[lug] Small Firewall with Excellent Logging
Quentin Hartman
qhartman at gmail.com
Wed Mar 25 08:53:22 MDT 2015
I've used the Envoy routers from Imagestream in the past and they work very
well. They're expensive for a home application, but much less expensive
than typical business class stuff.
http://www.imagestreamsolutions.com/index.php/imagestream-linux-routers/imagestream-envoy-router.html
On Tue, Mar 24, 2015 at 11:32 PM, Ryan Newby <renewby at gmail.com> wrote:
> +1 to Glenn, a (somewhat) similar thread to one on the blug mailing list.
> SSG 5s are solid router/firewalls, although the OS (ScreenOS) is at end of
> life, replaced by JunOS. Not a show stopper for home/small business though
> as the units are fairly affordable. If you're looking for an appliance,
> check out Meraki. Meraki has a great deal of layer 7 reporting so you can
> get granular detail on not only bandwidth, but which applications are
> utilizing it.
>
>
> On Tue, Mar 24, 2015 at 11:08 PM, Glenn English <ghe at slsware.net> wrote:
>
>>
>> On Mar 24, 2015, at 10:17 PM, Maxwell Spangler <
>> maxlists at maxwellspangler.com> wrote:
>>
>> > In the past I've used a variety of consumer grade firewalls to protect
>> small office networks from internet attackers. Linksys WRT units with
>> DD-WRT is a favorite.
>> >
>> > However, I feel like these solutions are often ideal for just that:
>> acting as a defense against incoming attackers.
>> >
>> > I'd like to find a small footprint, low power, high quality,
>> trustworthy firewall that would allow me to do the same but provide more
>> logging capability to see what's going out and then let me control it.
>> Ideally, this would be block everything and allow me to easily identify
>> whats going out and selectively enable it.
>>
>> Look into a Juniper SSG-5 -- it's quite small, very high quality,
>> inexpensive for Juniper, available at Amazon, and logs like crazy if you
>> ask it to. Its Ethernet is only 100Mb, but that's plenty for 'most any
>> Internet connection you'll find in a small office. I think it's available
>> with or without WiFi.
>>
>> I suspect, though, that it's configuration is significantly more
>> complicated than you find on consumer boxen. It's for sure more complex
>> than the Netgear I used to have (it does have a web-based GUI that works
>> well once you learn what it's talking about). I get email once or twice a
>> day from the one I installed a few years ago down in Texas, telling me
>> about hackers and such.
>>
>> OTOH, I managed to get it going shortly after a serious brain injury, so
>> maybe it's not as complex as I remember...
>>
>> --
>> Glenn English
>>
>>
>>
>> _______________________________________________
>> Web Page: http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
>
> --
> Ryan Newby
> email:renewby at gmail.com
> phone:303-720-9498
>
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150325/49e6c9d0/attachment.html>
More information about the LUG
mailing list