Router as firewall..Advice please!

Discussion in 'other firewalls' started by Don Pelotas, Sep 10, 2005.

Thread Status:
Not open for further replies.
  1. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    I'm getting a new router to replace my old Cisco, i'm seriously thinking about ditching softwarefirewalls, because in 4-5 years of using them i have not had a single outbound connection i didn't know the identity of. What would be my targets, what should a 2005 router in terms of security have? Firewall with SPI would be the starting point i guess, what else should i be looking for? Is there a Rolls Royce among routers or brands i should stay away from. :)
     
  2. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Don,

    For wired routers , I really like Zyxel. Incredibly solid. Not one glitch from my Zywall 10W in over a year of service.

    If you want wireless as well, Linksys is solid. I run a WRT54GS with Sveasoft firmware for my wireless branch. Again, rock solid and the 3rd party firmware is worth using - as is getting the GS model of this product even if you don't plan to use overdrive. Faster processor and more RAM - at least at the time I purchased (~1 year ago).

    Blue
     
  4. Vikorr

    Vikorr Registered Member

    Joined:
    May 1, 2005
    Posts:
    662
    You'll probably want a few things :
    -an all in one modem/firewall <less hassle, less cords, less clutter>

    -one that autodetects all the settings it needs to work <just add username and password>

    -a router with VoIP, seeing as allow for very cheap phone calls (if your isp supports VoIP)

    -Some router/firewalls can filter java/activex/cookies (some don't), some have url restrictions (parental control), QoS (bandwith management...useful for VoIP), and if you are using adsl broadband (think it's just dsl in america), make sure it's compatible with any future upgrades to the dsl line (eg if they get DSL2,3,4 etc)

    Can't think of too many other things you may want in a router.

    I'm using a Billion 7400...I quite like it...but it's an adsl modem/router/firewall, so not sure that it works with dsl.
     
    Last edited: Sep 10, 2005
  5. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have been useing a Linksys for almost two years and it has never even hicuped once. It is a wireless mod. no.BEFW11S4 I run One hard wired (mine) and three wireless off of it with excellent performance. The firewall in it seems to block all unwanted incomeing.
     
  6. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    ZyXEL for wired routers. I now am the proud owner too and it's superb stuff!
     
  7. Acadia

    Acadia Registered Member

    Joined:
    Sep 8, 2002
    Posts:
    4,048
    Location:
    SouthCentral PA
    No less an expert than Steve Gibson recommends Linksys.
    Just do a Google search for Linksys on grc.com.

    Acadia
     
  8. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    Is there such a thing a cable modem w/ built-in hardware firewall? I am on cable, & do not have any networking needs, nor do I want wireless. All I want is a hardware firewall for security's sake. And I don't see why I should spend upwards of $300 USD for a router when I don't need/want anything other than the firewall. I've Googled till my fingers have bled, but haven't been able to find anything to answer this specific question. Any suggestions?
     
  9. FatalChaos

    FatalChaos Registered Member

    Joined:
    Aug 6, 2005
    Posts:
    98
    My Linksys Wireless B broadband router has a NAT firewall. Most routers have a NAT firewall, and are pretty cheap. However, they only offer inbound control.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
  11. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma

    That is what I am useing is cable internet with a linksys wireless firewall router. about $80.00 at WM you can get a cable wired router from linksys as low as $39.00
     
  12. Chuck_IV

    Chuck_IV Registered Member

    Joined:
    Aug 17, 2005
    Posts:
    133
    I used to use a Linksys wired router(BEFSR41) a couple years ago but had a port on it go bad and also had issues with online gaming and network spikes with some of their firmware versions.

    I switched to a Netgear RP614v2 and haven't had a hiccup, in almost 2 years of running it.
     
  13. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    Ohhh; I feel really dumb...so, a wireless router can be run hardwired to the cable modem? Guess I'll be shopping tomorrow.....now back to some sites to check out what type of firewall I'll need. Thansk...
     
  14. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    feverfive,

    The first thing to not do is limit your seach. For example, I use a Zyxel 10W as my router. For wireless I could have either installed a Zyxel wireless card or plugged an access point into the switch feeding the router. At the time, the Linksys wireless access point was significantly more expensive than the WRT54GS router, which actually had more flexibility and arguably better performance stats. I purchased the router, disabled DHCP by checking a box in the configuration screens and had myself a wireless access point for $80. At the time I recall the dedicated access point from Linksys was $130..

    You don't have any networking needs, but it is the NAT functionality of a router that is used by many of us as a limited hardware firewall. Any standard consumer grade router will do. I'd recommend the Linksys WRT54GS
    even if you have firm plans never to use wireless because of the ability to access 3rd party firmware. The cost of these is $70-80, but there are alternate choices at lower cost with equal functionality.

    Blue
     
  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    here is an inexpensive one that would work just fine
     

    Attached Files:

  16. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    What model of Cisco are you thinking of retiring? Would help to know what features you are accustomed to and assist in suggesting what Rolls Royce router may have your name on it ;)

    Regards,

    CrazyM
     
  17. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Hi CrazyM

    It's a very old Cisco 677 (don't laugh ;) )

    It seems that everybody are using/suggesting the brands that i have looked at, ZyXel, Linksys & D-Link.

