Question : Problem with Zyxel Prestige 660-R and Checkpoint & Linksys firewall/routers

Sorry if this isn't the correct place for this problem -- please move it if not appropriate!

This will be a lengthy description of the problem, so here goes:

Currently running a Netgear FR314 along with a Zyxel 660R-61 ADSL modem, brand new device. The ADSL is configured with static IP, no DHCP, no DNS, it is strictly a pass-through ADSL modem, it will not connect me directly to the internet. I must have a firewall/router between me and the Zyxel. My choice. The ISP does not allow us end-users to fiddle with their settings anyway, they have changed the password to the Zyxel.

Th
e above described runs fine, but the Netgear is five years old and never had the firmware updated, it's no longer supported, I can no longer GET any updated firmware. I need a new firewall/router.

Tried two different Checkpoint Safe@Office 105 boxes, upgraded firmware to latest version, did troubleshooting with the Checkpoint/Sofaware tech support, extensive logging, etc. for two months. The problem is intermittent internet connectivity issues. We are talking a matter of seconds here ... the connections (on two wired PCs, both running WinXP) sometimes time out, sometimes cannot resolve DNS. Try again immediately, the connection may then work, may not. It may take several tries. Sometimes closing the browser (both Firefox and IE 6) and reopening the browser helps. This was a consistent problem in both the Checkpoint Safe@Office boxes I tried. The logs in the router showed dropped connections, no reason. I finally gave up on that device.

Next in line -- the Linksys WRT54G -- wired and wireless router. I chose this because I do have a notebook computer with wireless but I haven't used the wireless connection yet. I configure the Linksys, and have the SAME PROBLEM as with the Checkpoint box. Linksys tech support told me to try to drop the MTU down from 1500 to 1400, then 1300, then 1200, see if that helped. It actually made things worse, the lower the MTU. I did update the firmware to the latest version.

I configured both the Checkpoint and the Linksys exactly as my old Netgear, same static IP, same DNS servers, same subnetting, same MTU, same everything. I also turned off SPI on the Linksys to see if that was causing the intermittent connectivity problems, no dice. The Netgear docs claim it does stateful packet inspection, but five years ago -- who knows what that consisted of?

The Checkpoint Safe@Office required shielded cables so that's what I'm using now. Okay, I have them, might as well use them.

Summary:
Connectivity is rock solid with the old Netgear, isn't reliable with the Checkpoint Safe@Office 105 or Linksys WRT54G. I am sending back the Linksys and getting another, just to placate their tech support. What the heck, I'll play their game.

This is driving me nuts, not to mention the fact that I'm still stuck with an old firewall/router. If you also have a suggestion for a better firewall/router, I'm open to hearing it. I do not want to pay more than $200, which is still a lot of $$$. I chose the Checkpoint because you can subscribe to the update service and are guaranteed firmware updates as long as you subscribe, or so I was told. Sigh.

I've browsed through several other questions that are similar on this forum and nothing applies. This would be much easier if the connection failed solidly, or logs showed somethings specific is happening.

Puleeeeeeeze help!

-- Carole

Answer : Problem with Zyxel Prestige 660-R and Checkpoint & Linksys firewall/routers

The SonicWall TZ170 is really in a totally different class than the Linksys -- it is a true hardware firewall, automatically switches connections as required to maintain uptime, etc. A true corporate product, as opposed to Linksys's focus on home usage.

You are clearly leaning towards this level of protection -- and quite frankly I doubt the new Linksys will do anything the "old" one didn't do. I'd suggest you return the Linksys unopened and go with the SonicWall. You'll have one of the best devices you can get for this function -- and will, in my opinion, be much more satisfied with its performance than you would with anything Linksys or Netgear could offer.

Random Solutions

Remote Access with SBS 2003

Zenworks v2 disable client

Outlook Connector on MDaemon 9.6.1

printing out double to 2 decimal places

ISA 2000 on a Windows 2003 server

How to configure a DSL modem for connection to a router

(500 points) it is possible to change graphic card for laptop ? or put some external ?

How to get sendmail to read /etc/hosts over DNS on Solaris?

excluding IP address in DHCP sbs 2000