My software firewall (by itself) doesn't cut it anymore. Therefore, I'm looking at hardware firewall devices.
Does anyone have any experience with the ZyXEL ZyWall family of appliances? I'm considering the USG 50. Their web site says they support IPv6, but I have found that "support varies" with other devices I have used.
I need 2 WAN ports and 3 LAN ports (the 4th is nice, but will be unused except for maintenance), so their model 20 is too little and the 100/200 is too much in connectivity. The cost for model 50 is also about what I can afford - less than $250 (on amazon.com).
Have you considered the Ubiquity EdgeRouter Lite? $99, but only gets you 3 GIGE ports that you can use as you like. IPv6 not exactly in the GUI but it runs a vyatta fork on top of Linux, so IPv6 support is there. They have a newer model with more ports too, for more money.
Thanks for the alternative suggestion, but it doesn't have 2 WAN ports. If 1 WAN port would do, I could go with a USG 20.
It _could_ have 2 wan ports, its a linux box with 3 nics :) eth0/1/2. You can define the ports to be whatever you want, and toss a cheap switch off the 3rd.
I need 5 ports. (A 6th port is desired so I can plug in directly when needed.) It only has 4. Other suggestions?
I'd suggest something like an ASA 5505, but if I'm reading your initial post correctly, it's more than you're looking to spend.
RE: Cisco ASA 5505
OK, I looked at that; thanks for the suggestion. There is one place that has the price down to $250 (www.allhdd.com). However, it's a 10/100Mb device while the ZyXel USG50 is Gig-E. I also don't need PoE. Lastly, the literature (feature list) for the 5505 nowhere said that it supports IPv6 (the "ultimate fail").
for tunnels? ipv6 not that great support on an asa.
also the licensing for a $250 model is gonna be horrible, think, only 10 internal ips can connect to the outside world horrible.
otherwise basic native ipv6 stuff like static routes, interfaces, works fine even as far back as 8.4