Welcome to the Hardware Firewall Security Guide - Chapter - SoHo Hardware Firewalls:At first, SOHO means: Small office – Home office. A category of products or services designed to appeal to those working from home. These people are also known as teleworkers or mobile workers. SOHO VPN hardware firewalls often used to build a secure VPN (virtual private network) connection to the company network to get their emails and files which contains sensitive details. More information about VPNs and how a VPN connection works. All firewalls below are suitable for VPN connections. Most of these firewalls comes with a 4 port switch to share home office users a DSL/cable connection, so you also can use your SOHO firewall as a kind of normal router.
My favorite SoHo solutions are from:
1. SonicWALL - The SonicWALL SOHO3, which include an ICSA-certified stateful packet inspection firewall. The SOHO3 is a flexible firewall security solution for small businesses or branch offices. It offers a variety of configuration and service options, including a choice of 10, 25, 50 or Unlimited node configurations, IPSec VPN, and support for the comprehensive portfolio of SonicWALL security services.
2. Checkpoint - An other option for a fantastic home firewall solution is the Check Point Safe@Office firewall. This firewall, from the industry leader in firewall technologie, comes also in a wireless and wired version. The Check Point Safe@Office 400W is the wireless one and delivering advanced performance and comprehensive security in a single plug-and-play solution.
3. Nokia - In combination of Check Point Nokia offers the IP40 which is a "Secured by Check Point" appliance and designed for the
satellite or remote office that relies on enterprise level security. The Nokia IP40 SoHo VPN hardware firewall offering enhanced VPN clustering features and enhanced VPN performance, the IP 40 is an ideal solution for the network security administrator who has already standardized on Nokias security platforms for CheckPoint VPN-1 / FireWall-1 implementations and wants to deploy security solutions in small branche offices.
4. Symantec - The third solution which i can advise is the Symantec SOHO firewall.
5. Watchguard - Watchguard offers the Firebox SoHo 6, which is a good one when you concerned about ease-of-use and maintenance, and search for a plug-and-play hardware firewall. The Watchguard solution starts at $240 for the wirded one and the wireless Firebox SoHo 6 costs about $420. Special feature: the watchgard firebox has an integrated DoS Protection and a Stateful Packet Filtering for more flexibility to set up your security policies or security rules.
6. Cisco - A stable SoHo firewall is offered by Cisco Systems. The model pix 501 from Ciscos 500 hadware firewall series is a wired and stable firewall for your home office. Cicso said, the PIX 501 delivers enterprise-class security for small offices and enterprise teleworker environments. In my opinion the PIX 501 is one of the best firewalls on the planet, but it's much more expensive than a Check Point solution. If you want to integrate your firewall into a existing Cicso VPN network, the Cisco PIX 501 is more compatible than any other firewall solution. The PIX501 delivers up to 60 Mbps of firewall, 3DES and AES throughput.
7. Pyramid - Pyramid, a German based company offers the BenHur box, which is a very tiny (HxWxD 1.2X4.7X3.1 - inch) and cheap "all in one" solution, often used for smaller- or home offices. The BenHur box is the right solution for you, if you looking for a professional personal firewall to connect secure via VPN to your companies network, want to monitor the network traffic in real-time. The box protects internal network traffic in both small and large company networks from viruses, data espionage and manipulation. The BenHur box is a personal security appliance with hardware-based encryption. Note: BenHur is also compatible to VPN solutions of other manufacturers.
8. DLINK - DLINK, a company famous for their DLINK routers and modems offers also a hardware based firewall which is shipped as a wired firewall box and some interesing features like a bandwidth managment. You can secure your network AND manage your bandwidth from the connected users in one box, for example you can define a value of a max. bandwidth for different network services. The box comes with the Dlink security technologie - Netdefend.
9. Astaro - Astaro, also a German based comapny like Pyramid and leader in integrated security applications, manufacturing a small office firewall series for your branch sales office called Astaro Security Gateway 110.
10. Juniper NetScreen - Juniper, well know as router manufactor has bought NetScreen, a leader in firewall technologies, in february 2004. The NetScreen 5GT provides a cost-effective security solution for remote sites, regional offices, retail outlets or working from home people. The Juniper Networks NetScreen 5GT SoHo firewall is a feature rich enterprise-class network security solution with one Untrust 10/100 Ethernet port, four Trust 10/100 Ethernet ports, a console port and a modem port. The NetScreen 5GT is designed to be upgradeable to support embedded virus scanning using TREND MICRO AnitVirus technology. 5GT is using the same firewall, VPN, and DoS mitigation technology as NetScreen's high-end central site products.
11. HotBrick - HotBrick offers a low cost VPN version of their SoHo firewall series. The Hotbrick SoHo 401 VPN delivers all the key features like Network Address Translation (NAT) and a Stateful Packet Inspection (SPI) against hackers and DoS to protect you home office and connect through VPN in your company. The 4 port 10/100 layer 2 switch allows you to share your internet connection with up to 4 users by itseld or with up to 253 users using other switches.
