New home user licensing more limited on V7.. - Page 2

Godsbrother · #11 (**permalink**) 01-23-2007, 05:45 PM

Quote:

Originally Posted by simby

read my post. We are home users, and we dont have p2p restriction. Have you ever have a security attack, dos and other? Have you?! Have you check status?

So how many ip's do you have at present? and how many concurrent connections?

simby · #12 (**permalink**) 01-23-2007, 05:52 PM

Quote:

Originally Posted by Godsbrother

So how many ip's do you have at present? and how many concurrent connections?

I have no problem with 10 IP and i agree with IP limit to 10. This OK, it is for home use.

BTW I have: 2PC (my + sister), 1 laptop + 1 "server" for personal u. - testing and 1 xbox360 connected to internet.

What I don t agree is CURRENT 1000 connection. This firewall not a home mini router. BTW, home router for 50$ can have 600 curent connection.

I recomend NOT TO LIMIT CURRENT CONNECTION.

Atticka · #13 (**permalink**) 01-23-2007, 07:09 PM

A small note on concurrent connections

Windows XP SP2 limits concurrent connections to 10 for security purposes. Pre-SP2 the limit was 50 concurrent connections in Windows.

Now....lets do some math.
10 IP's using 10 concurrent connections = 100 concurrent connections
10 IP's using 50 concurrent connections = 500 concurrent connections

Not even near the 1000 concurrent connections limit.

Besides, Bit Torrent will not use over ~32 concurrent connections in a session anyways (this is defined in your Bit Torrent client settings).

I'm more worried about the IP limit, here are my thoughts.....

The 10 IP's should be reserved for devices passing traffic through the firewall, the term for these IP's I believe is "Protected IP's"

For example, the Sonicwall TZ170 device with a 10 user limit allows you to create an exception list of devices/users to exclude from the total device count.

My current home setup includes
Two IP camera's
One server
One streaming media device
One desktop
One Laptop
One wireless access point
One managed Layer2 switch
One LAN connected printer

Total of 9 IP devices, All of which require an IP address (out of ease of use, these use DHCP with static IP's), However only three devices require internet access (In the Sonwall scenario, I'm using 3/10 IP's, all other devices are on the exclusion list and are denied internet access).

If there was a way I could tag devices and exclude them from the "protected IP's list" and have them not count towards the 10 IP limit would be nice.

simby · #14 (**permalink**) 01-23-2007, 07:41 PM

Quote:

Originally Posted by Atticka

A small note on concurrent connections

Windows XP SP2 limits concurrent connections to 10 for security purposes. Pre-SP2 the limit was 50 concurrent connections in Windows.

Now....lets do some math.
10 IP's using 10 concurrent connections = 100 concurrent connections
10 IP's using 50 concurrent connections = 500 concurrent connections

Not even near the 1000 concurrent connections limit.

Besides, Bit Torrent will not use over ~32 concurrent connections in a session anyways (this is defined in your Bit Torrent client settings).

I'm more worried about the IP limit, here are my thoughts.....

The 10 IP's should be reserved for devices passing traffic through the firewall, the term for these IP's I believe is "Protected IP's"

For example, the Sonicwall TZ170 device with a 10 user limit allows you to create an exception list of devices/users to exclude from the total device count.

My current home setup includes
Two IP camera's
One server
One streaming media device
One desktop
One Laptop
One wireless access point
One managed Layer2 switch
One LAN connected printer

Total of 9 IP devices, All of which require an IP address (out of ease of use, these use DHCP with static IP's), However only three devices require internet access (In the Sonwall scenario, I'm using 3/10 IP's, all other devices are on the exclusion list and are denied internet access).

If there was a way I could tag devices and exclude them from the "protected IP's list" and have them not count towards the 10 IP limit would be nice.

Why do you use Windows? Have you try linux?

p.s.: i have sonicwall pro 230 and i have unlimit IP and 30.000 limit connection (i have home licens and try to replace with astaro firewall box, but now i dont know,... i need home and in company pro. firewall). With 1 linux torr. conn. on sonicwall box i have cca. 1250 connection. Fort test. Did you ever have any dos attack on line 15Mb +? What can i do with "firewall" who can t protect me?

ReD-MaN · #15 (**permalink**) 01-23-2007, 09:25 PM

What does a DoS attack have to do with outbound concurrent connections? Are you DoS'ing people?

I have probably one of the larger home networks on this forum, with several machines online at any given time, my wife using Emule, myself using BT on two machines, plus playing online gaming.

What do I hit for a max concurrennt connections? Apprioximately 2500. So yes, 1000 is a bit low, but really, how many people have a home network very big?

My office LAN, which has approx. 100 users, barely goes above 1000. Maybe it hits 1100. That is with over 150 machines!

simby · #16 (**permalink**) 01-23-2007, 09:30 PM

If you have limit 10IP, isn t this limit ok? Why would you limit internet connection?

With 1 torrent i have 1200 connection.

How "big" internet line do you have?

About dos attack. Do you have any server? DNS server + attack or email + attack? how many connection, 1000?
Each of these packets are handled like a connection request, causing on 1000 connection limited?

And please read http://en.wikipedia.org/wiki/DOS_attack

ReD-MaN · #17 (**permalink**) 01-23-2007, 09:37 PM

Internet connection = 100 Meg Fiber, full duplex.

Yes I have DNS server, and email, but they are HOME servers. This is a HOME license.

Atticka · #18 (**permalink**) 01-23-2007, 09:42 PM

Ok! lets all pull it out and see who's bigger....

Guys, the point is for the average home user 1000 concurrent connections is more than enough (the two of you are exceptions.....).

Whats worries me more is that IP devices are becoming more and more popular in the home, the 10 IP limit can quickly be met in a house using all the latest gadgets.

Home security, media servers, TiVo's (PVR's), IP enabled appliances, home automation (smart homes), VOIP phones, etc....

Free for home use at 10 IP's with the security services enabled is FANTASTIC, try and find someone else who offers this....you wont, not for freee.

However, maybe a power user license would be ideal for a home user to allow for additional IP's and more concurrent connections, maybe a one time upgrade? Its up to Astaro to decide.

simby · #19 (**permalink**) 01-23-2007, 09:47 PM

I agree, only 1 time, but not more then 50$

hoby · #20 (**permalink**) 01-24-2007, 12:20 AM

Well besides doing some "freelance" beta-testing of Astaro software here, some of us test other products as well, beyond the gadget addiction that I have, so it would be ideal to have more than 10 for special cases... I forsee trouble with my network now that enforcement is in place...

here is the current list of devices on my network...

1 Macbook pro (running Parallel's Workstation VM software... more ip's here)
1 Compaq laptop
1 hp laptop
1 Vista Media Center Ultimate Edition system
1 Vista Workstation
1 Windows XP Workstation
1 Windows 2003 Server R2
1 Slingbox
1 Linksys PAP for Vonage
1 HP 2510 IP printer (yes, shouldn't need internet here)
1 PS3
1 PS2
3 Xbox
1 Xbox 360
1 Nintendo Wii
I have ditched a few devices such as Tivo, Replay TV device, and some other media devices. I do have multiple switches and whatnot, but they shouldn't need internet access as well.
So at any given time, I am averaging under 20, and that isn't all at the same time, but the problem is they don't drop off after they access the net...

And before someone says "why not nat some of those"... that isn't a solution, and only a kludge that may work for some.

I guess I will have to start finding another solution that I am willing to PAY FOR!