View Full Version : What is the toughest firewall?

08-30-2001, 02:23 PM
I am looking for a very tough firewall to secure a highly sensitive network that I am building. SPAMI need something that will even stop fragmented packets. SPAMDoes anyone here know of and good ones?


09-06-2001, 07:24 PM
I use ZoneAlarm at home and it works very well. SPAMI have had very good luck with it. SPAMAlthough, I do not know exactly how tough it really is. SPAMI do know that the Cisco firewall OS on their router is very very strong. SPAMYou cannot even pass fragmented packets through it.

09-10-2001, 09:00 AM
Checkpoint Firewall-1 is by far the best firewall product out there. But if you are looking for a free firewall...IPF
is your best bet. IPF is for UNIX....

Is this on a windows box?

09-13-2001, 11:59 AM
If it's a big network with lots of money a checkpoint firewall is in order - if it's on a small scale route it through a secure slack box running ipchains.

Your not going to stop a big DoS attack no matter what you buy - even with millions of dollars in equipment.

09-21-2001, 01:30 PM
yeah this is a windows machine.

09-21-2001, 03:22 PM
I've found the best firewall is to just shut it off SPAM;D

Hey someone has to bring some light to the conversation.

Just wanted to agree with Dave have a good'n all!

09-21-2001, 11:08 PM
I have used, Checkpoint FW1, Axent Raptor, Alta Vista, Gauntlet, Cisco Pix, Watchguard FireboxII, Watchguard SoHo, Sonicwall Pro, and Sonicwall Soho. I ve ran speed tests as well as integrety tests against them all and while many score very close to the same the best overall <pricepoint included> IMHO is the Watchguard Firebox II, if its a smaller network <under say 20 machines> go for the soho product.

09-24-2001, 02:35 AM
I am currently using an OLD compaq deskpro which is like 90 Mhz with 16 megs ram. SPAMI threw in a 500 mb harddrive, and 2 ethernet cards. SPAMI installed Debian and got ipchains and ssh... SPAMset your inside ehternet card for or whatever network you prefer and there you have it!

Has not failed me yet! ;)


the smoking man
12-05-2001, 07:21 PM
security policy dictates you blackhole all sensative information ie take it completely offline. At least build yourself a seperate firewall box from your computer and run intrusion detection software on both the firewall box and the client machine. Many useful linux firewalls are available ranging from small hard drive installs like the netbsd router project and smoothwall to micro firewalls like linuxrouterproject and freesco that operate off a single floppy. You do your computer and your information a disservice to run windows software firewalls of any kind.

12-05-2001, 10:41 PM
Black Ice Defender is supposed to be really good. SPAMIt's not all that expensive, if you want to pay for your firewall. SPAMI'd say that you'd probably want to go with a hardware firewall, if for no other purpose than to free up system resources.

12-06-2001, 09:04 PM
yeah, like black ice too. have you tried conseal pc firewall, config is a torture, but it stops everything you config it to stop ;D

12-09-2001, 07:49 AM
I'm using NeoWatch by analogX
Easy to use, but it is hard to tell how strong it is.
I'm planning to let a friend of mine try to acess my
machine from his linux machine.

01-05-2002, 07:20 AM
For what it's worth I'll second the "turn it off" approach. Even if you do have a firewall, it's best to leave it off when you're not using it if you can. (Personal experience, see the "hacking?" post.)

01-05-2002, 10:25 AM
ive tried zonealarm , im not sure how tuff it is but it gets good reviews from every pc mag, though its more for just home users.

i agree with the 'windows disservice' post, run a linux box like rj and use it as the entry to the network from outside.

im to lazy to have any kind of protection (virus or firewall) on my pc, i dont have any sensitive info on it and i format it to often to care about viruses

01-20-2002, 12:20 PM
And hardware firewalls like those from the barricade routers...are they any good... does anyone know that?? ??? I'd really wanna know...

01-20-2002, 02:14 PM
It seems to differ many are quite simple
I have a linux firewall now, had Neowatch before
which according to shields up https://grc.com/x/ne.dll?bh0bkyd2
neowatch was really good all ports in stealth mode
but my linux route/firewall has all ports as closed
good but not as good as stealth (ports are not there)
it is called floppyfw http://www.zelow.no/floppyfw/faq.html
and has DHCP connects and logs in my ADSL
and I can run 100 machines if I like and have big hub SPAM:)

01-27-2002, 12:51 PM
well, anything that runs ontop of *nix would be a good start....

what is the point of having the best firewall when your base OS is trash?

02-16-2002, 03:13 PM
I use Neo Watch. You can get from http://www.sling.to/fosi/ I like it because it lets to Neo Trace it. Check out that site they got some cool stuff.

02-23-2002, 03:19 AM
If ya patch it often and good, and add a couple of third party addons, for scanning http/ftp traficc for viri, I think Microsoft for once realeased an excellent product in Microsoft ISA Server ( Internet & Acceleration server ).

I use it as The 0nly point of access at our corporation, and it's superb, once u get used to the interface (may seem a bit confusing the first time u look at it).
I'm becoming a devil @ packet filters ;)

And it's pretty cheap compared to other solutions out there....


03-05-2002, 12:21 PM
I can also recommend ZoneAlarm for W95/98/NT as properly working, easy to use and configure freeware.
It's good for desktop PC with limited resources but I think it would also work well on servers.
Steve from grc.com recommended it and I aslo have it installed on one of machines for long time.

As for W2000 I prefer to set filters manually, that's fun ;)


P.S. If you want to try I still have the 2.1.25 v (with no pop-ups).

11-21-2002, 02:24 AM
I know this is a tad late but um...


OpenBSD is the most secure OS around.

maybe you've heard of openssh? these d00ds developed it
also their program "pf" packet filter is pretty freakin solid.

just stick this machine between whatever it is you're trying to protect, then the only fault is really up to the admin through bad configuration.

linux is also secure, but has open holes in the default install.. open is very secure, and a light OS.