12. AlphaShield - AlphaShield is a Canadian company specialized in manufactoring a lowcost hardware firewall box with a kind of unique technology like the AlphaGap, Stealth IP and the RPA Technology. The AlphaGap Technology (GAP) establish admittance to the connected computer system is disabled as it creates a virtual GAP (disconnection) following a pre-determined Internet idle interval. Access to your connected computer is supported through a Seamless Intelligent Infrastructure to advise inbound and outbound data. Without any lag, each packet of information is examined and only allows access to approved addresses. Once GAP is enabled, it can afford 100% bullet-proof computer network to the user. The Stealth Internet Protocol Technology hides the user's computer identification from being seen across the Internet or computer network, while it allows the user to effortlessly surf the Internet or network safely. Since the user cannot be identified or located, the user's risks are greatly decreased from any threats of scans, checks or attacks. The Real-time Packet Authorization Technology (RPA) appropriate Artificial Intelligence Infrastructure to check inbound and outbound data between the connected PC and the network or Internet as it inspects each packet of information and only permits access to addresses the Internet teleworker has requested. The AlphaShield firewall box allows to use VPN. It can be established by using IPSEC or any other security algorithm. In summary, this firewall box is cheap way to protect your home personal computer using a small hardware firewall box. I wouldnt use this kind of box to connect branch offices, just to connect private households securely to the net. The AlphaShield firewall is a plug and play box without any configurations and without any update processes! The box is not delivered with any antivirus software, so you have to buy anti virus protection as an extra solution. AlphaShield doesnt provide NAT for single IP operations!
13. CyberGuard - CyberGuard founded in 1996 and based in Fort Lauderdale, Florida, sells corporate firewalls and network security solutions. In 2003 they acquired SnapGear which has become famous of their embedded PCI firewalls. So today CyberGuard sells the SG635 PCI hardware firewall, which is a excellent SoHo firewall solution for a personal single desktop PC without any space to place a box around the PC. It also a good solution for data centers with web and application server farms. The PCI card comes with all modern technology like a external firewall. It is an ICSA-certified dynamic Firewall and offers features like Anti-Intrusion a DES/3DES Encryption, Logging, Routing, Traffic Shaping/QoS, VPN-Advanced IPsec VPN - PPTP client and server connections and a easy to use Web Management (is done via Telnet, SSH or HTTP/ HTTPS, using the Boa Webserver).
14. LinkSyS - LinkSyS founded in 1988 by husband and wife Victor and Janie Tsao and based in Irvine, California, LinkSyS has the vision that networking products would become an affordable commodity, allowing anyone to share documents, files, mail, and most of all, ideas between people. In 2003 Cisco acquired Linksys for $500 million in stock. So today LinkSyS is a division of the Networking powerhouse Cisco.
15. SOHOware - SOHOware was founded in 1990 in Santa Clara, California by WLAN specialist Dr. C.T. Wu. SOHOware offers an interesting firewall series called Broadguard. The BroadGuard family of firewall VPN appliances enable secure branch office communications through advanced VPN and Firewall functionality built on Intel IXA architecture. Designed to offer affordable security for small and medium business and distributed branch offices. BroadGuard offers Enterprise-class ICSA certified Firewall and VPN security in affordable appliances purpose-built for SMB networks. There are no licensing restrictions on the number of users or VPN tunnels supported, making BroadGuard a cost effective security solution that assures worry free protection of mission critical data. Based on Intel XScale processing technology with embedded IPSec accelerator for outstanding throughput performance.
Maximum Router/Firewall Throughput (BroadGuard-BBR1000): 100 Mbps
16. Global Technology Associates - GTA - Global Technology Associates, a privately owned US corporation and developer of Internet Firewalls founded 1994. With the introduction of the GNAT Box Firewall Software in 1996 GTA became the vanguard leader in firewalls for the small and medium-size marketplace. The GNAT Box Firewall Software was one of the first firewalls certified by the NCSA (now ICSA). The GB-250 Firewall Appliance are entry-level firewalls in GTA's RoBoX family with support for optional Mail Sentinel Anti-Spam and Mail Sentinel Anti-Virus add-on features, offering more power and flexibility than comparable appliances. Available in a 10 or 25 concurrent outbound user versions, the GB-250 is designed for small business offices that require network security functions usually found only in enterprise level firewall appliances. The ICSA certified GNAT Box System Software, assures full corporate level firewall security. Features include transparent NAT, stateful packet inspection, built-in IPSec VPN (optional on the GB-250 10 user version), DHCP and content filtering, all packed in a desktop internet security appliance.
