11 Replies Latest reply: Jun 27, 2014 6:24 AM by More is Les
jayv. Level 4 (1,285 points)



After finding out the AirPort Extreme is too limited when it comes to the built-in firewall and it's (lack of) features/logging i am now looking for the following:

- A hardware firewall to put between my modem and the AirPort Extreme


- A good router with a good built-in firewall to replace my AirPort Extreme


The reason i post this question here in the OS X forum is because i need to be able to read out the logs the firewall creates so it has to be compatible with OS X either through Syslog or a utility. Intrusion detection and the ability to use stealth are the main features i'm after. Since this is where all the great minds congregate i figured let's see what the Pros recommend / use.



Mac Pro, OS X Mountain Lion (10.8.3), 12-Core 3.06, 64GB RAM, SSD & 12TB
  • LowLuster Level 6 (12,065 points)

    Zyxel Zywall internet appliances.

  • etresoft Level 7 (27,786 points)

    A firewall isn't what people think it is. It isn't a tool to protect your information and keep it private but a tool to help you share information. If you really want privacy, turn off sharing services. A firewall is designed to control with whom you share services.

  • jayv. Level 4 (1,285 points)

    There are many features that make a firewall useful. The ability to hide me from the network (stealth), the ability to detect and alert me of port scans or DDoS activity and more importantly the ability to protect my entire network. OS X's built-in firewall and Little Snitch do a decent job in protecting my Mac (though detection and alert wise the built-in firewall could be improved a lot) but that doesn't help the rest of my network.


    LowLuster, do the Zywall boxes offer detailed logging and alerts that can be sent to the Mac or a Mac utility? Can't find this info on their site.

  • LowLuster Level 6 (12,065 points)

    Yes they do. I used one for years and only switched to a generic router resently to get Gigabit networking. I still might go back to one in the future once IPv6 comes of age. But they are expensive. The last one I used, a Zywall 5, was close to $500 when I bought it. That was about 9+ years ago.

  • jayv. Level 4 (1,285 points)

    Their most basic model, the USG20 should do then if it has all the features. Thanks for the recommendation

  • LowLuster Level 6 (12,065 points)

    Note if you plan on using it in front of the Apple router set the Apple router up as a switch with wireless by turning off the DHCP server and don't use the WAN/Internet port on the Apple device. Just go from a LAN port on the first router to a LAN port on the second. Also you will need to put both routers in the same IP range. The Zyxel will come with a 192 IP range and all Apple routers use the 10 IP range by default. For ease of access to both they both need to be in the same range and have different IPs. Like for the main and for the second.

  • jayv. Level 4 (1,285 points)

    Thanks for the follow-up.

    Not marking this post as solved yet in case there are other recommendations out there but will be doing some research into the Zywall series. From what i've seen so far its exactly what i'm looking for. The IDS needs a subscription though, seeing if that's worth it or something i can do without.

  • rbrown81 Level 1 (5 points)

    Yup, I think it is what it's thought to be.  Its a tool that filters traffic, primarily incoming.  So it does protect your information by filtering malicious packets on incoming traffic to determine whether or not it's a legitimate valid packet thats not going to corrupt your system or files in any manner.  Two concepts from the CIA model confidentiality and availability, it's definately not going to increase availability, so in no way would a firewall help you share your data but it is going to allow a level of control in sharing data which is a pretty good thing in computing.  Also the built in software features of any operating system are never going to live up to the expectations present in a hardware solution when it comes to firewalls and info security.  Simply turning off your sharing settings is not going to prevent or limit an applications ability to receive or send packets. 

  • jayv. Level 4 (1,285 points)

    I had forgotten all about this post until just now

    Ended up with a Zyxel Zywall USG 20 and it has been great. It offers me all the control and logging capabilities I need, it's just a tad slow when it comes to starting up if the power ever has to go off. Luckily this never happens unless I start rearranging my cables etc.


    Modem > ZyWall > 16-port managed switch


         AirPort Extreme for wifi



  • LowLuster Level 6 (12,065 points)

    Glad I helped and you like the Zyxel.

  • More is Les Level 1 (0 points)

    You can pick up a Gigabit ZyXEL for less than $150...