Jump to content

Hardware firewall recommendations?


dimitrifrom31

Recommended Posts

Is the traffic throughput total traffic or the traffic you can allow (vs traffic blocked)?

 

Can sound like idiot question but never used hw fw before so im wondering as it's not clear enough and as I will get 1Gbps bw Im not sure if I really need a 1Gbps throughput fw as they are horribly expensive.

Link to comment
Share on other sites

i would recommend the firebox 750e, its really easy to configure, perfect for gaming.

 

http://www.watchguard.com/products/core-e/overview.asp

 

and they are a good price.

 

highly recommend.

 

the product is discontinued but I can probably purchase second hand one. Looks interesting but their support program is a bit confusiing, do you pay a monthly fee and if yes how much to get access to updates etc?

Link to comment
Share on other sites

i got mine from ebay, i knew someone from the datacenter who had one, was really easy to setup and configure. think i paid ?150. really good, you need to keep the same ip gateway for it to work or it can get a bit complicated though.

 

i dont pay any monthly fee.

Link to comment
Share on other sites

i got mine from ebay, i knew someone from the datacenter who had one, was really easy to setup and configure. think i paid ?150. really good, you need to keep the same ip gateway for it to work or it can get a bit complicated though.

 

i dont pay any monthly fee.

 

Funny, I actually bought one yesterday... on ebay.. and for $149 :)

Was so cheap compared to other fw with a 1Gbps+ throughput that I did not hesitate much.

 

What do you mean exactly by "keep the same ip gateway", I'm not sure to get it, you mean by network default gateway?

 

Good that you can get it to run without subscribing then.

 

thanks for your recommendation!

Link to comment
Share on other sites

there is loads online, you need to find out what version of firmware you have to get the manager

 

http://www.watchguard.com/help/docs/v72FireboxXEdgeUserGuide.pdf

 

thats the docs

 

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Finstallation%2Fmgmt_station_setup_wsm.html|StartTopic=Content%2Fen-US%2Finstallation%2Fmgmt_station_setup_wsm.html|SkinName=WSM%20%28en-US%29

 

you will need to register, its all free, then download the correct manager for your firmware.

 

https://www.watchguard.com/archive/softwarecenter.asp

 

one you have the manager connected its very easy to configure,

Link to comment
Share on other sites

  • 4 weeks later...
  • 4 weeks later...

The firewall is now up and running, 8 servers are behind it and im preparing them as remote servers however im only having issues.

 

I tried different combo to figure out the only one that was "working" was to put the local IP as the server IP and the public IP as the "hardware firewall ip" in the TCA server config.

 

It seems to work fine but whenever I create a server im receiving a tca email plugin 403 error. Apparently TCA is receiving packets from the firewall IP which is not "white listed" since I did not add it into the servers configurations (if doing so then no remote is working...)

 

Now if I use the resend email tool it works fine and the email goes through...

 

 

How is your setup with the firebox if you do't mind?

 

 

Here is mine at the moment:

 

remote 001: Local IP = 192.168.5.10

remote 002: Local IP = 192.168.5.11

remote 003: Local IP = 192.168.5.12

remote 004: Local IP = 192.168.5.13

remote 005: Local IP = 192.168.5.14

remote 006: Local IP = 192.168.5.15

remote 007: Local IP = 192.168.5.16

remote 008: Local IP = 192.168.5.17

=>each remote monitor only has a local IP assigned (no public IP as this is handled by firewall).

 

Firewall: local IP = 192.168.5.1 Public IP = 87.X.X.2

 

Firewall is routing traffis as follows:

Public IP Local IP

87.X.X.20 => 192.168.5.10

87.X.X.21 => 192.168.5.11

87.X.X.22 => 192.168.5.12

87.X.X.23 => 192.168.5.13

87.X.X.24 => 192.168.5.14

87.X.X.25 => 192.168.5.15

87.X.X.26 => 192.168.5.16

87.X.X.27 => 192.168.5.17

 

and in the remote 001 TCA configuration I got:

monitor IP = 192.168.5.10

HW Firewall IP = 87.X.X.2

 

 

Another cons with a setup including a firewall:

- you have to use local IP's in game servers configurations which can be confusing for customers.

- you have to add the public IP in the TCA servers > Configure IP's else they will be displayed with their local IP to customers on control panel.

- You also have to edit welcome emails so it uses %iphostname% instead of %serverip%

Link to comment
Share on other sites

ahh you will need to allow the ports, what i did, i just open all ports, i cant rember the range off hand it was like 1 - 80000 somthing silly like that. and that will allow the rdp, or open the rdp port, i had issues before my firewall with empty packets and ddos's so thats all i use the firewall for, and then i just use a software firewall for the ports.

Link to comment
Share on other sites

YOu mean DHCP?

 

Well I allwoed all the traffic to go through then I have set Address translation so Im using local Ip's on machine/game servers and Firewall is routing the traffic from the global to the local IP.

 

Was a bit of a pain to figure out a proper setup for TCAdmin but once you got it that's fine.

 

One pro being that I can easily change/switch Ip's without reconfiguring the game servers themselves, only need to change the firewall rule.

Link to comment
Share on other sites

No I mean NAT.

 

There are four types of NAT:

1. Dynamic NAT

- Pool of public IP addresses mapped while external connections are being made

EX: 173.1.1.2 is mapped for the moment to 192.168.1.3

2. Static NAT

- 1 Global Ip per local ip

EX: 173.1.1.2 is mapped specifically and always to 192.168.1.5

3. NAT Overload

- 1 or more (Usually one) Global/Public IP to represent the entire network through dynamic UDP/TCP Ip & port Mappings

EX: 173.1.1.2, TCP port 852 is mapped for the moment to 192.168.1.54, TCP 623

4. NATPT

This is not important for this case as it deals with translating ipv6 and ipv4 addresses and ports

 

NAT was originially created to reduce the demand of IPv4 addresses

 

You can setup DHCP to lease public addresses to the equipment/servers in your network that are in your assigned block (The range of public ipv4 addresses assigned to you). This will fix your problem with local addresses.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Who's Online   0 Members, 0 Anonymous, 11 Guests (See full list)

    • There are no registered users currently online
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use