Adding a physical Firewall to my home network

[bobbybdennis]

Hey guys, 

I had a quick question about adding a physical firewall to my home network. At work we put a firewall in a small business and with like sonic wall you have 5 licenses to give out for VPN into that network. I want to buy a used either sonic wall or watch guard t-10 or t-15. Would I need to buy some sort of license to get this to work? I'm not 100% how to go about this and the support people i contacted have not responded and it's been a few days. Any help would be greatly appreciated.

[Bombastinator]

They need a word other than physical firewall.  That implies a fire barrier wall

[Lurick]

7 minutes ago, Bombastinator said:

They need a word other than physical firewall.  That implies a fire barrier wall

Physical appliance as opposed to a virtual appliance

[Stu_Bear]

The fact sonicwall sales licenses on an annual-renew basis...makes me think yes.  Wish I knew more...sorry.

[bobbybdennis]

1 minute ago, Stu_Bear said:

The fact sonicwall sales licenses on an annual-renew basis...makes me think yes.  Wish I knew more...sorry.

I literally set these up all the time for clients, you'd think i know lol but i found good deals on ebay., but  i knew it wouldn't be as simple as pluggint it in and going

[Lurick]

From what I can tell yes you need a subscription for the appliance which seems to run, for the lower end models, around $400/year

https://community.spiceworks.com/topic/2154726-sonicwall-subscription-pricing-am-i-missing-something

 

Edit:

I did miss something, you get basic functionality without a subscription but you don't get updates, etc.

https://community.spiceworks.com/topic/1409557-sonicwall-tz210-unregistered-can-i-still-use-it-for-basic-functionality

[Scheer]

We are trialing Meraki gear right now, the firewall is great, but their client VPN really sucks... so I did some looking into it and sometime soon will either buy a Cisco Wireless controller (no firewall), or one of the ASA's (has a firewall) to use AnyConnect  as it is an easy way so employees can just download something, type in user/pass, and get on the network.

 

From what I can find, still not 100% sure on this though, most of them have perpetual licenses with different features enabled. If you check eBay sometimes they are ~$50 for 250 VPN users on perpetual, and some ASA's have the Security Plus license as perpetual. I haven't found a good one with AnyConnect for Mobile already licensed though, so waiting to find a good deal on one of those to play with.

[wasab]

easy, build a wall made of wood and set it on fire. surround the buildings with it. That is about as physical as it gets

[beavo451]

Do you need a commerical firewall? Open-source like PFSense does not fit your need?

[AngryBeaver]

12 hours ago, beavo451 said:

Do you need a commerical firewall? Open-source like PFSense does not fit your need?

I second this. There are much better solutions like the one above. I mean if you just want a firewall with added VPN capabilities there are plenty of consumer grade offerings for that and you also have 3rd party firmware if you need more advanced features.

[CreativeName6426]

I didn't even know a physical firewall was a thing before I saw this thread. I read the title and thought of a burning wall.

[dalekphalm]

3 minutes ago, J4C0B 4W3S0M3 said:

I didn't even know a physical firewall was a thing before I saw this thread. I read the title and thought of a burning wall.

They're Enterprise devices - while a few have been made over the years, there are little to no firewall appliances in the consumer market.

 

Almost every enterprise has a dedicated firewall (either physical appliance, or firewall virtual appliance running as a VM).

[Bombastinator]

7 minutes ago, dalekphalm said:

They're Enterprise devices - while a few have been made over the years, there are little to no firewall appliances in the consumer market.

 

Almost every enterprise has a dedicated firewall (either physical appliance, or firewall virtual appliance running as a VM).

@J4C0B 4W3S0M3 Appliance in this case means a specific dedicated computer that is the connection to the internet.  All network traffic has to go through it. 

Edited January 15, 2020 by Bombastinator
Derp

[AngryBeaver]

1 hour ago, J4C0B 4W3S0M3 said:

I didn't even know a physical firewall was a thing before I saw this thread. I read the title and thought of a burning wall.

Most people refer to them as soft/hard. Are you using software to handle the firewall or hardware.

 

In this specific case he is looking for a physical hardware firewall that is it's own stand alone unit. 

 

In the consumer space you have a router/firewall combination or a gateway device which serves as a modem, router, and firewall. That isn't even considering wifi or usb ports to mount network drives.

[Alex Atkin UK]

Its my understand that pfSense can do everything a hardware box can, its just you have to configure the software yourself vs a plug and play solution you are paying dearly for.

[bobbybdennis]

24 minutes ago, Alex Atkin UK said:

Its my understand that pfSense can do everything a hardware box can, its just you have to configure the software yourself vs a plug and play solution you are paying dearly for.

i think its just lack of knowledge on why i didn't wanna go this route. in essence i just wanna be able to give my buddy access to our game server from his house with out teamviewer. I might need to look up some guides for PFsense 

[dalekphalm]

58 minutes ago, Alex Atkin UK said:

Its my understand that pfSense can do everything a hardware box can, its just you have to configure the software yourself vs a plug and play solution you are paying dearly for.

While pfSense will definitely require more configuration, we should be clear that even an enterprise firewall isn’t really plug and play. Sure you COULD do that with minimal configuration (just setting up your basic routing), but you wouldn’t be getting the majority of the benefits without diving into the config s and building ACL’s (access control lists) and other rules. 

[bobbybdennis]

12 minutes ago, dalekphalm said:

While pfSense will definitely require more configuration, we should be clear that even an enterprise firewall isn’t really plug and play. Sure you COULD do that with minimal configuration (just setting up your basic routing), but you wouldn’t be getting the majority of the benefits without diving into the config s and building ACL’s (access control lists) and other rules. 

Yea i just know how to set those up lol since i work for an MSP and setup watchguards all the time, just wasn't sure if i bought one used on ebay how that worked with havin the mobile SSL VPN feature they have ( which i love)  but i'm definitely open to trying pfsense, since i do see it is free and free is good.

[dalekphalm]

1 hour ago, bobbybdennis said:

Yea i just know how to set those up lol since i work for an MSP and setup watchguards all the time, just wasn't sure if i bought one used on ebay how that worked with havin the mobile SSL VPN feature they have ( which i love)  but i'm definitely open to trying pfsense, since i do see it is free and free is good.

You'd have to contact Watchguard to find out for sure - it would really depend on if the VPN licenses were device based or account based. If they are tied to the device, then a used one should bring it's old license with it.

 

Worst case, you might have to buy a new license from Watchguard - you'd want to talk to them for pricing.

[bobbybdennis]

On 1/16/2020 at 12:50 PM, dalekphalm said:

You'd have to contact Watchguard to find out for sure - it would really depend on if the VPN licenses were device based or account based. If they are tied to the device, then a used one should bring it's old license with it.

 

Worst case, you might have to buy a new license from Watchguard - you'd want to talk to them for pricing.

Ended up just buying a tiny monitor from the thrift store, allowed unattended access for my buddy with team viewer lol. overall cost: $14