Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


February 2005

SOHO Firewall Appliances

Even small companies can get first-class protection
From the February 2005 Edition
of Windows IT Pro
Jeff Fellinge
Buyer's Guide
InstantDoc #44981
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Internet Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

View this month's Buyer's Guide

Even if you have a home office or work for a small company, you still need to protect your valuable data and network. Firewalls have become a de facto standard for all organizations—large and small—as a frontline perimeter-based defense against attackers who want to steal your information, hijack your resources, and otherwise vandalize your network. But finding the right kind of firewall can be a daunting task. Not too long ago, companies of all sizes had only two firewall options: basic broadband routers that offered protection almost as a by-product of their ability to share a Network Address Translation (NAT) Internet connection and large enterprise firewalls that cost thousands of dollars and often required networking savvy to properly install.

The firewall market has grown dramatically during the past few years, resulting in many new products that are designed specifically for customers such as small office/home office (SOHO) users. Enterprise firewall vendors that once targeted only large organizations now offer much less expensive firewall products that protect smaller networks. These powerful firewalls retain many of their more expensive brethren's powerful security features. Traditional entry-level broadband routers have also improved their functionality by offering features that once were reserved for more expensive models.

But a $70 broadband router obviously doesn't offer the security features and core firewall technology that a $500 firewall offers. Ultimately, you have to select the product that best fits the network you want to protect. This Buyer's Guide examines firewall appliances that cost $500 or less and target SOHO networks that have 10 and fewer users. Most of the enterprise firewall vendors have released less powerful versions of their large firewall products that are designed for SOHO users and are generally priced at about $500 or less, which is why we choice this price point.

Form Factor
SOHO firewall appliances typically have a small form factor—about the size of a hardback book. They usually have at least two interfaces you use to plug in your external (public) Internet connection and your internal (private) network connection. Most products support SOHO ISP features such as DHCP and Point-to-Point Protocol over Ethernet (PPPoE). They typically default to a NAT configuration, which makes installation easier, and most include wizards to walk you through configuration and setup. More sophisticated (and often more costly) SOHO firewalls often include advanced routing features or extra interfaces that let you create advanced firewall network configurations.

Sophisticated Features
Some SOHO firewall appliances descended from enterprise-class firewalls and retain some of their heritage features. All the products use Stateful Packet Inspection (SPI), which improves security. But SPI effectiveness varies across products, so make sure you review vendors' documentation to see how they implement SPI. Look for NAT and port-forwarding features that complement your network and let your internal computers access the Internet and your Internet customers access specific internal resources, such as your Web and email servers. Although all these products support network-based ACLs, the more sophisticated firewalls provide discrete control over the network traffic that enters and exits the network. The ability to inspect and optionally block network traffic can be useful for identifying and blocking a worm or an unwanted network application or service.

Logging
Blocking network traffic isn't the only important consideration for selecting a firewall, however. The firewall's ability to log network access is also crucial. Logging is an essential firewall feature because it provides important evidence about pending, current, or past attacks. Some products let you view the log in a Web browser or export logs to another application for analysis or archival. Some products alert you to detected suspicious behavior. Intrusion Detection System (IDS) features vary by product.

VPN Support
Some products support site-to-site VPN, and some act as VPN servers that let remote clients securely connect to your network. The accompanying table contains many other related features that you'll want to consider.

Important Protection
Choosing and installing a firewall is essential if you want to make sure that your home or small office is adequately protected. Your network needs to be able to react immediately to an attack, and the right firewall will mitigate attacks and protect your valuable resources.

Editor's note: The information in the Buyer's Guide comes from the SOHO firewall vendors, who completed a detailed questionnaire about their products. We tried to contact all the vendors of SOHO firewalls and encouraged them to participate but not all responded.

End of Article

Reader Comments
Jeff mentions nothing about ICSA certification, an important consideration in knowing that a device is proven effective. Mysteriously missing are big-name vendors SonicWall and WatchGuard -- two highly respectable performers that have products qualifying for the review.

rsmcomputer January 26, 2005 (Article Rating: )

Sorry, this was a waste of an article. I was expecting a bit better of a comprehensive review and like RSMCOMPUTER commented, I was looking for Linksys, Dlink, Belkin and maybe a few others. I've heard a lot of good things about Sonicwall too.
Jake

jakesups January 27, 2005 (Article Rating: )

Reiterating the others' comments, this isn't much of a "guide" as it doesn't really provide any guidance. There are at least another half-dozen well-known devices from major manufacturers (Symantec, SonicWall, Nokia, Lucent, etc.) that aren't even mentioned. Nor does it cover those that support failover connections, DHCP-aware VPN, VPN-aware DNS, and so on and so forth.

