ICSA Labs Certified Router/Firewall

DasFox · Mar 10, 2006

No they are not, consumers don't use Corporation, Enterprise level server, firewall, switches etc.. that they test. You should try to ask yourself, then if this is what you believe then why do the majority of major companies out there use their certification?

The numbers don't lie, look I'm not here to defend them in anyway, I don't work for them, or have anything to do with them, or call myself some ICSA fanboy, or any such thing, but I have known the position they take and have known of them for the past 10 years.

Testing consumer products is one thing and testing enterprise level firewalls is another can of worms and a heck of a lot more intense and mission critical.

There would be no way possible that ICSA is considered the Standard in the industry for as long as they have been around if something wasn't working right considering what they are doing.

It doesn't take a high level of understanding what is going on here and that the majority of the Enterprise level of computing industry stands behind this as well.

All I can say is the years, and numbers and the amount of companies involved in this don't lie. This is not my interpretation, or opinion, go look and research the market.

For now I think I'll just give the Netgear FVS 114 a try, it's not expensive either:

http://www.netgear.com/products/details/FVS114.php
http://www.zipzoomfly.com/jsp/ProductDetail.jsp?ProductCode=251866

ALOHA

spidey07 · Mar 10, 2006

Ummm, it is not considered in the evaluation of firewalls.

ummm, hello?

but do have fun with that googling.

AMD rules dude!!!!!!!!!!!!!one!!!!!!!!!!!!

Sorry man, but when you site zipzoomfly and netgear as your insight into the industry your opinion on network security is not valued.

No offense of course.

Good luck with that googling though.

-edit-
holy crap, I just read your post again and I literally cannot stop laughing out loud. Mess with the bull you'll get the horns.

InlineFive · Mar 10, 2006

Originally posted by: DasFox
For now I think I'll just give the Netgear FVS 114 a try, it's not expensive either:

http://www.netgear.com/products/details/FVS114.php
http://www.zipzoomfly.com/jsp/ProductDetail.jsp?ProductCode=251866

ALOHA

All that kerfluffel and (ZOMG) a firewall without GameFuel? or, even worse, no ICSA Certification?

Wait, there is still VPNC Certification! :thumbsup:

It must be certified for deployment in strenous home environments. :shocked:

What with being able to protect against Land and Tear Drop attacks.

:sun:

(Sorry JackMDS, the situation called for meager homage.)

DasFox · Mar 10, 2006

spidey07, I never said anything about zipzoomfly and netgear as my insight into the industry. Not sure why you even thought I did, lol, this is yes, certainly no industry standard and my URL links and surfing had nothing to do with anything I said before to think this had anything to do with this, anyhow, like I said their years of serivce and the industry that stands behind them speaks for the value here.

Forgot to mention, been looking at the ZyWALL 2:

http://www.zyxel.com/product/model.php?...1=1085450410&indexFlagvalue=1021873683

This might be a pretty good one for the money.

Anyone have any insight, experience on the ZyWALL 2?

THANKS

InlineFive · Mar 10, 2006

I don't see why you need redundant WAN connections.

Go for the Netgear.

DasFox · Mar 10, 2006

Originally posted by: InlineFive
I don't see why you need redundant WAN connections.

Go for the Netgear.

What the ZyWALL 2 has redundant WAN? I didn't notice this.

ALOHA

InlineFive · Mar 10, 2006

Originally posted by: DasFox

Originally posted by: InlineFive
I don't see why you need redundant WAN connections.

Go for the Netgear.

Click to expand...

What the ZyWALL 2 has redundant WAN? I didn't notice this.

ALOHA

Well it has Dialup or ISDN failover, which isn't worth it IMHO.

I would much rather have the eight VPN clients with AES encryption.

DasFox · Mar 10, 2006

Ok I noticed this, yeah I'll pass, in the meantime I ran across TRENDnet, can't say I know much about them. Man they even come with a 5 year warranty, hehe

http://www.trendnet.com/en/products/f_routers-vpn.htm?tree=Routers

THANKS

DasFox · Mar 10, 2006

Ok here is a run down on some that where mentioned before and some new ones, I think I'll end up with one of these but still not sure.

