Router vs. Firewall

[zumllc]

I'm considering putting a hardware firewall in my new condo and skip the router all together to maximize overall network security, increase IN/OUT bound throughput and reduce individual computer resources by not having software firewalls, etc. turned on.

Here are my questions:

1. Do any hardware firewall have built-in antivirus scanning? If so, do you recommend it - pros / cons?

2. Which hardware firewall would be recommend for a 100 Mbps Broadband Service from Webpass as to maintain maximium IN/OUT bound throughput.

Any opinions on the above idea would be great. Overall, I would like to minimize any bottlenecks in bandwidth.

Cheers,
Michael

 

[YeOldeStonecat]

1) Yes. They are generally called "UTM appliances"...Unified Threat Management.

However..skipping a router? Concerned about security? Why skip a router? A hardware NAT router is your primary first line of defense for your network. I won't support a client unless their network (or even just a single PC) is behind NAT!

Brand names for pre-built units..many of them out there..Sonicwall, Watchguard, etc. You'll pay a pretty penny.

Have a spare PC and 2x network cards and a 1/2 hour of time?
www.untangle.com

Free for the basic community version. Still very affordable if you add the 2nd antivirus scanning engine (Kaspersky..one of the best).

 

[crashnburn]

I'm considering putting a hardware firewall in my new condo and skip the router all together to maximize overall network security, increase IN/OUT bound throughput and reduce individual computer resources by not having software firewalls, etc. turned on.

Here are my questions:

1. Do any hardware firewall have built-in antivirus scanning? If so, do you recommend it - pros / cons?

2. Which hardware firewall would be recommend for a 100 Mbps Broadband Service from Webpass as to maintain maximium IN/OUT bound throughput.

Any opinions on the above idea would be great. Overall, I would like to minimize any bottlenecks in bandwidth.

Cheers,
Michael

PS: Wow.. 100 Mbps for 45$ a month. How do these guys afford it? What is their uplink?

 

[scotty]

As stonecat said, for something with Anti-Virus built in, you need a UTM device, which will typically be a bit more of a 'business class' device. Watchguards are my favoritve, but there there's others as Stonecat mentions. For something that's supposed to handle "100mbps", you're probably going to want a business class device anyway... Generally only people like ISP's and bigger corporations are going to have connections that fast, and typically their setups are a lot more complicated that throwing a UTM firewall in place.

There's also the open-sourced alternatives, like pfsense, monowall, untangle, that can be put on any PC. Those are usually my preferences in the home space. These will be the best bang-for-buck compared to a commercial solution.

And I dont know what will best handle a 100mbps WAN link. I can't say as I've had a client who's ever had a connection that fast. Most of the largest companies I've worked for like big oil & gas companies tend not to go past 25Mbps synchronous. That's a crazy connection for a condo dude.

 

[Brandon]

Cisco ASA's have about the highest throughput you can find right now (Not considering OpenSource). I personally love mine, but it takes some doing to get it working, and working right.

NAT isn't routing, in the sense you're thinking, all firewalls will NAT. Routing can be handled by a good SmartSwitch, routers aren't really used in the new networks.

Routers where designed when most networks ran on HUBs, then dumb-switches allowing for more expansion. My current work network runs on Cisco Catalyst 4500 switch systems, using a Cisco ASA 5520 as a gateway/Firewall device. We have two routers on the network, however they're only used for a 4xT1 frame relay allowing direct database access.

My home network runs off the same idea, I use a Cisco ASA5510, connected to a smartswitch, then dumb-switches.

Most routers are made for "All-In-One" home users, looking to save time, not having to worry about DHCP, or even adding a second switch in most cases. Most of them also cap at 10Mbps.

My cable currently runs at 16Mb down, 1.5 Mb up, as such, I didn't want to waste 6Mb of speed.

 

[zumllc]

PS: Wow.. 100 Mbps for 45$ a month. How do these guys afford it? What is their uplink?

I know.. crazy huh! I'm not sure how these guys afford it but they are definately expanding in the bay area with each new property going up. http://www.web-pass.com/network/online/ I used them in my other condo at the 45 mpbs speeds - its was awesome.

 

[zumllc]

And I dont know what will best handle a 100mbps WAN link. I can't say as I've had a client who's ever had a connection that fast. Most of the largest companies I've worked for like big oil & gas companies tend not to go past 25Mbps synchronous. That's a crazy connection for a condo dude.

One of my concerns with the 100Mbps WAN link is potential packet loss / corrupt data due to the router not being able to handle the speeds.

In your opinion, do you think the top routers on the Router Charts would be sufficient for my home use without getting into business class routing, etc - Such as the D-Link Extreme N Duo Media Router (DIR-855) or the earlier version DIR-655?

 

[zumllc]

Cisco ASA's have about the highest throughput you can find right now (Not considering OpenSource). I personally love mine, but it takes some doing to get it working, and working right.

NAT isn't routing, in the sense you're thinking, all firewalls will NAT. Routing can be handled by a good SmartSwitch, routers aren't really used in the new networks.

Routers where designed when most networks ran on HUBs, then dumb-switches allowing for more expansion. My current work network runs on Cisco Catalyst 4500 switch systems, using a Cisco ASA 5520 as a gateway/Firewall device. We have two routers on the network, however they're only used for a 4xT1 frame relay allowing direct database access.

My home network runs off the same idea, I use a Cisco ASA5510, connected to a smartswitch, then dumb-switches.

Most routers are made for "All-In-One" home users, looking to save time, not having to worry about DHCP, or even adding a second switch in most cases. Most of them also cap at 10Mbps.

My cable currently runs at 16Mb down, 1.5 Mb up, as such, I didn't want to waste 6Mb of speed.

Thanks for this insight! The 'all-in-one' router does lend itself to many efficiencies (cost, space, setup) however, your concept described above makes lots of sense for maintaining the performance and security of the WAN. I must say the ASA models are pretty expensive from what i've seen for a home / small business user - I'll be looking into this to see if it will be cost effective for me.

 

[zumllc]

Have a spare PC and 2x network cards and a 1/2 hour of time?
www.untangle.com

Free for the basic community version. Still very affordable if you add the 2nd antivirus scanning engine (Kaspersky..one of the best).

I just check out the untangle product. very impressive and i especially like the 'pre-installed servers' they offer. i will be looking into this solution as my first line of defense and routing. great solution! Thanks for this.