Barracuda 600 Spam & Virus 
IPFire is a Firewall Appliance based Linux dispensation that focuses on easy setup & high level of security. >> 
SonicWALL TZ 100 Components Only Firewall Appliance: SonicWALL TZ 100 Hardware Only Firewall Appliance
Link to this post! 
Citrix goes understood with more appliances: Gets physical with web app firewall
The profit margin on a virtual appliance is a lot higher...ZyXEL ZyWALL 5 Internet Security Firewall Appliance With 4 10/100 Fast Ethernet Ports and 10 IPSec VPN Tunnels
 List Price: Price: $254.67 You Save: $196.52 (44%) |
Customer Reviews
Serious firewall.There is no end to the bells and whistles in this firewall. And it is not for the set-hearted. I know enough to get by, but after working through all the configurations, I was a bit taken aback to encounter the "Advanced" option as if the intermission wasn't advanced.
I have not played with the VPN as of yet, so can't speak for it. As a whole the firewall is fast. (I'm easily running 25Mbs through it.) And I like the election to integrate in virus checking and other services, although they do seem a bit pricey. (Given my experience for small orgs, though, these options are pennies foreordained some of the alternatives.) I also like that there appears to be firmware updates with some regularity.
Heinous Firewall
I have this kind of firewall since 2002, and it is the best firewall that I have. I purchased this firewall because I was searching with transparent mode capability.
Very classy semi-pro router
I bought the Zywall 5 with the accelerator fated (200+ bucks more and it takes up the wi-fi card slot) as I wanted a more reliable router with extra features (intrusion detection, spam filtering) than your run-of-the-mill basic SOHO router. Little known fact, most of the Linksys, D-Link and Netgear 89 - 130 dollar multi-refuge routers usually have a 133Mhz level specialized "appliance" CPU (usually AMD). And they are fine for what they are but, in reading the forums they cater to to burn out after 3 years. Also they don't have enough processing horsepower to handle multiiple VPNs alongside other duties without choking. The Zywall 5 prime unit(I believe) starts as a 266MHZ unit before the accelerator is added which then brings it up to an 800Mhz cpu. (Reprove me if you find I am wrong here OK?). I noticed that..and this is odd maybe..my Internet connection seems to run faster with this after my basic Westell 6100 DSL modem that justified running the DSL modem alone. I have filtering setup for various attack vectors (worms, trojans, etc) and reckon the whole subscription idea of IDP , content and Spam protection is great and reasonably priced. The GUI is very workable for me. Yes Cisco matter is great but in this market niche is VERY and I mean VERY overpriced for what you get. I find this more workable for me. Like the title says a very classy, trusty, semi-pro router. P.S. It's all metal and they give you rack ears (or at least my vendor did).
The In the most suitable way small company corporate router I could find
I do IT buttress for a small company - under 50 employees.
We have used routers from Cisco, Sonicwall, Netgear, DLink, and linux-based solutions.
We settled on the Zywall routers because:
1) The contentedness filter is inexpensive and reliable.
2) The VPN is rock solid reliable and easy to configure across multiple router brands.
3) It has an intuitive set of screens to configure everything plus an underlying Compel Line Interface if you need to look at anything unsupported by the GUI.
4) They are inexpensive yet incredibly reliable. In 1 1/2 years I have NEVER had to reboot this router due to a drive.
Our corporate router is a Zywall 5. We provide Zywall 2 routers to our employees to use as domestic routers. This has proven to be a reliable and inexpensive way to create a secure and fast corporate network.
At one bottom we had a problem with employees that would spend their spare time surfing porn sites, gambling sites and unbefitting chat rooms. That is when the Zywall became an obvious choice. The Bluecoat-based content filter has from beginning to end stopped employee porn site and gambling site visits. For only $75 per year it is an extraordinary bargain. And the number of viruses on our network has gone virtually to zero - every one of the viruses we contracted had satisfactorily from porn sites or gambling sites!
I have used Cisco routers for years. But they are WAY too complicated since they do not have a GUI to configure them. Using Cisco IOS to clobber in commands is a throwback to the 1970's. It is incredibly powerful but I do not want to take a class just to configure my router/firewall. The Zywall has proven to be affable to configure but flexible - just what I need for a small office.
