Thanks!


Ian

I would recommend pfSense, it works very well and I use it at home.

I am yet to find a reasonably priced SOHO appliance that can actually handle QoS and Traffic Shaping properly, many claim to do so but don't work.

Kandy - so you've found the QoS does work pertty well on pfSense?

Cheers


Ian

I seem to remember the home versions of the Netscreens being very good and very cheap...

Kandy - so you've found the QoS does work pertty well on pfSense?


The traffic shaping works really well. Its based on NetBSD ALTQ.

I tested it by doing a full upload and download on my DSL and playing CoD4, setup my rules by using the inbuilt shaping wizard. Constant 40ms ping and smooth as anything :)

Means I can torrent whore, play games and download large files at the same time with no problems at all.

It really does offer more features in some casesand that are also easier to use than on firewalls that cost £3k+

I used to use m0n0wall alot but pfSense is much better.

don't want to end up spending days download package after package to resolve file dependancy issues (sore point with another 'appliance' I'm working on at the mo).

You wont. You download the ISO, burn to CD. Boot off the cd, and type 99 at the console menu. Follow the prompts and youre done.

Thats pretty much all there is to it for the basic installation but even when you start messing with the fiddly bits, you wont have to worry about packages etc. Its all done for you.

I used to use m0n0wall alot but pfSense is much better.

pfSense is a fork from the m0n0wall project. The code started from the same place. Its very much its own product now tho.

m0n0wall has pretty much stagnated anyway. pfSense has all the features now.

I am a fan of Dbam and sonicwall systems they kinda own anything on the market atm and would be perfect.

http://www.dbamsystems.com
http://www.sonicwall.com/uk/

We deploy Sonicwalls at work, they are ok. The traffic shaping sucks though, but they are good for all the Anti Virus/Spyware/Malware inspection thats built in.

The DBAM stuff looks quite interesting, cheers for pointing that out. Corporates tend to steer clear of the 'home brew' stuff as they like their extended warranties and 'off the shelf' products etc.