The Definitive "BEST FIREWALL" thread

[MxxCon]

i'm so sick of these threads poping up every single week. so here's the one and only thread you should need untill the end of your life. moderator can modify poll entries to update.

BEST FIREWALL

[iwod]

if this thread was to help those who choose firewall software. Then i suggest Outpost should be added to the poll.

nth said. I think i post about Outpost more than a year ago and rarelt anyone uses it. Now i see there is just so much more suppoter. Resources Efficent, and powerful. What more do you want?

[Spyder Veteran]

Poll results have begun to become dated. Opinions may have changed due to newer versions or other software. Therefore poll has been reset by request by Mxxcon.

*Outpost added.

[VazaGothic]

I like and I use Outpost 2.0 - small, fast, has additional components - like pop-up

blockers, etc

Here's a link to comparision of different firewalls, some of them have one flaws,

other have another ones, etc ..

http://www.firewallleaktester.fr.st/

But it's good to know what your current firewall is good (and bad) for :)

[VazaGothic]

PS

IMHO - only VERY brave people use XP built-in firewall, because this

firewall shouldn't be even called firewall at all. It sucks in almost everything.

In this situation saying that "No Protection is the Best Protection" is a right thing to do :)

[PseudoRandomDragon]

Yes, the XP firewall is inferior, but it is better than nothing. You should turn it off if you have a 3rd party firewall and/or some sort of hardware firewall (such as the ones routers have).

[Pink Floyd Veteran]

kerio 2.1.5 is the best

very small, no big memory usage and you can specific all ip and port seperatly..

really the best

[canadian397]

I'm gonna have to say the best Firewall I have ever used is honestly the firewall on my Dlink DI-604. It has stood up to many attacks (Don't ask, :whistle: ) It was already configured when I took it out of the box and right after I tested my internet security at Sarc.com and it was perfect! I have use ZoneAlarm Free Edition but I found it too annoying and Windows Firewall does nothing! Best thing about hardware routers is you don't get annoying messages telling you that a program wants to talk to the net. ARG! lol, jk

[Pink Floyd Veteran]

I use Outpost Firewall Pro 2.0.

like others said, it's the most secure software based firewall available right now, when propperly configured, that is.

Keeps all my ports stealthed and monitors progs as well as the *.dll's used by them.

On average it uses just 5mb of ram, which is the lowest ram consumption i've seen so far.

It has it's quirks too, though. One of the major ones is, that it's impossible to limit the logsize. If you use programs which create a lot of traffic, your log's size will increase to 500mb over the months running Outpost. Thats easily fixed by renaming op_data.dll to lets say op_data.dll.bak, which will prevent outpost from adding the monitored traffic to the log database.

Number two would be Sygate Firewall Pro 5.5.

Has it's probs with DNS. Tho DNS is allowed at its settings, at an auto reconnect to the net, resolving hostnames isnt possible any more all of a sudden.

This can be solved by manually creating a rule, which allows outbound connections from port 53.

Apart from that its just as good as Outpost besides one thing - it uses more ram.

Number 3 on my list is ZoneAlarm 4.5 Pro.

It's great for beginners. almost everything is preconfigured or very easy to set up.

Creating additional rules is a bit limited, but addons like the prevention personal data leakage thru html forms and cookies make up for it.

Popup blocking is a nice addon too, but Outpost does this as well, and ad blocking on top of that.

The major issue i had with this otherwise nice tool is, that over a few days of being connected to the net, creating a lot of traffic, Zone Pro started to screw up, consuming more and more ram (innitially 25mb already, adding all its processes together) and started to give me ping timeouts on irc, or disconnecting me from servers. my guess is, that the monitored data keeps piling up until Zone cant handle it any more.

Still an OK tool for people who want a firewall which doesnt leave them puzzled on how to use it.

-Lef

5 mb of ram is big...

thats because u have never tried kerio 2.1.5 yet!

[xxdesmus]

wow...this is only about the 4,000th thread like this, woohoo....anyways, zonealarm pro all the way.

[ht990332]

after setting up an ISA Server at work I have to say that ISA is probably the most secure (and complex!!) firewall out there. I used to to IPTables however ISA is the better option (however it costs bucks!!).

