Cheap hardware firewall

By bobbys9
Mar 31, 2006
  1. I am looking for a cheap hardware device to act as a firewall that will prevent Internet access unless it is to the address of my proxy server. I was looking at a Netgear RP614 as a possible solution. Here is the scenario I am working with: I have 27 locations with 25 computers at each. They are for Internet only (a workgroup with addresses supplied by DHCP through a router) and the ISP is cable with a separate connection in each location. The cable company owns the router that is in each location, but we are not able to modify it. We have set up a caching proxy server on an outside address that these clients use for Internet filtering. Problem is that our users are changing the IE settings to not use the proxy. I am looking for a hardware solution that I can put between the switch that we own and their their router that will do only one thing--block all Internet unless they use our proxy address. Other than that I want it to be transparent, letting their router continue to provide natting and DHCP. Does anyone have any ideas? Thanks.
  2. Samstoned

    Samstoned TechSpot Paladin Posts: 1,018

    give the routers back to the cable co.
    install you own router and password protect it
    now here is where it may get tricky
    you will need some way for the client not access the modem as all the have to do is disconnect from router and connect right to the modem
    if there machine is setup that they are not admin it may be possiable to set there nic up with static and they may not be able to access the modem at this point or reconfig the nic card no permissions
    on another note I don't understand , if you are renting a router that you don't have control over it,
    or do you mean modem and you do have access to the modem default is
  3. Nodsu

    Nodsu TS Rookie Posts: 5,837   +6

    I'm not sure if I understand this correctly, but 27 locations and 25 machines each make some 700 clients? Something Cheap will definitely make your network Something Slow. You need something pretty good to cope with that traffic. Mind you, you may get away with something as simple as replacing your existing switch with a Layer-3 switch (and configuring that beast).
  4. bobbys9

    bobbys9 TS Rookie Topic Starter

    Thanks for the info. Can't dump the ISP routers, though. Also someone else suggested a using a switch that would support vlan, but I don't think that gives me what I want. The path to the Internet is through the ISP router; I just want the destination for the access to be my proxy server. I used a PIX firewall to control this in the past, and since I onlywant this one function, maybe an inexpensive product is available. Note that each of the 27 locations is its own workgroup with its own ISP connection. I only supply the computers and the switches for the 25 connections. So I am still in the hunt. Thanks.
  5. Samstoned

    Samstoned TechSpot Paladin Posts: 1,018

    are you telling us that you are not allowed to make a new password in the router
    I don't believe it why would they do that to you
    with the money you are spending with them thats just plan ridiculous
    the only solution I can think of is add another router that you control
    or as you said a 3 layer switch that may cost more than the router
    put them in a lock box your done

    after thought ,why do you give them admin rights to the machines
  6. tdeg

    tdeg TS Rookie Posts: 119

    You only have one proxy server right? (not one at each location?)

    A VPN solution would probably give you the best control. Something as simple as a Linksys BEFVP41 will allow you to block all IPs from accessing internet. You can then set up a VPN to your central network where your proxy server is and all internet access will have to go through it. The BEFVP41 will allow for password protection and remote admin, though if your remote offices are savey they can just reset the router and access the internet (but you can give them hell for that later).

    The endpoints at the central location might be able to be run through another BEFVP41. This will be rather a large saturation at the central location though as all internet traffic will go both in an out at that point.

    If you have file and print servers at each location you could possibly use them as a proxy...

    But maybe someone else has better ideas as I've never had to set up something with that many locations.
  7. bobbys9

    bobbys9 TS Rookie Topic Starter

    Found the solution

    We have purchased a wireless Airspot G Public/Private Gateway and my boss has been playing with this. He has found a way to block access if not directed to our proxy server. While I still think it could be accomplished with a wired gateway, we will be going wireless down the road. Not sure how he set it up yet. Thanks for the posts on this issue.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...