[lug] Small Firewall with Excellent Logging
renewby at gmail.com
Tue Mar 24 23:32:38 MDT 2015
+1 to Glenn, a (somewhat) similar thread to one on the blug mailing list.
SSG 5s are solid router/firewalls, although the OS (ScreenOS) is at end of
life, replaced by JunOS. Not a show stopper for home/small business though
as the units are fairly affordable. If you're looking for an appliance,
check out Meraki. Meraki has a great deal of layer 7 reporting so you can
get granular detail on not only bandwidth, but which applications are
On Tue, Mar 24, 2015 at 11:08 PM, Glenn English <ghe at slsware.net> wrote:
> On Mar 24, 2015, at 10:17 PM, Maxwell Spangler <
> maxlists at maxwellspangler.com> wrote:
> > In the past I've used a variety of consumer grade firewalls to protect
> small office networks from internet attackers. Linksys WRT units with
> DD-WRT is a favorite.
> > However, I feel like these solutions are often ideal for just that:
> acting as a defense against incoming attackers.
> > I'd like to find a small footprint, low power, high quality, trustworthy
> firewall that would allow me to do the same but provide more logging
> capability to see what's going out and then let me control it. Ideally,
> this would be block everything and allow me to easily identify whats going
> out and selectively enable it.
> Look into a Juniper SSG-5 -- it's quite small, very high quality,
> inexpensive for Juniper, available at Amazon, and logs like crazy if you
> ask it to. Its Ethernet is only 100Mb, but that's plenty for 'most any
> Internet connection you'll find in a small office. I think it's available
> with or without WiFi.
> I suspect, though, that it's configuration is significantly more
> complicated than you find on consumer boxen. It's for sure more complex
> than the Netgear I used to have (it does have a web-based GUI that works
> well once you learn what it's talking about). I get email once or twice a
> day from the one I installed a few years ago down in Texas, telling me
> about hackers and such.
> OTOH, I managed to get it going shortly after a serious brain injury, so
> maybe it's not as complex as I remember...
> Glenn English
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
email:renewby at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the LUG