Domain: sonicwall.com
Stories and comments across the archive that link to sonicwall.com.
Comments · 24
-
Re:So, let me get this straight
http://www.sonicwall.com/us/en/products/SuperMassive_E10000.html
It can be done. I have no idea what Comcast uses, but SonicWALL is known for bufferless UTM (DPI, malware, anti-virus scanning, intrusion prevention) in real-time. It eats cycles, but the throughput capacity per model is documented with UTM enabled.
All this technology that was thought to free mankind, is in fact enslaving us.
-
Wipeout HDD & Get a low-end SOHO Firewall Rout
1. Get him a new e-mail address & don't associate it with any social media apps, especially facebook
2. Change his phone number, unlisted
3. backup data to a HDD
4. repartition & format primary HDD, install OS (assuming win32)
5. install an "Internet Security Suite" from either: Kaspersky, BitDefender, Eset
6. install SOHO Deep Packet Inspection Firewall with VPN (~$300), ie. Sonicwall TZ100 (recently acquired by Dell):
http://www.sonicwall.com/us/products/TZ_100.html
- review of TZ100: http://www.techrepublic.com/blog/products/review-sonicwall-tz-100-router/989
- this might be astroturf comparison of Sonicwall vs. Cisco, but worth a read:
-
Re:The Only One I've Seen..
No offense, but you're doing it wrong. We have clients that purchased SonicWALLs as a solution to block websites. Specifically Facebook. The product works. I personally admin them for our clients.
I'm not sure what unit you're using or version of OS, but with SonicOS 5 on a TZ100 or 200 series perform the following...
Log in as admin and go to the following page.
Security Services --> Content Filter --> Content Filter Services --> Configure --> CFS tab --> check off "Enable HTTPS Content Filtering"
For the rest of Slashdot, feel free to check out their GUI simulator at https://tz200.demo.sonicwall.com/main.html
-
Re:Ugh sonicwall
They have a whole new product line now which is completely unrelated to their SMB gear. Check out SuperMassive. http://www.sonicwall.com/us/products/SuperMassive_Series.html
-
Re:HTTPSYes they can. From SonicWall's Press Release:
SonicOS 5.6 adds a new deep packet inspection (DPI) engine for SSL encrypted traffic, which has increasingly become a blind spot in many firewall, content filtering and data leak protection schemes today. Bad guys have begun using encryption technologies against the very security communities that made them popular, using encryption to avoid the HTTPS protocol to bypass filters and expose networks to malware attacks.
-
Re:World domination 201
I used an XP x64 workstation at work for two years, as a developer workstation - worked great.
Same here. Using XP64 since it was available as a free download on MS. Stable as hell (and it should be, since it's based on the 2003 codebase but without the cruft).
The biggest hurdle has been specialty drivers. Nikon, for instance, refuses to offer 64-bit drivers for their professional scanners. The *only* option (besides reverting your OS) is to install a 3rd-party program (VueScan). So, a 3rd party software company can somehow figure out how to write 64-bit drivers for hardware that the manufacturer themselves can't write drivers for? Sure, Nikon.
SonicWall tried the same bullshit with their VPN client, at least until their business users cried bloody murder. Took them nearly 5 years to release a driver, and it's still a Beta!
Of course, Vista64 users are in the same boat, so I don't understand why people think XP64 is special in this regard.
But I digress...
-
Re:APPLE STOP HURTING INNOCENT ANIMALS
I would rather take a nice walk in the park and feed sqiuirrels
But 'Safari' sounds a lot cooler than 'Bag of Peanuts' as a name for a browser.
Their former browser was called "CyberDog", and it referred to a dog just strawling around the cyberspace. "Safari" also feels like a nice trip, but in less comfortable places. Just fyi'ing. Back on topic: the anti-phishing thingy was something I was waiting for: Mac-users aren't immune to phishing, whatever they say. I did the Sonicwall Phishing Test http://www.sonicwall.com/phishing/ with my class and none of my students passed. Most of them too gullible. Something Mac-users might or might not recognise. Good test though, absolutely worth taking!
-
is there an open source project that does this...
http://sonicwall.com/us/products/2057.html
CDP detects new or changed files, even when files are open. When this information is found, CDP immediately and automatically replicates it to dedicated hardware locally. Unlike most traditional backup products, no user intervention or additional software or hardware is required with CDP.
It also keeps track of 15 versions of a file, so you can restore any or all of them.
