Firewall Switch for Home Network

[GamingDaemon]

Hi Everyone.

I am building a house and have bought a full structured wiring package that will be instaleld a few weeks when they frame out the house. The guy I am working with is quite knowledgeable, and will do everything I wanted. I jsut need to provide him with a cable modem and firewall. So, I am looking for a networking appliance that will be used to provide firewall protection between the cable modem and my home network, and will also provide all of the switching I will need.

Do I need a firewall device with an equal number of ports for each room that will be wired? If so, do you know of any firewall/switches that has more than 4 or 8 ports?

And if so, is the firewall device good enough? Do they make gigbait firewall switches yet?

TIA

 

[harrkev]

They do make gigabit routers, but that is only gigabit on the back end, not to the modem. And those are limited to four wired ports. It seems to me that if you are looking at home-grade stuff, you could use any router that you have lying around, and hook that up to a large switch of your choice. You can get 16 ports for well under $100. Gigabit will cost at least $150.

On the other hand, commercial-grade stuff is available, but do you really NEED to be spending that type of money? What do you hope to get out of it that a $20 Linksys router paired with a wide switch cannot do?

Some hints:

1) Do not buy more than you need. 100 Mbps is probably good enough for now for most people. If you want to go gigabit it will cost less in two years if you can wait.

2) If you spend very little now, you will not feel too bad about upgrading your stuff in the future. It is easier to throw out something that you paid $50 for than something that you paid $250 for.

3) Once the wiring is in, changing routers/switches is very easy.

 

[Woodie]

My thoughts...
Have him wire everything to a patch panel in whatever room/closet you pick. Also wire in phone/cable to the same room (commonly referred to as a "demarc"). You'll need power there as well. Now, you can add in whatever cable-modem, switches, firewalls, etc...you want, and just patch in those rooms that are actually in use.

For switching hardware, get seperate devices:
firewall/router--to control ingress/egress to the network. Typically 1-5 ports, connects to the cable-modem on the WAN side, and to the switch on a LAN port. 10/100 typically.
Switch -- to provide internal LAN capability. Can be 10/100 or gig if you prefer. Available in 4 to 48 port capacities. This connects all the devices on the LAN to each other, and then has one connection up to the router (for external access).

Either piece can be replaced/upgraded independantly of the other.

If you want, you can have the phone lines run on lan cable as well, and have those jacks terminated in the patch panel as well.

 

[GamingDaemon]

harrkev and Woodie,

Good comments! Thank you.

I think I understand now, but let me reiterate what you both are saying just to be sure. The wiring guy will have a networking closet (he showed me one in his office) that has all of the phone, cable TV and networking integrated. I guess my mistake was in thinking I would need a switch that would be responsible for wiring each jack in the house. But what I am hearing is that this is really his job.

I just need to provide him with a cable modem and a firewall device with at least one or two 100Mbps ports that lead to his switch appliance which he then wires up to each jack in the house. Is that right?

Here is a link to his web page with a picutre of the networking closet on the bottom.

Therefore I could just buy something like this, correct?

 

[harrkev]

What you have to provide your wiring guy is between you and him. I was not there when you signed the contract. Look over the paperwork that you signed. It is possible that he provides the switch, or maybe you have to provide it. Who knows.

I do know that it will be more expensive if he does it. Home networking, to me, is broken up into two categores: jobs I want to do, and jobs that I don't want to do. The jobs that I don't want to do involve crawling in attic and cutting holes in walls. But I would happily plug cables from a switch to a wall jack.

On the other hand, if you are the type of guy to buy network cable from Best Buy, you had better let your wiring guy do it. A cable that costs $20 at the local computer/office superstore will only cost about $2.00 to make from a giant spool of wire and a bag of connectors. By having cables custom-made, they can be just the right length to look neat.

But you have the right idea. Your basic network should look like this:

Modem
|
|
Router
|
|
Switch
| | |
| | |
One wire to every wall jack

Note that is also a nice idea if your closet is in an air-conditioned area that you have the option of possibly providing some ventialtion. One day you may want to stick a file server in the closet. Not a big deal, but it might be nice.