17. Fortinet - Fortinet was founded in 2000 by the visionary founder and former president and CEO of NetScreen, Ken Xie. NetScreen was later sold to Juniper Networks for over 3.6 billion dollars. The company is privately held and headquartered in Sunnyvale, CA., with technical customer support, hardware development and sales facilities all over North America, Europe and Asia to guarantee continuous customer success. At the SoHo market Fortinet is one of the market leaders with their stable FortiGate series. In comparsion to the other firewalls here on this page the FortiGate 50A is the best choice. Fortinet offers also a wireless hardware firewall called FortiGate 60. Both are stable and come with the newsest technology. The FortiWiFi-60 system is an integrated wireless access security solution that provides complete real-time enterprise level network protection at the wireless access point. The FortiWiFi-60 provides secure mobile connectivity by combining a wireless access point with a complete suite of network security funtions including network-based antivirus, firewall, content filtering, VPN, intrusion detection and prevention, and traffic shaping. These features work together to ensure that wireless users enjoy worry free, high performance access without compromising the integrity of company networks.
18. Adtran - ADTRAN is networking and e-security company with a 16-year history of profitability located in Huntsville, USA. ADTRAN offers a wide range of security and networking products, especially for us, the NetVanta security appliance series. Our focus is set to the NetVenta 2050 box which is a cabled firewall box, supporting VPN connectivity. The ADTRAN NetVanta 2050 is a Small Office/Home Office VPN/Firewall gateway providing all the necessary components required to secure an integrated VPN solution. Used primarily for remote access, the NetVanta 2050 is a perfect for work-at-home telecommuters needing to have a secure connection back to corporate resources. Based on the ADTRAN Operating System (AOS), the NetVanta 2050 provide key security and data protection features such as IPSec VPN tunneling, stateful inspection firewall, IP routing, Network Address Translation (NAT), and even a DHCP server. If you need an additional four-port 10/100Base-T Ethernet switch you can choose the model ADTRAN 2054 which has the same features and perform the same functions like the 2050.
19. ZyXEL - ZyXEL founded 1989 by Dr. Shun-I Chu in Taiwan. ZyXEL is a major leader in leading broadband access solutions, but a special range of Internet Security Gateways has made their way into the SMB security market. This new generation of ZyXELL firewalls (ICSA Certified) are called ZyWALL. The ZyXEL ZyWALL UTM 70 comes with Unified Threat Management (UTM) and ICSA VPN functionality for unlimited users (up to 10,000 concurrent sessions and 100 simaltaneous IPSec VPN connections). ZyXEL use the newest Kaspersky anti virus engine and patterns, mailshell for mail filtering operations and mail security options and "Content Control" from BlueCoat as web application filter and content filter for their ZyWALL series. There are also smaller versions of ZyXEll's firewalls, the UTM 70 is the best choice for branch offices and smaller companies. For personal or home use I would prefer the ZyWALL 5 with an option to upgrade to UTM. Unified Threat Management (UTM) is an emerging trend in the network security appliance market. Always on the cutting edge, ZyXEL’s ZyWALL 5/35/70 UTM series is capable of outperforming the current ZyWALL 5/35/70 series by up to 20 times with just a ZyWALL Turbo Card. This new technology introduces a new all-in-one network security device that provides content filtering, anti-virus, anti-spam and intrusion detection services traditionally handled by multiple systems.
20. NETGEAR - NETGEAR founded 1996 as an internal part of Nortel Networks with the mission to serve the SOHO and home users market with powerful networking solutions. Today, NETGEAR is a major player in the SOHO computer technology market with an established brand and market leadership position. Famous for their wireless and wired router technology, NETGEAR comes more and more interesting for firewall hardware appliances, especially SOHO users could profit from their allround - all in one boxes. The NETGEAR ProSafe firewall series provides innovative networking technology combined with high-end VPN technology for small businesses and homes. Our focus is concentrated on the wired all-in-one talent the NETGEAR FR114P box - a SOHO VPN firewall with 4 Port and a 10/100 Switch and including a Print Server. This box has everything you want for maximum security coverage: True ICSA-certified Firewall using Stateful Packet Inspection and Intrusion Detection features, Denial of Service (DoS) attack protection and VPN pass-through. There is also a Kensington Lock slot on the unit to prevent theft. The FR114P supports DHCP (client and server) as well as PPPoE, PPTP and NAT and allows an easy deployment. The metal unit houses advanced, high-quality chip sets, and NETGEAR's tested and proven technology comes with a 3-year warranty. The administration interface is a web-based graphic user interface with user name and password protection. There is also an in-built smart wizard and auto detection system for basic parameter settings. You can control the FR114P via remote management, authenticated through IP address or IP address range, and password. NetBEUI is not supported. VPN is supported passively through IPSec, L2TP and PPTP pass-through functionality. This means a tunnel can be established through the firewall when used in conjunction with VPN client software.
Thanks for your attention.
The informations on this page will be continued. |