-
Re:How is it blocked
Most firewall appliances currently sold offer "Deep Packet Inspection" - and ones that can handle around a full gigabit of traffic with full inspection cost around 10k.
(For example, the NSA 7500 http://www.sonicwall.com/emea/4986.html)
So it should be easily possible to scale a system that handles chinas internation internet traffic (100 Gigabit? 1000 Gigabit?)
-
Re:I just installed Ubuntu....
You can get Linux + Openswan to work with SonicWall's VPN.
http://www.sonicwall.com/us/support/2134_3286.html -
Backup Solution
-
Re:Try a local company
On the networking component side, I've had decent luck with SMC switches, though, of course, HP's switches are really nice, too (hence why they cost so much). On the router side, Cisco is great if you can afford it, but for a place with 50 people, it's probably overkill. I've had tolerable luck with Netgear ProSafe firewall/routers, but they can be really simplistic. Sonicwall makes some easy-to-use, versatile firewall/routers, but I'm not a big fan of their per-connection licensing scheme. Fortinet makes some competitively priced mid-range firewall/routers with decent anti-virus scanning abilities, which is nice, and they're incredibly flexible. I've even been able to configure them to connect to Windows servers using LDAP and control user access to the Internet through them, which is pretty nice, and their routers are SIP-aware, which is handy if you plan on doing any in-house VoIP work. However, that flexibility comes at a price - they are REALLY quirky. Be ready for a serious learning curve if you've never dealt with one before.
-
Re:Not enough information
Sonicwall also has clientless SSL VPN devices that allow for AD integration for authentication. http://www.sonicwall.com/products/sslapp.html
-
plenty of appliances...
-
People still use WEP?
Who still uses WEP? The weeknesses in WEP have been known for some time, and there have been more than a few working crackers in the wild for quite a while now.
WPA is the money. It's far more secure than WEP in that it has key rotation, and some of the snazzier base stations already support AES as the cryptographic algorithm. Most older stations with dilligent vendors will at least support WPA with TKIP (RC4 with rotating keys), since it's a trivial addition from a compute-intensiveness point of view.
That said, if you do insist on sticking with WEP (some people prefer classic cars to modern ones as well, I guess), or even less (ie, run an open base station) at least ensure that your access point is configured to only allow your specific MAC (as well as those you trust) to peer with it. This will at least keep the bandwidth sucklers off your back.
Unless, of course, being suckled upon is what you like. At that point, do what you want. I'm Canadian, so my personal bandwidth is everyones bandwidth.
Ahhh... socialism.
:)As for PPTP, switch to using KAME, FreeS/WAN or your IPSec implementation of choice. You can, of course, even use IPSec to do transport level encryption for your wireless connection if your base station doesn't support WPA, though you would need additional boxen to do this, of course.
Both of these (WPA and IPSec) provide the same functionality as what they replace (WEP and PPTP) with additional security benefits. We moved to WPA for our corporate access points over a year ago and have been running a 100% IPSec (SonicWall, specifically) VPN for just as long. They're functional, production tested and very secure.
Don't wait. Do it now.
-
Randomizing the IP ID (w/SonicWall)The current firewalls aren't rewriting the IPid field anyway.
Not true. For at least a couple years now the SonicWall firewall has the option to randomize the IP ID.
-
"What more could you possibly want?"
An embedded, dedicated solution?
Don't get me wrong, though I've personally not used a BSD as a firewall, I know people who have, and they're happy with it, completely happy. But I really prefer something which was built from the ground up to be a firewall and ONLY a firewall.
I've worked extensively with the Sonicwall devices, and I've also heard some good things about the WatchGuard Firebox series. Then again, if you want to go gung ho all out and out, you can get a Cisco PIX.
Basically, for me, it boils down to having a specific device for a specific job, as opposed to having a general purpose piece of software running on commodity hardware for a specific job. -
Re:Shouldn't this be placed under a different sect
Additionally, it is very possible to accelerate SSL in hardware. In fact, the Sun project page [sun.com] itself talks about integrating ECC and SSL support into a hardware accellerator.
And there are lots of companies that sell stand-alone SSL accellerators.
-
Sonicwall
With a Sonicwall PRO series firewall, it is possible to specify a list of "trusted domains" to allow ActiveX to.
-
SonicWall SOHO
I'm pretty pleased with my SonicWall SOHO -- very plug and play, if that's of value to you.