 

[GamingDaemon]

I'm with you...a big NO to crawling around in the attic and cutting holes in walls...a big YES to getting the best cables and appliances to make my network safe and secure.

Based on what I discussed with him over the weekend (I am building this house from two states away so I flew in over the weekend to meet with him), I will need to provide the cable modem, firewall and switch. I'm just hoping the network closet is big enough to fit all of those appliances.

I like your idea about the server to...somehting to think about since right now my house is just a foundation...better to plan now then decide after it is all built.

 

[Woodie]

Quoting, and adding
Modem
|
|
Router
|
|
Switch
| | |
| | |
Patch Panel
| | | | | | |
One wire to every wall jack

Note that not every wall jack is necessarily connected to the switch...that depends on how many devices you have plugged in, and how many jacks are for future use, when the furniture is arrange in a different way. (Think of them like outlets..you put in extras on different walls so you don't have cable running across the floor everywhere.)
The panel is what your vendor is showing in his (fuzzy) pictures. I wouldn't buy the router/switch from him. Just have him provide space, outlets, shelves and ventilation in the closet. Then you can plug in your modem, router, switch yourself. I see he already wires the phone system w/ cat5 (so he only buys one type of cable!).

He does NOT need a switch or a modem to do the wiring...all you have to do is tell him where you want the panel installed (the wiring closet) and where you want "drops" installed in the various rooms.

This is all subject to your contract w/ him. Point is that you shouldn't have to run out and buy something today, just to keep him moving forward.

 

[GamingDaemon]

Originally posted by: Woodie
Point is that you shouldn't have to run out and buy something today, just to keep him moving forward.

Oh definitely not. He specifically said I need to supply him with the cable modem, firewall and switch. I'm just not sure if it will all fit in the closet he provides. I already own my own Motoral Surfbaord cable modem and a Netgear firewall router with an 8 port switch. But based on what we mapped out for the house, I will need more than the 8 ports of the switch. That means I will have to buy a separate switch appliance, and I am worried it won't all fit in there.

Also, my firewall does not provide a wireless access point, so I am considering buying a new firewall appliance that provides 108Mbps WiFi.

Do you guys recommend a specifc brand of firewall (Netgear, D-Link, SonicWall, etc.)

 

[Woodie]

If you want 108 wireless, you're going to have to match up the router and the cards. Kind of a pain, since laptops mostly come w/ embedded now. Embedded cards seem to have much better antennas than PCCard.

Commercial (Industry standard) networking equipment comes 19" wide to mount in rack. Can you specify the size of the closet? or the shelving?
How many ports do you anticipate? Keep in mind that you can have multiple switches, so you can stack a few consumer-grade 8-port switches and still take up less space than 24-port Cisco.

 

[GamingDaemon]

Most of thedevices I have seen support lower speeds, so my laptop will be fine. This way, I will be supported when I buy a new laptop witha faster wireless card.

Right now, the count for ports is about 10, but that may increase. I like the idea of stacking. They are held in the closet with simple tie-wraps. Will their close proximity generate too much heat?

 

[Woodie]

Originally posted by: GamingDaemon
Will their close proximity generate too much heat?

I don't think so. Would depend on the model. If they're designed to stack, that would imply that heat won't be an issue.

The other option would be to mount them to the wall. Mine came w/ screw mounts, so it could be attached to the wall flat. (consumer, 4 port)

This is the one I have...Look at the picture of the "bottom"...note the two screw mounting holes.
Link to Dlink 624 Pictures page
Click on "Product Images", then "Bottom View".

 

[GamingDaemon]

Ok, does the D-Link provide enough firewall protection? Does it provide SPI? Do I need SPI? Or do I need something more expensive like SonicWall or FireBrick?

 

[Woodie]

How much is "enough"?

Depends on personal taste. I'm comfortable with that level, w/o software firewalls, w/ current A/V, w/ MS AutoUpdate.

75% of my users are non-admins, I use a windows (AD) domain for all IDs, and no-one surfs pron/warez. No Outlook!
YMMV.