• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Firewall.

M

mendy

n00b
Joined
Feb 17, 2012
Messages
4
hi guys,

I'm in need of some help, I am looking for a firewall. I have a budget of $100 a year. The main features I'm looking for is:

1. web filtering. (general categories, like gambling, porn, etc. and only for certain users.)
2. logging (to see who has visited what sites)
3. time control (for certain users certain sites)

I have a few things on my mind, such as,

Fortinet
Pfsense
untangle
sonic wall
ClearOS

so, what do you think will do the best?

thanks,
mendy.
 
I will just chime in and say Sonicwall will be out of your budget because their licensing is really goofy. You would end up renewing each individual service once per year.

Most likely people here will recommend something along the lines of a PFSense box and using OpenDNS.
 
It depends a lot on your environment and initial budget too.

1. How much are you willing to spend upfront for hardware/licenses? Will you be willing to purchase or rollout your own hardware for software such as Untangle/ClearOS/pfSense?

2. How many users will be behind the firewall?

3. Are there any chances that you network usage and service requirements will change significantly over the next three, six or twelve months? (Such as a new need for VPN, QoS, et cetera)

4. What kind of environment are you in? Non-profit/SMB/Educational? These may affect your budget/expenses depending on the system you go with (For Fortinet/Untangle/Sonicwall).


Untangle can do the web filtering and logging through the reports/web-filter application. The web application is paid if I recall correctly (and it's closer to the range of $270 a year for 10 users).

pfSense can probably do this with alot of tweaking - there's a great starter article here: http://www.smallnetbuilder.com/security/security-howto/31433-build-your-own-utm-with-pfsense-part-1
 
Thanks for all the help,

There will be 5-10 users behind the firewall. I'm willing to put $100 on hardware. or I could use a dedicated machine. I have like 2-3 old PCs. (like Pentium 4, 2.4 GHZ). regarding my environment, it will be used for a home network. $100 a year + a little hardware if needed.

also, how good is the untangle web filtering [LITE?

Thanks once again,
Mendy
 
Mendy,

I can't speak for the web-filter lite as I personally don't use it. But Untangle does a pretty good job so far for the anti-phishing, anti-spyware and adblocking app.

If you have the time and since it's for a home environment - download it and give it a try on an old PC! :D There are a lot of help materials via Untangle's website and wiki. And the only purchase you may have to make is for a second network interface card.

For a 2.4GHz system with adequate RAM (probably about 2~4GB) you should be fine depending on your traffic. Your boot times may be a little slow depending on your hardware configuration but that should be it.
 
I use the web filter lite- works just fine for me, Ive never had any issues with it.

I used a 2.4ghz P4 box with 2 gb of ram and an 80gb IDE drive for the last 5-6 months, worked fine, had no issues running my 35meg cable, but as stated above it did take a while to boot about 10-15 minutes.
tho that isnt a huge issue, because you shouldnt reboot it too often (I normally did once a month at midnight just for good measure.)

i recommend using all lite features on untangle, theres some luxury things that will cost for licensing, but as a simple firewall I have never needed any of them.
 
I myself like ipFire. It is a free firewall, does all that you want there.

http://www.ipfire.org/

There is a lot more that it can do that I don't use, but it does do a good amount of stuff.

Filtering is through Squid.

Comes setup for 4 different zones, red (internet connection), green (your internal network), blue (wireless network) and orange (dmz).
 
To OP: You keep saying user, do you want to do logging/blocking per user? Do you need to integrate with active directory or windows credentials somehow? or is blocking based upon PC IP address good enough?
 
thanks for the support guys.

I think I'll stick with untangle lite for now. do you guys know if I can buy policy manager and use it will lite things? (as asked before) and what's the difference between policy manager and captive portal (included in the lite things)

thanks,
mendy.

edit: if I'm right, can't I use captive portal to allow certain users to access sites that are blocked for others. (for example Facebook is blocked for most people but for the manager its unblocked) and they would have to log into their account to have their own "access"?

thanks,
mendy.
 
Last edited:
You must log in or register to reply here.
Back
Top