Good Firewalls

[Canada EH]

I am planning to build a system for my friend and need to know what are some good firewalls?

 

 

[knightslugger]

pfSense if you're into straight-baller status firewalls.

[leadeater]

Sophos UTM Home Edition, which is free.

[Lurick]

Dual Cisco ASA 5585s with SSP60 and a CX60 along side a FirePower 4160, if you have about $100K to drop  

[Canada EH]

Forgive my ignorance of online lingo but what is "straight-baller"

[Mornincupofhate]

22 hours ago, knightslugger said:

pfSense if you're into straight-baller status firewalls.

Pfsense will shoot both of it's knee caps during a ddos attack 

[knightslugger]

26 minutes ago, Mornincupofhate said:

Pfsense will shoot both of it's knee caps during a ddos attack 

meaning it's vulnerable to ddos attack? I don't catch your meaning.

 

baller ... as in basketball-er ... is superstar status.

[Canada EH]

Its the new-age lingo knightslugger.

 

Take a cue from the hard of hearing people, they just nod and smile and agree when the other people dont get the hint to speak up or speak more clearly. In this case, we both have no clue what he means by " straight-baller status" so thats what we do. Nod, Smile and Agree, then Smile and Wave. Then daydream of a tropical beach with beautiful ladies around drinking an ice cold drink.

 

Or as the great musical group Headstones song, Smile and Wave.

 

There is however the TV show Ballers starring Dwayne "The Rock" Johnson of WWF fame.

[Mornincupofhate]

3 hours ago, knightslugger said:

meaning it's vulnerable to ddos attack? I don't catch your meaning.

 

baller ... as in basketball-er ... is superstar status.

Meaning pfsense will absolutely die in small ddos attacks, even if they don't saturate your line. 

I had mine in a datacenter with a 1gig line, 6 cores, and 64gb of ram. The attackers send 100mbps and the thing crashed with all of my servers behind it.

[Canada EH]

Yes, uh huh, oh really, yeah, wow, ok, uh huh, yes *smile* oh really, ok, wow

You lost me at DDOs attacks

[leadeater]

1 hour ago, Mornincupofhate said:

Meaning pfsense will absolutely die in small ddos attacks, even if they don't saturate your line. 

I had mine in a datacenter with a 1gig line, 6 cores, and 64gb of ram. The attackers send 100mbps and the thing crashed with all of my servers behind it.

This is why for any significant connection speed or enterprise use case I always recommend a hardware appliance with ASIC. Of course this isn't a one size fits all thing either though, ASIC isn't a magic bullet. You can also have a front-end firewall with ASIC to do stage 1 filtering then have a another back-end firewall to deeper inspection.

 

https://www.fortinet.com/products-services/products/fortigate/fortiasic.html

http://www.thebarriergroup.com/asic-vs-standard-processing-chips/

[Mornincupofhate]

13 hours ago, leadeater said:

This is why for any significant connection speed or enterprise use case I always recommend a hardware appliance with ASIC. Of course this isn't a one size fits all thing either though, ASIC isn't a magic bullet. You can also have a front-end firewall with ASIC to do stage 1 filtering then have a another back-end firewall to deeper inspection.

 

https://www.fortinet.com/products-services/products/fortigate/fortiasic.html

http://www.thebarriergroup.com/asic-vs-standard-processing-chips/

How much is a reasonable amount for one of these firewalls? Thinking about getting one.

[leadeater]

9 hours ago, Mornincupofhate said:

How much is a reasonable amount for one of these firewalls? Thinking about getting one.

I use a FortiGate 60D at home which is the cheapest fully (almost) featured FortiGate firewall that supports VDOMs and most SSL features. It's around $600USD for it but if you have a 1Gbps internet connection a 100D or the new 100E would be much better at around $1700USD.

 

As a warning though FortiGate firewalls need a FortiGuard subscription for the advanced UTM features to work which is an ongoing cost. A 1 year 8x5 FortiCare & FortiGuard renewal for a 100D $900USD.

[leadeater]

9 hours ago, Mornincupofhate said:

How much is a reasonable amount for one of these firewalls? Thinking about getting one.

I use a FortiGate 60D at home which is the cheapest fully (almost) featured FortiGate firewall that supports VDOMs and most SSL features. It's around $600USD for it but if you have a 1Gbps internet connection a 100D or the new 100E would be much better at around $1700USD.

 

As a warning though FortiGate firewalls need a FortiGuard subscription for the advanced UTM features to work which is an ongoing cost. A 1 year 8x5 FortiCare & FortiGuard renewal for a 100D $900USD.

[Canada EH]

Pricey, but what about home pc users.

 

Is Microsoft Defender, MSE and Malwarebytes - and a cable ISP router with a current after-market wireless router enough?

[leadeater]

44 minutes ago, Canada EH said:

Pricey, but what about home pc users.

 

Is Microsoft Defender, MSE and Malwarebytes - and a cable ISP router with a current after-market wireless router enough?

Generally speaking yea. Any decent home router with their 'true firewall' and NAT, plus a reputable anti-virus software will keep you safe. I also add on to that always use an ad-blocker as extra layer of protection.

 

Most issues are user initiated where no firewall is going to help and no spam filtering is perfect or anti-virus. Best protection is awareness.

[Quindor]

Depending on your needs and wishes you can look into three categories:

• Consumer grade (All the Asus, Netgear, TP-Link, etc.)
• Pro-sumer grade (Mikrotik, Ubiquiti, etc.)
• Pro grade (Fortinet, Cisco, Juniper, etc.)

Most home users will be very happy with consumer grade hardware. People with more advanced setups (home or small business) get pro-sumer equipment and if you're into the stuff or run a (bigger) business you need pro grade equipment and features.

 

So maybe you want something like this?... But probably, judging from your technical knowledge in your replies I think you should definitely stick with consumer grade equipment, because with each grade the ease of setup goes down (but gains in flexibility and features). The same goes for price.  

 

[Canada EH]

Here is what I learned about which ones are good.

Paid - Bit Defender, Kaspersky

Free - Avast (Popular), Malwarebytes

Other popular - SOPHOS, Panda, Avira, Comodo.

Bit Defender and MSE

I've always been interested in ESET NOD 32 and Bit Defender, I always try to find if there are any sales on. Sometimes they sell old software for cheap. Like 2012 Panda software for $1, last version 8 of ESET NOD 32 for $10, current V9 is $30cdn.

.

I stay a mile away from anything Norton. I read they are bloated and slow.