    One more thing, i would of course not mind saving a $ or 2, but the most important thing to me is the quality of the router & the firewall in it. If spending $200 instead of $50-60 is going to bring me better performance/quality/security, then so be it.

    My needs btw are not great, basicly all i need besides the quality, is a 4-port Switch. :)
     
  18. Mem1

    Mem1 Guest

    I'd also recommend ZyXel- the ZyWall 5 for larger volume throughput or for 'home' use with wireless the P334WT (about 8 Mbps WAN-LAN throughput with firewall on). On the P334WT you can turn off the firewall if you are not opening ports and port 113 is closed all others stealth and the WAN-LAN throughput goes up to about 28Mbps. It's a good workhorse.

    If you like to play/tweak the firmware - especially 3rd party firmware, Linksys WRT54GS is a good model to base your purchase around.
     
  19. ^Ale

    ^Ale Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    187
    Location:
    Italy
  20. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    My linksys router (cable wireless one) died, could use lan fine, but could'nt connect to the outside world.

    I replaced it with a belkin router, which features spi firewall which my linksys did'nt, also its MUCH faster, with 9 months of 24/7 filesharing I never once got a tcpip connections limit reached event in winxp using my linksys router, but the day I started using my belkin router I got these events, I think my belkin router can handle more connections faster than my linksys router.

    Also on the speed issue the wireless networking is twice as fast for (re)connecting and signal strength seems about the same, and thats still using my linksys wireless card.

    On a side note I've noted you have to be very careful with which model linksys router, even revision you get, as I think mine was one of the no so great versions.
     
  21. Tyreman

    Tyreman Registered Member

    Joined:
    Feb 3, 2003
    Posts:
    107
    Have used SMC large wireless model.used wired only.(used,all packing and instructions from Garage Sale$10.00) :D Sold it $40.00 :D But regret that o_O
    Netgear(couldn't get it to work) o_O must have/had to have been me. o_O
    D-Link 6 o something.
    Linksys wireless model used wired only.
    Linksys 'r41 maybe v2
    Linksys 'x41 firewall sticker nomenclature on top of it.
    The SMC had logging as default worked flawless always stealth out of the gate no tweaking necessary. :D
    D-Link "seemed" a touch slower o_O when opening up the e-mail.-+?
    But was otherwise flawless.
    Linksys routers both performed the same here at the time they were experimented with though the 'x41 has more custom settings blocking stuff BUT I didn't use that customizable part of the interface for cookies java etc.
    What am I using now?
    Linsys 'x41 got it on sale :D
    But like I typed still miss that big 'ole SMC ran fast, flawless, never a hiccup. and was stealth with no "tweak"
    I never used it in wireless mode.
    Quite sure any of the models suggested will work okay.
    Buy with a return option to.
     
  22. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    I am sure Linksys is a fine router and would not hesitate to purchase and use it.

    However, I have had NetGear for several years with no problems.

    Bottom line and to the heart of your question. A good hardware firewall router is very fine idea. Software Firewall a good option but not manditory. The only thing I would question is the need to pay for the software one with a good router. ;)

    One final point it never ceases to amaze me that Comcast Tech Support always wants to tell me my router is no good when it's connection gets lost at their end . It is fun sometimes just to call and report the outage just to listen to them go through the motions. Sir your router is fried...oh no sir I was looking at the wrong place you have an outage in your area. :D :D :D I know I drifted a little off topic but I wanted to warn you. And if you own your own router they will be more likely to more quickly say your problem not ours buy another or we will have to send another router. :D In the mean time you could be down. when you really are just fine.

    I am not picking on Tech Support sometimes they are good and get right to the heart of the issue, one time late at night, "sir you are the first to call. Thanks".
     
  23. feverfive

    feverfive Registered Member

    Joined:
    Jun 17, 2005
    Posts:
    121
    Thanks Blue & BigC; I'll take a look at some models based on your recommendations...
     
  24. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    If you were to stick with Cisco you could look at the 800 series, they have a couple of new models (850's and 870's). If you were after something more basic there is the SOHO 90 series (also revamped this year with more memory for the newer versions of IOS). But, as you are probably aware, Cisco will require a SmarNet contract to stay current with IOS.

    While alot of the home routers tout having a firewall (SPI), good luck trying to find out just exactly what it is they do have. And it is usually not configurable, it's on or off. If you want something with a firewall that can be configured, you will be spending a little more. The one possible exception being the WRT54G which sounds like it is fairly configurable (I have not used one). I belive Netgear has one also, but have not heard much about it.

    If all you need is a basic NAT box, there are plenty to choose from. If you want the additonal quality and firewall, of those mentioned so far, the Zyxel or continue with Cisco. There are others out there with similar features as these, just no sure on the pricing.

    Regards,

    CrazyM
     
  25. myluvnttl

    myluvnttl Registered Member

    Joined:
    Aug 23, 2004
    Posts:
    150
    I've been a big fan of 2Wire Products since it came out. I've used both a software and hardware firewall.

    http://2wire.com/?p=8
     
Loading...
Thread Status:
Not open for further replies.