Sometimes speed of Internet is getting very slow at the work. After a packet analysis I saw that 50% of our Internet traffic is about “126.96.36.199 upnp-mcast” and it is unnecessary. There is firewall on DSL modem but there is not an “Application Monitor”. I could make no rule on modem’s firewall to stop this traffic. CFP on client’s computers can do this. I believe it patches a huge insufficiency.
This was only an experience from me. What about you?
Let’s see… I think my take is Advanced Protocol Analysis + Intrusion Detection. My gateway/NAT server used to be so slow… an analysis of the log shows a lot of malformed packet. Such attacks stopped after CFP is installed, I guess because CFP makes wannabe-intruders’ procedure so slow.
The easy-to-understand Network Monitor also helps me tame the users of the NAT server, so they are forced to browse via a proxy.
Now, if only my settings are password-protectable…
One feature? Hmm. Coming from firewalls without this type of setup, I think I’ll go with the layered security.
It took me a little bit (as I think it has with many users) to get my head around the idea of creating both application and network rules to allow traffic (or block it, for that matter). Once I got that figured out, I have as much control over my applications connecting, as I want. I can be a ultra-paranoid MS/govt conspiracy freak, or an ultra-liberal bleeding heart for my applications’ connectivity… ;D A full range, indeed. I like that.