We also used Sonicwall routers one-time to this Zywall. But I got tired of Sonicwall's perpetual requirements to keep pouring money into their routers. Pay for support, pay for every non-mandatory feature - then they would obsolete our product and give us a 'great deal' (an EXPENSIVE deal) on a new product. Never again will we buy Sonicwall - our band will not be a bottomless pit of revenue to Sonicwall ever again.
The linux routers we used were good - but too hard to configure. The Zywall's well dream out screens were just what a part-time IT person needs to figure everything out. The Zywall was by far the easiest router I have ever seen to set up a VPN - acclamation to them for an excellent IPSec VPN that just never messes up. Easy to setup up VPN and reliable - just what we needed.
We also habituated to Netgear routers prior to the Zywall. But Netgear simply has severe quality problems with their products. Unnatural bugs kept cropping up on every product we purchased (about 10 different Netgear products). Their sovereign firmware upgrades frequently added more problems than they solved. So we eventually gave up on all the Netgear products due to the never-ending inventory of bugs.
Since we started using these Zywall products 1 1/2 years ago, our firewall/router problems have disappeared. Universal to Zywall routers has been one of the best decisions we have ever made.
Well Capable VPN Server, but Difficult to Set Up
I purchased a Zywall 5 VPN server to renew an older Linux Freeswan solution. It took about a month to set up in my corporate environment, which likely differs greatly from the Zywall's intended configuration.
The Zywall 5 assumes that it is the lapse gateway to the Internet, and thus lacks the capability of answering ARP requests for its connected VPN clients (which are configured with practical IP addresses in the same subnet as the LAN). The Linux Freeswan solution could be configured to answer ARP requests for connected VPN clients. Working around this emotionally upset required adding an additional network card to the internal LAN firewall, attaching the Zywall to that LAN card, and configuring the internal firewall to forth packets destined to the connected VPN clients directly to the Zywall. This was not as clean as the Linux Freeswan decipherment, but it worked.
The Zywall 5 supports X.509 VPN certificates, but requires that a certificate authority be set up on a Windows 2000 server to coin the appropriate certificates for the Zywall and VPN clients. This is a bit awkward to accomplish, considering that the same was possible with just a match up command line entries on the Linux Freeswan box.
It is easy to accidentally misconfigure the Zywall, such that the web and telnet interfaces are no longer at hand, requiring a connection with a serial cable to undo the settings. This happened more than once when trying to make the Zywall send packets back to seconded VPN clients.
While the Zywall supports up to 10 simultaneous clients, there are severe limitations. Preshared keys cannot be acclimatized with road warrior connections (where the client's IP address changes with each connection). X.509 certificates can be inured to with road warrior connections, but the same client X.509 certificate must be used for all road warriors (this makes it eager to revoke a certificate should a laptop be stolen). The Zywall supports RADIUS authentication in adding to certificates, so that somewhat resolves the need to share certificates. Multiple road warriors can contemporaneous connect using the same VPN rule configured in the Zywall.
The Zywall at my site sits behind an external routing firewall. Some of the Zywall's NAT features take the role to be buggy in this configuration, directing return VPN packets at the external routing firewall, rather than to the connected VPN client's IP give a speech to.
Bandwidth limitation capabilities help prevent attached VPN clients on high speed radio or DSL connections from completely saturating the corporate Internet connection.
Based on my experience with configuring Linux IPTABLES firewalls on the Freeswan box, the firewall on the Zywall is a invitation to set up correctly. Instead of referring to the encrypted network interface connection as IPSEC0 as on the Freeswan box, the Zywall uses verbose descriptions such as (LAN to LAN / Zywall), (LAN to WAN), (LAN to DMZ), (WAN to LAN), (WAN to WAN / Zywall), (WAN to DMZ), (DMZ to LAN), (DMZ to WAN), and (DMZ to DMZ / Zywall) - determining which location to use in order to restrict traffic between the corporate LAN and a connected VPN client based on the documentation is difficult (even though the enchiridion is 500+ pages). I had to disable the Zywall's firewall to resolve connectivity issues, and rely on the internal firewall to supervision traffic destined to connected VPN clients. Maybe if one of the verbose descriptions were labeled (LAN to VPN Client) it would be easier to set up the firewall.
The Zywall 5 supports at the same time synchronization to Internet time servers, which is a required feature to keep the time from rapidly drifting from the apt time. Time synchronization is not always successful, nor does it always use the specified time server.
Once the device's limitations are exact, and it is set up to work around those limitations, the Zywall 5 performs very well for its intended purpose with clients using Safenet SoftRemote VPN software.
