Re: Most Popular Hardware Firewalls?

Sebastian Gottschalk wrote:
> TechGrrl wrote:
>
>>First of all, yes. NAT firewall in my world aren't really firewalls.
>>The protection they provide is too limited and pratcically non-existant
>>when it comes to outgoing traffic.
>
>
> Why exactly should one try to filter outgoing traffic when such a thing
> like tunneling exists?

You can filter tunneling on a good firewall. A good firewall with deep
packet inspection will recognize and stop HTTP tunneling, sock
tunneling, etc.

>
>
>>What about secure remote access to your network?
>
>
> That would need a gateway anyway.
>

Decent firewalls usually have IPSEC VPN and L2TP built in, with radius
and/or ldap authentication support.

>
>>And intrustion prevention?
>
>
> Is usually impractical.
>

The IPS package I have on my firewall works quite well. Why do you say
it is impractical?

>
>>Bandwidth shaping?
>
>
> That's a non-firewall feature.
>

Decent firewalls all have this. DSCP and 802.1p, mapping between the two
and to internal queues/priority levels, etc.

>
>>Web filtering for the kids?
>
>
> You mean "against the kids".

Whatever.

>
>
>>Home users who understand a thing or two about network security and
>>have more than one machine in the home network often opt for a statful
>>inspection firewall in an appliance rather than purchase a simple
>>router then heaps of locally installed software to meet the rest of the
>>vendor needs.
>
>
> Home users usually don't need a firewall at all.

Hence the extremely large number of zomied PC's on the internet spewing
crap. 99.9999 percent of which belong to home users.

Ya, right. Home users don't need firewalls. Like they don't need oxygen.
Received on Mon May 1 00:53:39 2006