ISA is definitely the best ever, but if you want a personal firewall zonealarm pro is the best. I've tried Norton firewall 2003 and it did not stop people from hacking into my computer. However zonealarm pro seem to do an excellent job

[aldo]

NAT router does me fine - you are likley to be ignored by 99.99% of script kiddies aslong as you have netbios (135-139) and any other windows services ports closed...

[PseudoRandomDragon]

A router is really only good for most inbound threats. It cannot stop a trojan and I know people who can cut through routers like cheese. Of course, these people are really good. A router makes for a good script kiddie blocker and blocks just about all the scans caused by trojans.

[Jay]

Outpost Pro 2.0 is my choice. Powerful and easy to use. I also love the plugins that you can use with it. :happy:

[Spyder Veteran]

wow...this is only about the 4,000th thread like this, woohoo....anyways, zonealarm pro all the way.

actually if you note the date of the first post in this thread, this thread is quite old. all other threads like this get merged with this one.

[ToastGodSupreme]

Occassionally, I've had to stick myself in the DMZ for my server, and man, when I look at my firewall logs, it's just absolutely frightening. :o

I will NEVER use a broadband connection without being behind a router. Even if I go back to just having one machine. I mean, there's so much that a router just protects you from by default, why not spend the extra $40?

[krmathis]

iptables/netfilter is simply amazing!

It has protected my LAN for almost 2 years, without a single problem. :yes:

[blue baby boo]

been using kerio 2.1.5 which was great but its driver would crash every now and then .. which was annoying

tried outpost 2.x pro and working great.. and small mem usage

i would use my routers firewall but being dailup .. has no use to me :(

[evacsoul]

Switched to Norton from ZoneAlarm... then switched to Agnitum Outpost from Norton. Outpost works perfectly.

[inf|nity]

ZA Pro is D Best!

ZA Pro Rulezzzz! :yes:

[Lefhark]

For those who want to try out something new, how about Kerio 4.0.8?

Its as easy to configure as Zonealarm Pro but has more in depth options. For those who tried earlier Kerio 4.x.x releases, the annoying "crash after running Kerio 4 for 20 or more hrs, because of unreleased ports piling up" has been solved in this release.

You can get Kerio 4.0.8 from here:

Kerio PF 4.0.8

Think of it as Kerio 2.1.5 with a better GUI and more options (popup blocking and all other functions Zone has) ^_~

GUI:

-Lef

[mipra]

Can it pass through Messenger's Voice?

[akaladis Veteran]

i use Kerio Personal Firewall 2.1.5... tried 4.0.8 but i couldnt make my shared internet connection work...

[Spyder Veteran]

woohoo! i'm the only person who voted for the windows xp firewall :D serves my purposes just fine by keeping the bad things out.

[40420_1437839287]

I use hardware: Netgear Firewall/VPN router.

Blocks anything and everything by default, so you have to manually configure ports you want open etc.

Had no problems since I started using it. Logs are scary. Its amazing what people try to get from your network !!

Some of the features are:

Stateful Packet Inspection (SPI) to prevent Denial of Service (DoS) attacks (syn flood, ICMP flood, UDP flood, "ping of death", IP spoofing, land attack, tear drop attack, IP address sweep attack, Win Nuke attack). Intrusion Detection System (IDS) including logging, reporting and e-mail alerts, address service and protocol), Web URL content filtering.

SEight (8) dedicated BPN tunnels, Manual dey and IKE Security Association (SA) assignment, 56-bit (DES) or 168-bit (3DES) IPsec encryption algorithm, MD5 or SHA-1 authentication algorithm, pre-shared key, perfect forward secrecy (Diffie-Helman and Oakley client support), key life and IKE lifetime time settings, prevent replay attack, remote access VPN (client-to-site), site-to-site VPN, IPSec NAT traversal (VPN pass-through).

Network Address Translation (NAT), static routing, unrestricted users per port.

Static IP address assignment, internal DHCP server on LAN, DGCP client on WAN, PPPoE client support.

[PseudoRandomDragon]

All very nice..but does it have outbound protection?