Worst of all, there's not an iota of specification for performance. Our organization has tried a number of these devices and many are not up to the workload of maintaining a busy VPN tunnel, they either lockup or leak performance until they are rebooted.

mattl_il January 27, 2005 (Article Rating: )

Pretty much useless article

Anonymous User January 27, 2005 (Article Rating: )

I agree with previous two comments. Where are DLink, Linksys, SonicWall, Zyxel? This article is incredibly thin.

Anonymous User January 27, 2005 (Article Rating: )

Thanks for all your comments on the Buyer's Guide. I'm an editor for Windows IT Pro, and I helped contact the vendors to ask them to submit information about their products for the guide. Some of them didn't respond (Cisco, D-Link, Lucent, SonicWall, WatchGuard, ZyXel) to repeated requests from us, so we couldn't include them. We're really glad to know that you're reading and wanting to use our Buyer's Guides to choose products. We'll keep trying to get as much vendor participation as we can.

rmunshi January 31, 2005

Here is a description of the ZyWALL 5 that would be best suited for this Buyer's Guide.

Enterprise Class Security for Small Businesses
ZyWALL 5: Firewall Router with VPN

The ZyWALL 5 VPN Firewall Gateway has a wide-range of security features to maximize protection for small businesses. Equipped with a Stateful Packet Inspection (SPI) firewall, Denial of Service (DoS) protection, and 10 simultaneous IPSec VPN tunnels, the ZyWALL 5 assures secured connections to branch offices and your mobile workforce.

The ZyWALL 5 is exceptionally easy to install and manage supporting a user-friendly Web-based GUI. Additionally, the ZyWALL 5 controls web access with state-of-the-art dynamic content filtering powered by Cerberian.

• 4 Port LAN/DMZ Switch

• DoS and DDoS Protection with SPI firewall

• 10 Simultaneous IPSec VPN Connections

• Web Content Filtering

• Wireless Upgradeable

• ICSA Labs Certified






zyxel March 16, 2005 (Article Rating: )

No real point to this article


Anonymous User June 20, 2005 (Article Rating: )

I appreciate rmunshi's added comments about the source material to this article, however, that only emphasizes the lack of information available to small business across the country.

Anonymous User July 06, 2005 (Article Rating: )

You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor? Register now




Top Viewed ArticlesView all articles
WinInfo Short Takes: Week of November 23, 2009

An often irreverent look at some of the week's other news, including some post-PDC some soul searching, a Google Chrome OS announcement and a Microsoft response, Windows 7 off to a supposedly strong start, the Jonas Brothers and Xbox 360, and so much more ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...

2009 Windows IT Pro Editors' Best and Community Choice Awards

Picking a favorite product from an impressive crowd of competitive offerings is never an easy task, and such was the case with our Editors' Best and Community Choice awards this year. ...
Related Articles VPN Firewalls for SMBs
Security Whitepapers Reducing the Costs and Risks of Branch Office Data Protection

Solving Desktop Management Challenges in Healthcare

Solving Desktop Management Challenges in Education
Related Events SQL Server Unleashed EMEA

Managing IT Across Multiple Locations

The Easiest Way to Save Time and Money on E-mail and SharePoint Management

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Calculate your savings now
See how SAN is 57% cheaper than DAS over three years

Free CDs Offer Fundamental Content for IT Pros
Are you up to speed on the latest technologies and solutions? Don't miss out on your chance to get up to speed quickly on fundamental, in-depth information on some of the hottest topics in our library of content.

Let Your Users Reset Their Own Passwords: Free Download
Try a 30 day free trial of Desktop Authority Password Self-Service – it provides an easy-to-use, robust system for allowing users to reset their own forgotten passwords or locked accounts.


Exchange Server 2010: Deploying Unified Communications - Virtual conference
December 1, 2009 - Free Registration. Build your Unified Communications future on a strong Exchange Server 2010 foundation.

Get Windows IT Pro & Mark Minasi’s Favorite Power Tools Guide
Order Windows IT Pro now and get "More of Mark Minasi's Favorite Power Tools"--a in-depth guide to the most useful Windows commands --FREE with your paid order! Subscribe today, and save 58% off the cover price!

Migration, Virtualization, Availability, and Desktop Management
Realize the importance of a workload optimization strategy...it can affect your bottom line!

Deep Dive into VMware vSphere, eLearning Series
Join John Savill to explore the major functionality capabilities of the vSphere virtualization platform, including identification of the changes from ESX 3.5.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound
Left-Brain.com Technology Resource Directory asp.netPRO ITTV Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement