Depends on the number of hosts. I would go with the Soho3 - ~$500 cheaper if you plan on staying below 50 hosts. The specs say the transfer speed is 75MB vs. 100MB(even though you realize the actual throughput is far less). And at best you are connecting this to a T1? Save your client the $500 and invest in an anti-virus solution - they'll need it.
BTW - you can block access to http proxies on the filter page. (without a subscription) It works pretty well, too - I enable it by default. Paul -----Original Message----- From: John Tolmachoff [mailto:[EMAIL PROTECTED]] Sent: Friday, December 20, 2002 5:41 PM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- Gaming Center Thanks. One of the other things that worries me is those d**b programs/websites that act like proxies allowing access to anything via outgoing port 80. Also, a Pro100 appears to be sufficient for this, or should I recommend a Pro200 only? (Or is even a SOHO3/50 OK?) John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > Behalf Of Arnold, Paul > Sent: Friday, December 20, 2002 2:12 PM > To: [EMAIL PROTECTED] > Subject: RE: [SonicWALL]- Gaming Center > > Your best bet is to block all traffic and then build a small "allow" > list. This will perform MOST of what you are trying to accomplish. > Start with ALLOW 80 LAN WAN and go from there. > > If you start with the SonicWALL default config, for example, you will > be blocking > ports all day long as kids figure out that they can ftp on port 1234, telnet on port > 9876, IRC on port 9999, etc. > > Block them all, and start to build a small access list. > Here is an abbreviated on I built on: > Action Service Source Dest > Allow Web (HTTP) LAN * > Allow Name Service (DNS) LAN * > Allow Kerberos LAN * > Allow RTSP-Quicktime LAN * > Allow WindowsMediaPlayer LAN * > Allow RealAudio LAN * > Allow Ping LAN * > Allow whois LAN * > Allow HTTPS LAN * > Deny Default LAN * > > Then you build on this access lists for your mail server, ftp server, > etc. Clients by default cannot smtp, ssh, telnet, ftp, Pop3, etc. "Do > that crap at home, > not on my LAN." > One of the only thing you have to worry about is those apps "smart" > enough to > adapt to find open ports (like messenger). > In that case go to Google, search for "block messenger firewall" and > apply the > theory that you think will suit you. > (I have the benefit of employing an IDS system that has signatures for messenger > clients. It emails me, and I lart the luser.) > > HTH > Paul > > -----Original Message----- > From: John Tolmachoff [mailto:[EMAIL PROTECTED]] > Sent: Friday, December 20, 2002 4:03 PM > To: [EMAIL PROTECTED] > Subject: [SonicWALL]- Gaming Center > > > One of our "clients" is now a computer gaming center. (I am sooooo > thrilled.) > > I need to decide on a firewall for this center. > > It will have to have the ability to block the various junk kids like > to use, > like Kaaza, AOL messenger, and such to keep the band width down. > > Does any one have a list or example of rules for this? > > I am dreading having to find all the programs and ports and such and > build the rules from scratch. > > John Tolmachoff MCSE, CSSA > IT Manager, Network Engineer > RelianceSoft, Inc. > Fullerton, CA 92835 > www.reliancesoft.com > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the > email put > the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > > > > > LEGAL NOTICE: > Unless expressly stated otherwise, this message is confidential and > may be privileged. It is intended for the addressee(s) only. Access to > this e-mail by anyone > else is unauthorized. If you are not an addressee, any disclosure or copying of the > contents or any action taken (or not taken) in reliance on it is unauthorized and may > be unlawful. If you are not an addressee, please inform the sender immediately. > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > ================================= > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the > email put > the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > --- [This E-mail scanned for viruses by Declude/F-Prot AV] ================================= To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ LEGAL NOTICE: Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. --- [This E-mail scanned for viruses by Declude/F-Prot AV] ==================================================================================================To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