-
my school
My school uses a packet shaper and firewall combination. The firewall stops all incoming traffic that didn't originate from inside the firewall. Ie, i can connect to outside, but outside cannot connect in. So therefore, since i work for an ISP outside of campus, i can't get into my freebsd box to get any personal work done, while not in my dorm room(yes they block all non-originating traffic in from everything but the dorms). So therefore, Code Red would of had no effect to dorm room students, unless someone got infected on purpose. I will propose putting a limit on people, like a Gig a day or something so people won't run pr0n sites(the reason the firewall was put up).
-
Er, for 100Mbps, get a real firewall!
I just checked the Linksys BEFSR81 and it is in the same boat, 10Mbps on the WAN side. And I don't really call those NAT devices "firewalls". I think "firewall" gets overused like "3-D accelerator". So if you are talking a 100Mbps connection, why not get a real firewall? Or at least add a little protection with a DMZ port on the firewall.
On the cheap, you could build a headless Linux or OpenBSD box with three (3) 100Mbps NICs for under $500. I've had great success with Linux IPChains for all kinds of configurations (e.g., setting up a "test" server internally and properly routing it for internal systems so it appeared on a public IP), etc... I'm starting to get into OpenBSD (the various BIND 8 hacks make me think that Theo knows what he is talking about when it comes to OpenBSD sticking with BIND 4
;-).Otherwise, the SonicWall PRO is an excellent box that can be found for under $2,500. It features 100Mbps for WAN, DMZ and LAN. Excellent boxes for the price, good feature set (although the logging good be improved a bit, but everything else is great). Personally used these solutions as well (and identified a few trojans that people had accidently downloaded and installed on their PC with IE/Outlook). I even had an external server on it's DMZ port get hacked (c/o a known BIND 8 exploit that I failed to patch), but the internal systems on the LAN port were left untouched.
BTW, I just came up a good analogy yesterday on a LUG list regarding firewalls:
- Open Door = Nothing
So "passer-bys" can see in. - Closed Door = Private Network Router
So "passer-bys" can't see in, but they can still get in. And you can easily get out. - Closed Door w/doornob lock =
Basic firewalls, non-ICSA certified "black box"
A bit of difficulty to get in. You can still easily get out. - Closed Door w/doornob & deadbolt lock = SonicWall, ICSA-certified "black boxes"
Much more difficult to get in. Blocks some things from getting out (and you can add limitations too). - Closed Door w/doornob & dual-keyed deadbolt lock =
Linux, OpenBSD and complete custom firewalls
Hard to get in when properly configured. Doesn't allow poorly designed protocols to get out by default.
Problem: Like a dual-keyed deadbolt lock, sometimes you leave it unlocked because it is a pain to deal with (or leave the key in the inside lock).
-- Bryan "TheBS" Smith
- Open Door = Nothing
-
SonicWall has ICSA-certified firewalls for $400+
I concur with just about everyone here that the Linux Router Project (LRP) is a floppy solution that can run on even a lowly 386 CPU. You should be able to find such a system for $50, and not have to spend the $$$ you mentioned.
Otherwise, if you really don't want to use a PC, I'd grab something like the SonicWall SOHO/10 for around $400. As of last year, SonicWall's products were the only ICSA-certified firewalling products for under $4K. The SOHO/10 is a little 25MHz 68300-powered Coldfire running some RTOS (probably VxWorks). The SOHO/10 allows upto 10 nodes transparent access out, and even provides one-to-one NAT (private-to-public IP mapping) if you want to share out services, which you can filter, of course, by service.
Just FYI, their high-end product, the SonicWall PRO, is powered by a 233MHz SA 110 StrongArm chip and features a myrid of VPN and encryption options built-in, along with a DMZ port. It lists for $2995, not bad for its capabilities. But I figure you're not looking to spend THAT much.
;->>>
-- Bryan "TheBS" Smith
-
Peacefire blocked by our filter...
We use a Sonicwall unit for DHCP/VPN/filter here at work, and it blocks the peacefire.org site with the following codes:Code:abcdefghijkl - 00.C0.F0.48.51.E0 - www.peacefire.org
Here's the breakdown on what those letter codes mean
- a = Violence/profanity
- b = Partial nudity
- c = Full nudity
- d = Sexual acts
- e = Gross depictions
- f = Intolerance
- g = Satanic/cult
- h = Drug culture
- i = Militant/extremist
- j = Sex education
- k = Gambling/illegal
- l = Alcohol/tobacco
Time to let their filter people know about this "oversight"...