The most P2P friendly and the lightest firewall with full protection

Discussion in 'other firewalls' started by concerned807, Jun 10, 2007.

Thread Status:
Not open for further replies.
  1. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    I am a laptop user who is also a massive P2P user.
    I'd appreciate recommendations of the most network tolerant and the lightest firewall with full protection.

    Requirements for the firewall:
    The firewall software programs must work well under the below situation.
    1. Offers full inbound and outbound protection
    As I am a frequent traveler and work on laptop mostly, I don't have hardware firewall for most of the times.

    2. Must be extremely network tolerant - 100 or more simultaneous live P2P connections
    I run P2P often with 100 or more simultaneous live P2P connections. The firewall must be tolerant of this.

    3. Must be system resource friendly
    I can't stand system resource (worse, and network) hogging firewall even it is the best in its kind. So Comodo is out!

    4. In addition, must work well for SOCKS proxy and VPN

    My current considerations based on my research:
    - Jetico 2.x
    Very much concerned its prematureness and unstability, and rumored irresponsiveness of Jetico support

    - Kerio 2.15
    Concerned about its intolerance with massive P2P - can't work right if connections reach more than 100?

    - Look n' Stop
    Not much research has been done yet

    Side note: Been using Outpost 2.5 for the past 2 years. It was fine for doing massive P2P but still was recourse hungry.

    Thanks for your kind advices and patience.
     
    Last edited: Jun 10, 2007
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Jetico and LooknStop work fine for me but my p2p loads are probably lighter than yours.
     
  3. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    Which version of Jetico my friend?
     
  4. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    the v2 betas. I have not tried the more recent builds (2.0.0.3x) though.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Sygate, I'm often downloading at full speed with over 800 connections, minimal CPU impact and only about 8-10MB memory. Absolutely fabulous. Plus you got to surf while you download without any lag.

    Answer: Sygate.

    I'm downloading the net since 2001 or so at broadband, never a single hitch ...

    Mrk

    Sygate in Albanian means: he who downloads porn without any trouble...
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hi there. :)

    Packet filters such as GhostWall and CHX-I are generally recommended for heavy P2P users. But you have to accompany them with additional HIPS if you are concerned about leaks. Outbound protection and resource-saving often don't go hand-in-hand - process control takes up most of firewall's resources. So if you are trying to accomplish all goals from your post#1 with a single app, you will face some hard times.
    Jetico 1 is very good also (and free), light and stable, but has a "flaw" as it doesn't run as a service on startup. If this is of any importance to you, then steer clear.
    Do some research on L'n'S by all means, it could be the one for you...

    Ah, Sygate, yes. Why is this firewall almost forgotten? It's still one of the best IMO (although I prefer rule-based). If you are considering older firewalls (Kerio), then you should include Sygate in your list as well.

    Cheers.
     
  7. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    Thanks for the additional replies. Nick you must have expected I might start thread like this one;) There are already lots of threads about the lightest firewall, but mine adds considerations/requirements for P2P and SOCKS proxy and VPN. Just for the proxy reason, I doubt Sygate will be my cup of tea;)

    Please also look at my sig if you can. I have SSM Pro 2.3.0.612 running;)

    I am seriously considering Look n Stop and Kerio 2.15 right now. Anyone could kindly show first-hand confirmation Kerio 215 is incapable of handling over 100 live P2P connections?
     
    Last edited: Jun 10, 2007
  8. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi concerned807 :)

    2 remarks:

    1- Kerio 2.1.5 WAS an excellent firewall.

    2- L'n'S can handle all your p2p connections...
    The number of allowed simultaneous connections are modifiable throught
    a registry key.


    :)
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hello fellow member concerned807 ;)

    I certainly can't. Kerio worked with over 200 here wihout a single issue. But it didn't get along with VMware networks on my system, for whatever reason (it was a beta of VMware 6). I will have to try Kerio again with final VM. Nevertheless, Kerio is still a good firewall. As I see, many members here still use it. And with SSM (I completely overlooked your sig, sorry :) ) you should be well off. But, take another look at L'n'S, it's not free, but it's continually improving, and the support (here) is great!

    Cheers. ;)
     
  10. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    Hey Climenole!

