Alex -- i recently purchased a WAP from linksys (Model# BEFW11S4) and have been quite happy with its performance. configurability, however, is not so snazzy. i want to be able to block ALL MAC addresses except my one wireless card. it does NOT offer this feature. you can only put a MAC in a "blocked list" once it has already shown up on your network. this is my main complaint with this product. you can find more info at: <http://www.linksys.com/Products/product.asp?grid=23&prid=173>
beyond that, it has easy HTTP setup, offers a DMZ option for one host, and can do a "fair amount" of packet filtering. i like the 4-port hub built-in (not to mention the freedom of wireless). it offers 40/56bit and 128bit encryption, however, i could not get either to work with an apple airport card. so, basically i just turn off 802.11b when i am not using it. i can attest to the stability of this unit as it has not faltered in over two months of service. regarding your comments about stateful firewalling and the like, i would advise one not to rely on such flimsy measures (well, if security is a primary concern) in these consumer grade devices. if you need real security, i would instead recommend that you pass your traffic thru a more robust and customizable firewall (ipfilter, checkpoint, nokia, it all depends on $$$ available), segment your WAP on an internal leg of the network where it will not be left to public scrutiny. we've already heard enough about how all WAP WEP (40bit, 128bit, you name it) is weak and fallible. so, you are better off securing your infrastructure instead of relying on a consumer WAP device. it all depends on how secure your environment needs to be, however. looks like that SMC unit you found is a good one. now i'm wishing i had one that would block all MACs out of the box. best of luck with your research! (more net/sec links at URL below) dave m. http://www.ibiblio.org/matusiak/bkmrk.html On Thu, 23 May 2002, Filacchione, Alex (ISSAtlanta) wrote: > I am looking for a combo DSL gateway (IF w/ DSL router), Firewall, 802.11b > access point, w/ 10/100 ports. > > Most of the reviews that I have read only slightly talk about the > firewalling features of these devices. > > The ones that I have looked at that look promising so far are: > > D-Link 713P and 714 > SMC Barricade (802.11 version) > > and a couple of others. In the street price range of $200 or less (the > D-Link you can get for around $100, and the SMC is only a little more) > > Has anyone really looked into these devices and their firewall features? In > your experience, which has the best firewalling features in this price > range? > > Some have stateful packet filtering, some don't. Some offer a DMZ function > (that I will never use), and some don't. Some offer port forwarding, some > don't. Some can control access based on MAC addr, some can't. Some are > managed via SNMP, some are http. All that I have looked at offer 40 & > 128-bit WEP. etc., etc., etc. > > I am not only looking for the best features, but the configurability of them > as well. Having dealt with firewalls and routers a lot in the past I really > don't care if the management interface is "pretty". But I do want it to be > functional and highly configurable, even if it is only with a command line > or something. > > Right now, judging by what I have read about the features I am leaning > towards the SMC as it has MAC based filtering, stateful inspection, port > forwarding, virtual ports, etc., etc. > > Any insight, advice, experience, etc. would be greatly appreciated! > > Thanks, > > Alex F > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > For Account Management (unsubscribe, get/change password, etc) Please go to: > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
