Hardware Firewall
 

Afternoon,

Thinking of buying a 2nd hand hardware firewall - specifically a WatchGuard SOHO 6, because we supply and install them for our customers - well the WatchGuard range at least.

The reason being - I want to gain some knowledge of how they work, configuration etc.

I currently have a Linksys wifi ADSL router, so if I put the firewall on my network, the wi-fi would be protected would it as it would physically bypass the hardware firewall....unless I'm missing a trick...?

Lee

Re: Hardware Firewall
 

Assuming you will be putting the firewall between router and wired PCs then yes, the wireless will be unprotected - although don't forget the Linksys will have a NAT firewall anyway.
If you want to actually block anything, you might want to set the firewall IP as a DMZ in the linksys - so that the linksys doesn't filter out the crap before it gets to the firewall!

Re: Hardware Firewall
 

That's were I thought it should go...at least normally that's how it would get setup:

Internet > Router > Firewall > PC's

I want to lean stuff like packet filtering - routing specific ports to <where ever> etc...

The Linksys is a bit limited in what it can do as a firewall.

Re: Hardware Firewall
 

if you're buying from fleabay - make sure you get one that has the software for configuring it, with it (unless you can source it from elsewhere) - a lot of them on there don't come with any software.

Re: Hardware Firewall
 

They are normally web-based - config built into the device.

Re: Hardware Firewall
 

ah, ok - the original firebox 2 & 3's had standalone programs for configuring, so without the software you couldn't even start it up properly.

Re: Hardware Firewall
 

I've got my ADSL modem set up in a bridged mode, with my Endian Linux Firewall controlling it. I also then have a wireless AP behind the firewall.
www.Endian.com

Re: Hardware Firewall
 

I believe with some of them you have a system manager which allows you to control / config lots of them - like a management console.

---------- Post added at 18:31 ---------- Previous post was at 17:10 ----------

Ooops - should have read before posting...there was a large typo which changed the entire context of the question! It should have read:


But even so - you got the gist of the question!

Re: Hardware Firewall
 

If you are going to buy one from the Watchguard range, personally I recommend one from the Core series but these are all subscription based. Alot of the higher end ones also need the system manager software to configure them but them are very reliable, we have some several hundred out there in out sites. Good bits of kit but cost alot of money.

Netgear do some firewalls which are worth looking at, these are much cheaper and are a similar setup to the Watchguard ones bur one a smaller scale from what I have seen. Have a look here, or on eBuyer, they do some really good deals from time to time if your lucky, if you are going to purchase a Watchguard range I would try and stick with them rather than eBay as alot are licensed and don't always come with them from eBay.

Just my bit on all this.

Re: Hardware Firewall
 

I run a watchguard Firebox Edge Ex10 at home on the XL package. I have a wireless router plugged into its "optional" network, which gives me protection of the firewall.

The only downside is browsing speed as I have UTM enabled on the box.

Re: Hardware Firewall
 

How do you mean - licensed?

Re: Hardware Firewall
 

With a Watchguard Firebox most have a license which allows you to use the Firebox, if its not up to date then parts of it are disabled as its a subscription based service.

Re: Hardware Firewall
 

Indeed - like the LiveSecurity - but I won't need that to use the basic functions....will I?

Re: Hardware Firewall
 

You shouldn't do but can't say for 100%. Just thought I would point it out in case you didn't know.

Re: Hardware Firewall
 

Well it arrived today - just sent an email to Watchguard to get it re-registered to me so I can get the latest firmware.

Re: Hardware Firewall
 

To get the latest firmware you need to have a valid live security licence. If you dont, then no technical support or firmware updates.

If it was previously registered then the buyer should have transfered it to you via this web site https://www.watchguard.com/support/land.aspx? I also suggest you create an account here as well.

If the licence has lapsed, then you have to pay an additional fee as well.

Re: Hardware Firewall
 

Hi - yeah I'm aware of that, but thanks anyway. I'm not too bothered about TS but a firmware update would be nice. It has March 2005 on it...actually I could download it using another customers details...there's an idea!


Anyway - another question for you network experts...

Current setup is as follows:

ISP > Linksys Router > My LAN

My ISP give my router an address of say 80.10.10.10 and DHCP for my LAN is on so client PC's get 192.168.0.x.

On the firewall it lists two networks trusted (my LAN) and external WAN.

Everything I've read in the firewall documents state that the external WAN gets the external address -again 80.10.10.10.

How can this be if the router is supplying the addresses?

I know I should switch off DHCP /Local LAN (trusted) on the router and switch DHCP on for the trusted LAN on the firewall, but how does the ISP address get passed to external WAN interface on the firewall?

I think I'm missing a fundamental trick here and once I know that, it'll all slip into place.... :dunce:

Cheers
Lee

Re: Hardware Firewall
 

Lee,

my set up is ISP>firewall>LAN

Off the firewall also hangs the wireless router. I let the watchguard deal with the DHCP.

Have you tried ISP>firewall>linksys>LAN ?

Re: Hardware Firewall
 

There's no ADSL modem on the SOHO...

So it has to be ISP > Linksys Router > Firewall > LAN

Re: Hardware Firewall
 

OK. Thought you were on cable.

Cant you turn off DHCP off on the watchguard?
Not familiar with SOHO but register at watchguard and they have a forum set up for SOHO users (just checked). They may be able to assist you better?

Re: Hardware Firewall
 

Na mate - ADSL here! Was a cable user in a previous life, but the mods would'nt let me leave! :D

Yeah - can switch DHCP off or on for both WAN and trusted LAN.

Perhaps the fundamental thing I'm missing it bridging mode on the router?

That would pass the traffic as is to the WAN interface on the firewall wouldn't it?

Re: Hardware Firewall
 

not sure. Any good : http://www.watchguard.com/help/docs/...OUserGuide.pdf

Re: Hardware Firewall
 

Already downloaded and reading! :p:

Re: Hardware Firewall
 

I might be missing something here but if your'e on ADSl you have a modem/router?

This is where you get 80.10.10.10 from. This is the WAN address.

Unless you have a modem-> router->firewall setup in which case DHCP may be turned off on the router? Then you get 80.10.10.10 from the modem via the router without it changing.

If the firewall has DHCP I would go with that, it will make things easier in future.
You should be able to specify the address range of your lan, again it will make diagnostics easier if you use numbers that are specific to you, and are easy to remember.

I use a mixture of my old army number and my daughters birthday!