    Thanks for popping up on this one:)
    I did hear nice things about LNS from friend of mine who also P2P a lot.

    I will check the LNS support forum on this board shortly and read the manual. But I can't wait to get answer to this. Does LNS handle well proxy (esp. SOCKS 4/5) and VPN? Due to work reason, I have to be either of the two almost constantly.

    @ The Seer:
    Thanks for confirming Kerio on P2P connections :)
     
  11. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Personally I never had any problems with Comodo and P2P and its many connections, but that only shows that no application behaves exactly the same on all configurations out there.
    Look´n´stop is also very P2P friendly (now that i think of it, I cant remember any firewall that have given problems with P2P, at least those that I managed to figure out how to configure (Core force and Jetico was not two of them :D ).
    Just dont run random ports in your P2P application. Life becomes much easier if you assign one port for the P2P. :)
     
  12. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    Aha, surprising new facts.

    Rumours are very often claptrap and therefore nonsense.
    Only own, real experiences count.;)


    Regards,

    Smokey
     
  13. glentrino2duo

    glentrino2duo Registered Member

    Joined:
    May 8, 2006
    Posts:
    310
    definitely CHX-I
     
  14. herbalist

    herbalist Guest

    I never checked to see how many connections there were, but I use Kerio 2.1.5 with Shareaza with no problems. I read somewhere that the DNS resolving feature can slow it down when there's lots of connections but haven't run into that problem.
    Rick
     
  15. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi concerned807 :)

    Proxies:

    The proxy's (socks 4, 4a and 5) are handled by your operating system and the programs you're using, not the firewall.

    An example of this is Tor, The onion router, which use third party application with socks to handled DNS requests... The only things you have to do with your firewall is to authorised these applications (e.g. privoxy, freecap, torcap, etc)

    VPN:

    LNS support VPN in 2 way: with specific rules for VPN:
    47-GRE Generic Routing Encapsulation

    or

    50-SIPP- ESP + ( ipsec udp port 500 )
    Simple Internet Protocol Plus (IPV6) Encapsulating Security Protocol

    Sometimes there is a new network interface created to handle the VPN.
    (Such as OpenVPN...)

    LNS allow to start an second instance to handled this second network adapter with a command line added to the second instance...:

    C:\Program Files\Soft4Ever\looknstop\LooknStop.exe -multX

    where X = the number of the other Network Adapter...

    :)
     
  16. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Due to another post, I have been checking CHX with multiple connections (300+ on latest tests), no problems with setup of CHX+SSM(or PS). I have been connecting with 300+ and downloading at max speed (10Mb). There are some errors (blocked packets) if other NDIS drivers are installed, so care should be taken.

    Of course, there is no outbound protection for applications internet access from CHX (in my setups I have used SSM (or PS) for this)
     
  17. concerned807

    concerned807 Registered Member

    Joined:
    Dec 2, 2004
    Posts:
    68
    Again thanks for all the kind replies. I appreciate your comments greatly.

    I do need full firewall software protection - inbound & outbound, as often I travel and work on laptops w/o hardware firewall. Please see my first post in this thread.

    I am pretty ready to give LnS a shot and use the below combo.

    - Avast Pro 4.7
    - Look 'n' Stop Firewall 2.06
    - System Safety Monitor 2.3.0.612 Full

    As for Jetico, I will wait for it to fully materialize.
    @Stem: I am very much impressed by your Jetico help on this forum.

    As for Kerio 2.15, I will try LnS first :D
     
    Last edited: Jun 11, 2007
  18. dave88

    dave88 Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    177
    I second Sygate, it handles massive connections well, and is quite light.
    One of the best firewalls ever for windows, even though it is not updated anymore.
    Just don't look for it to pass all these recent outbound leaktests.
    You can add execution prevention or behavioural blocker software if you need to plug those kinds of leaks.

    https://www.wilderssecurity.com/showpost.php?p=947511&postcount=6
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,786
    You might be wise to try LnS first, yes.. I have heard a few people say that Kerio 2 doesn't fare too well with a lot of p2p connections. I can't vouch for this personally, but I have heard more than one person say this..
     
Loading...
Thread Status:
Not open for further replies.