Welcome to The UltraTech Zone Sign in | Join | Help

Talking Out Loud with ASB

Views on Life, Technology and Everything, by ASB (aka Logik!)...

My Profile

Andrew S. Baker (ASB)

News

  • Platform: CS v2.1 SP2...

    Get a FREE phishing filter for your domain!

    Who links to my website?

    Pando Pro

Passing the Firewall Torch

imageI’ve had a Netscreen firewall handling my internet connection at home for almost a full decade now.  I first got my hands on a Netscreen 5 back in Feb of 2001, and it was amazing that you could get that much flexibility in such a tiny device for a reasonable price.  I quickly setup all sorts of rules and filtering that was light years ahead of anything that you could attempt with the broadband routers of the time.  At the time, Netscreen was a little known organization that was trying to compete with the likes of Checkpoint and Cisco.

In mid-2002, as a bonus for several well-executed projects, I was able to procure Netscreen 5XT firewalls for my IT Operations team.  The 5XT was even faster than the Netscreen-5, and it supported robust QoS as well as easy IPSec VPN connectivity.  It was  a breeze to setup tunnels with friends, colleagues and clients.

Time passed…

For the past 2 years, I have had FiOS connectivity at home.  This is where the problems began for my poor NS-5XT.  Over the years, I have accumulated many internet capable devices:  Servers, Desktops, Laptops, Android Phone, Wireless Media Players, Wii Game System, and even an iPod Touch.   The NS-5XT was purchased with the 10-user license, since this was 60% of the cost of the unlimited license.  At the time, that was no problem, but 7+ years later, that started to be a limit for me.

The relatively easy solution for this problem was to install a Proxy server, and configure the servers to use it for their internet access.  (For a time, I had all the desktops using it via Group Policy, but that’s a tale for another time…)

The second problem was a little trickier, however.  The WAN port on my NS-5XT was only 10Mbit/s.   While I was using cable and DSL connectivity for Internet access, this was no issue, because those connections were all in the 2-6Mbit/sec range.   My FiOS connectivity, however, is a rather robust 25/5 (25 Mbit/sec DOWN and 5Mbit/sec UP).

Ouch!!

This has proven to be more frustrating than one would think for a home network.

So began my search for a replacement device that would give me all of the functionality that I had before, but be up to the task of my current bandwidth.  I looked at current Juniper Netscreen devices, and even at the Fortigate firewalls from Fortinet (my new favorite enterprise FW company).  The problem was cost.  I really didn’t feel like paying $200+ for a good firewall.

Enter DD-WRT.  Now, you can take an otherwise standard broadband router that has enough flash and operating memory, and turn it into a much better piece of equipment.  After a fair amount of research, I selected the Netgear WNR-3500L and turned it into a beast.

Some of the best features derived from the upgrade include:

  • Multiple SSIDs with their own security configuration
  • Support for SNMP and 802.1x authentication
  • Support for VPN (although only SSL, not IPSec)
  • QoS (although, not quite as straightforward as with the Netscreen)
  • Support for a NAS (not using today)
  • Extremely flexible routing, including the ability to route of WLAN off my LAN
  • VLAN support
  • Gigabit uplinks

imageNow, my uploads and downloads are positively screaming.  I’m routinely getting 25-30 Mbit/sec down, and 5-8 Mbit/sec up.  No more throttled download because of a functional and well-featured firewall that was getting long in the tooth.

Overall, I am very happy with my new firewall and its robust feature set by way of DD-WRT. And it only cost me US$80 plus a few hours to get all the configuration completed.


On a side note, Microsoft has completely revamped Windows Live Writer, and while I am very happy that they finally made it easier to change font styles and colors right from the tool bar (what took them so long?), they also made other Word-like changes that I’m not so sure about.

Share Post:
Posted: Sunday, October 31, 2010 10:00 PM by Logik!
Anonymous comments are disabled

About Logik!

Andrew S. Baker aka ASB aka Logik!

Andrew S. Baker is a business-savvy, hands-on IT leader with expertise in mentoring people, mitigating risk, and integrating technology to drive innovation and maximize business results. He creates competitive advantage for organizations through effective IT leadership: implementation of processes and controls, and architecture of robust business solutions.

Mr. Baker has successfully led a number of high-performance technology teams in designing, deploying and maintaining secure, cost-effective computing environments for well-known companies, including Warner Music Group, The Princeton Review, Bear Stearns, About.com, and Lewco Securities.

For over a decade, Andrew has exhibited thought leadership on technology and business topics via mailing lists, technical forums, blogs, and professional networking groups, along with contributions to podcasts, webinars, and over 20 technical/business magazine articles. He also serves on several boards and committees for non-profit organizations, and within the Seventh-day Adventist church.

His personal interests include Astronomy, Basketball, Bible Study, Chess, Comics, Computers, Family Life Ministries, Reading, Strategy/Role Playing games, and Professional Networking...

A summary of Andrew's current résumé is available here, and he can be reached on a variety of social and professional networks, including LinkedIn, Facebook and Twitter.