[lug] Small Firewall with Excellent Logging

Matt James matuse at gmail.com
Wed Mar 25 10:02:15 MDT 2015


+1 again on the Juniper - nice unit.  I've also had decent success with
Sonicwall.  Their TZ series are quite affordable and they also offer some
cloud esque services for management and reporting.  They are now owned by
Dell so maybe that's a good thing or a bad thing depending on your school
of thought.  :-)

Matt James
303-949-7659

On Wed, Mar 25, 2015 at 8:53 AM, Quentin Hartman <qhartman at gmail.com> wrote:

> I've used the Envoy routers from Imagestream in the past and they work
> very well. They're expensive for a home application, but much less
> expensive than typical business class stuff.
>
>
> http://www.imagestreamsolutions.com/index.php/imagestream-linux-routers/imagestream-envoy-router.html
>
> On Tue, Mar 24, 2015 at 11:32 PM, Ryan Newby <renewby at gmail.com> wrote:
>
>> +1 to Glenn, a (somewhat) similar thread to one on the blug mailing list.
>> SSG 5s are solid router/firewalls, although the OS (ScreenOS) is at end of
>> life, replaced by JunOS. Not a show stopper for home/small business though
>> as the units are fairly affordable. If you're looking for an appliance,
>> check out Meraki. Meraki has a great deal of layer 7 reporting so you can
>> get granular detail on not only bandwidth, but which applications are
>> utilizing it.
>>
>>
>> On Tue, Mar 24, 2015 at 11:08 PM, Glenn English <ghe at slsware.net> wrote:
>>
>>>
>>> On Mar 24, 2015, at 10:17 PM, Maxwell Spangler <
>>> maxlists at maxwellspangler.com> wrote:
>>>
>>> > In the past I've used a variety of consumer grade firewalls to protect
>>> small office networks from internet attackers.  Linksys WRT units with
>>> DD-WRT is a favorite.
>>> >
>>> > However, I feel like these solutions are often ideal for just that:
>>> acting as a defense against incoming attackers.
>>> >
>>> > I'd like to find a small footprint, low power, high quality,
>>> trustworthy firewall that would allow me to do the same but provide more
>>> logging capability to see what's going out and then let me control it.
>>> Ideally, this would be block everything and allow me to easily identify
>>> whats going out and selectively enable it.
>>>
>>> Look into a Juniper SSG-5 -- it's quite small, very high quality,
>>> inexpensive for Juniper, available at Amazon, and logs like crazy if you
>>> ask it to. Its Ethernet is only 100Mb, but that's plenty for 'most any
>>> Internet connection you'll find in a small office. I think it's available
>>> with or without WiFi.
>>>
>>> I suspect, though, that it's configuration is significantly more
>>> complicated than you find on consumer boxen. It's for sure more complex
>>> than the Netgear I used to have (it does have a web-based GUI that works
>>> well once you learn what it's talking about). I get email once or twice a
>>> day from the one I installed a few years ago down in Texas, telling me
>>> about hackers and such.
>>>
>>> OTOH, I managed to get it going shortly after a serious brain injury, so
>>> maybe it's not as complex as I remember...
>>>
>>> --
>>> Glenn English
>>>
>>>
>>>
>>> _______________________________________________
>>> Web Page:  http://lug.boulder.co.us
>>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>>
>>
>>
>>
>> --
>> Ryan Newby
>> email:renewby at gmail.com
>> phone:303-720-9498
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>>
>
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20150325/4581d0b8/attachment.html>


More information about the LUG mailing list