3Com OfficeConnect Secure Router, 3CR860-95:
http://www.3com.com/products/en_US/deta...atures&pathtype=purchase&sku=3CR860-95

Firebox SOHO 6: (Soon To Be Discontinued)
http://www.watchguard.com/products/fireboxsoho6.asp

Netgear Model FR114P: (Discontinued)
http://www.netgear.com/products/details/FR114P.php

Netgear FVS114:
http://www.netgear.com/products/details/FVS114.php

TrendNet:
http://www.trendnet.com/en/products/f_routers-vpn.htm?tree=Routers

StoneGate SG-200: (Have Not Checked Price, Might be Outrageous)
http://www.stonesoft.com/products/Appliances/SG-200/

USRobotics USR8200:
http://www.usr.com/products/networking/networking-product.asp?sku=USR8200

Hotbrick 401 VPN:
http://www.hotbrick.com/produto.asp?tipo=2&codPro=42

Can anyone share thoughts on these boxes, experiences, etc..

Anyone have any other nice Home router/firewalls to add to the list to check out, please do so.

THANKS

stash · Mar 10, 2006

consumers don't use Corporation, Enterprise level server, firewall, switches etc.. that they test

So why do you want to? You are a consumer who wants, in your words, to protect a few boxes at home. Why do you need an 'enterprise' level firewall?

If you're doing it for educational purposes, you would learn a lot more by building a linux box or something.

bluestrobe · Mar 10, 2006

Originally posted by: DasFox

bluestrobe, by the way are you using that D-Link firewall, or any of them?

For Home use I think the D-Link DFL-200 would a bit more practical, but I really need a router/firewall, I don't notice that any of the wired D-Links are (SPI) either, just NAT it looks like.

THANKS

I have a friend who has setup several small business networks with those firewalls and has never had a complaint. One the same note he has replaced netgear and trendnet firewalls that have failed or were outmoded. I've never heard of a good comment on US Robotics, consumer or enterprise level.

As for the warranties, anything over 1-2 years is good on paper but hard to recover if the item goes bad. Also if you have problems at 3-4 years then its time to upgrade anyways and most companies will give you the "it died due to age or environmental reasons" which leaves you hanging anyways. Usually the warranty is the last thing I look at when I buy something. 14 days to see if it?s DOA and another year to see if there?s a defect is all I look for. By the time anything electronic of mine has gone bad is time it needed to be upgraded anyways.

nweaver · Mar 10, 2006

Don't listen to spidey, he is just a trolling amature network wannabe

spidey07 · Mar 10, 2006

Yeah, but I do like posting about how highly rated the sharper image ionic breeze is.

It is measured and tested to pass rigorous consumer reports standards. There is none better.

cmetz · Mar 10, 2006

ICSA in general is marketing fluff. There are some very smart people over there and there are some very dumb people over there. If you're a vendor, submitting your box for evaluation to one of the teams with smart people beating on your box might well help you find (and fix) more bugs, which is a good thing. But the ICSA approval does not necessarily mean anything about the product being any good. I can think of several ICSA certified firewall product lines that are permanently banned from all networks I have a say in.

blemoine · Mar 10, 2006

Dasfox: you need to check into a box that does Intrusion Prevention. here are a few security tips in no certain order.

1. Disbale DHCP and assign static ip addresses to all hosts on your lan

2. Disable all unused or unecessary services on all your workstations

3. Install updates on a regular basis

4. Don't install unecessary software

5. Perform your due diligence before purchasing software, hardware, or services

6. Remember to "Layer" your security

7. you should have a OS user account with user rights only and an Admin account to perform admin duties only. that means no web surfing with your admin account

8. have a virus scanner installed & keep it updated.

Boscoh · Mar 10, 2006

Look dude,

3com, watchgaurd, netgear, usrobo, trendnet, hotbrick...it's all crap man.

Just go down to CompUSA and get the $15 Belkin router special, pick up some tin foil at the grocery store and it's all good. Shoot, Belkin even got the Maximum PC "Kick Ass" award for their swag. Thats almost as good as the ICSA award.

