Our network is about 70 computers. We now use kerio winroute firewall on windows xp. I am not happy with it and on the other hand i am not a network expert, a software developer. There is noone understanding network except me. We need a firewall which routes 8 mbit internet efficiently, does not allow ultrasurf, easy administration that can be used by people not network experts.

I need also modem suggestions. Our modem is too old and does not respond when too many users are on the network.

5 Answers5


I'd get a hardware firewall from Cisco for a 70-computer network. Actually, for a 70-computer network, you're verging on needing someone for some support; depending on your situation you might want to contract a company for X hours a year or hire someone internally at least part time.

The only reason I suggested a Cisco device is because while they're expensive, they're normally a device that once configured are pretty much hands off and "work", plus you get decent options for support contracts so that if you don't know what you're doing you can find support people to work on it and/or work with you over the phone.

If you hire someone who knows what they're doing or are willing to invest time in this, you can get a machine to run a turnkey solution like Smoothwall or any of a number of Linux router-dedicated distros for free and they're more than able to handle the load you're talking about. But it's still a piece of hardware, it does require configuring your machines to use it as a gateway (or arrange your uplink from a switch properly to the firewall and route that through the modem) which again goes back to strongly advising you to get a support contract with an IT company or hiring someone to work with your company.

Also, if your connection is slowing down periodically when "too many users are on the network" you may have an issue with the connection, available bandwidth, or the machine you're routing people through for the firewall, especially if it's cheap commodity hardware. You would need to narrow down where the network slowdown is actually occurring and monitor the traffic flow. What hardware is it going through? Are your users pushing the limits, as even with an 8 meg connection you can bog it down when you have thirty users watching YouTube videos...

Bart Silverstrim
  • 31,092
  • 9
  • 65
  • 87
  • Cisco, or Juniper, or Netgear.. Or $Hardware_Firewall_Vendor. – Tom O'Connor Nov 03 '10 at 13:39
  • I haven't had experience with the other vendors. I just know that Cisco is overpriced in my opinion and their website is a PITA, but if you want to remain in the dark about how to use it, there's a ton of people that can be contracted to work specifically on them and their phone support has been decent for us on the occasions it's needed. – Bart Silverstrim Nov 03 '10 at 13:44
  • I agree entirely, fwiw, I was kinda playing Devil's Advocate :P – Tom O'Connor Nov 03 '10 at 13:54

I would personally just use a linux box with iptables on it for the firewall. They are very customizable, free, and there is a lot of online support and documentation. If you don't just want to use the generic iptables, you could use http://www.untangle.com/.

  • 1
    I really don't think a linux box is going to be easy for someone who barely knows Windows network administration. – Chris S Nov 03 '10 at 13:40
  • 1
    I agree with you, but at some point in time your going to have to learn something if you want to a firewall to protect 70+ computers. There is enough documentation around that you could figure it out fairly easily. –  Nov 03 '10 at 14:12
  • fwbuilder is a gui frontend to create rules for many flavours of firewalls, including iptables. If you understand the basics of networking, you should be able to set up some rules with it pretty easily. – pfyon Nov 04 '10 at 20:51

Something like openwall may do well. Although it may no longer be as simple as it used to be.

You will need a server with at least two interfaces. If you have servers accessible from the Internet they should be in the DMZ on a third interface.

Edit: I use Ubuntu Linux with Shorewall firewall. Shorewall has extensive documentation, good starter configurations for one, two, or three interfaces. In this case the two or three interface configurations would be required.

For Ubuntu install the server edition. Shorewall is available as a package using aptitude. For management ensure that openssh-server is installed and use putty to access the server from your windows desktop. This will be a command line environment.

  • 27,354
  • 3
  • 35
  • 69

Save yourself a lot of money and run pfSense on a FreeBSD box. It's scalable, fast, very full featured, and more flexible than a lot of the lower end security "devices".

  • While that would work for most of us, the poster sounds like he wants something absolutely turnkey simple. The real answer if he's not willing to become a company sysadmin is to hire someone to come in and do it for him, since his network description sounds like it's verging on becoming a management nightmare if someone doesn't come in and start supporting it. 70 machines going through an XP machine running a software firewall, asking for a no-management simple flip-a-switch firewall? – Bart Silverstrim Nov 03 '10 at 13:48

I like hardware firewalls, and recommend Juniper SRX100/210/210 series. They usually beat up Cisco on price, and bring most of the same features if not all.


  • 8,733
  • 1
  • 23
  • 35