DasFox · Mar 10, 2006

Thanks guys I know security and how to harden a box, etc.. I've been running Unix/Linux systems many years, but on my Windows boxes I want a nice small, home user SOHO, type of setup. Of course since this is only for a few boxes, yes I don't need a lot of bells and whistles, but even still at $100 for the ones with VPN, etc... etc... goodies, even though I'll never use these, the firewall side of quality is what I am most concerned with and it's hard to find SPI firewalls without some extra goodies, but who says this is a problem, because just about every box I listed is not expensive.

Some of the boxes I have listed above are not Enterprise level, most them are all SOHO. All I really want to find out the input, experience, etc... regarding these boxes if anyone knows about real in the field experience, life on these.

THANKS

DasFox · Mar 10, 2006

Boscoh as you put it "Look Dude"

I know all about router/firewalls and what the deal is, what I don't know, or have is just the experience with these models I've listed is all, or their performance.

There is nothing crap about a SPI, Stateful Packect firewall. Personally I don't appreciate the tin foil crap, belittling my intelligence. I did not do anything to you, or cut you down in anyway, or have I ever at anytime on this forum, so PLEASE if you have something worthwhile to say and share then please do so, otherwise please take the troll crap somewhere else.

bluestrobe yes I understand the thinking behind replacements. True something reaching upwards of 3 years, someone might want to be considering getting something newer, more up to date for protection.

But the thing I was going on about is a one year warranty can be sketchy, buying this product and say having it die in 13 months, which could happen, then having to dish out the money to buy it again, when 13 months is not that long to need replacement, that is all I meant.

THANKS

nweaver · Mar 10, 2006

if you have all that unix/linux experience, just build an iptables or ipfw box. The control and feature set far exceeds what those can do, and it can be done on a low power box easily.

FreshPrince · Mar 10, 2006

seriously...that new dlink securespot product looks really kick ass for consumer level type product....

I mean how many out there can say they have intrusion prevention engines, stop viruses, spam, spyware...etc.

I don't know about any of you, but I'm getting one as soon as it becomes available.

it'll just run inline, behind my main fw.

if you want a more enterprise level fw, but cheap...try sonicwall

DasFox · Mar 10, 2006

Originally posted by: nweaver
if you have all that unix/linux experience, just build an iptables or ipfw box. The control and feature set far exceeds what those can do, and it can be done on a low power box easily.

Yes I have the experience and have used ipchains/iptables in Slackware in the past. But I don't have another spare box to do this on, so therefore the need to just buy a router/firewall is all I'm seeking at the moment.

Yes the securespot, I will be curious to see a price on this, when are they going to be available?

THANKS

InlineFive · Mar 10, 2006

Originally posted by: FreshPrince
seriously...that new dlink securespot product looks really kick ass for consumer level type product....

I mean how many out there can say they have intrusion prevention engines, stop viruses, spam, spyware...etc.

I don't know about any of you, but I'm getting one as soon as it becomes available.

it'll just run inline, behind my main fw.

if you want a more enterprise level fw, but cheap...try sonicwall

Once again I'll state that for home usage my Astaro box easily outpaces our Sonicwall at work.

DasFox · Mar 10, 2006

InlineFive you keep going on about the Astaro, I appreciate the input, but I don't have a spare box and I don't care to build one for a firewall, so can you please stop gong on about it already.

THANKS

DasFox · Mar 11, 2006

A couple more to add:

Linksys RT042
http://www.linksys.com/servlet/Satellit...name=Linksys%2FCommon%2FVisitorWrapper

Linksys RV042
http://www.linksys.com/servlet/Satellit...name=Linksys%2FCommon%2FVisitorWrapper

THANKS

P.S. I'm still looking.

Boscoh · Mar 12, 2006

The Linksys RT/RV042 is the only one out of any firewalls you've posted that I'd even consider purchasing. The netgear comes close to getting a consideration, but all the other brands/models are not reliable and/or not easy to use.

ICSA Labs Certified Router/Firewall

Diamond Member

No Lifer

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Platinum Member

Diamond Member

No Lifer

Platinum Member

Senior member

Senior member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Diamond Member

Senior member