Need a more advanced firewall - Not Linksys

[Wanabe]

I currently have a simple Linksys Router/Firewall acting as the gateway for my small LAN. As with all my Linksys products, it works very well for what it does.

Recently, however, I had my ISP bring up a VPN which connects all 5 of my offices together using their routers, equipment, etc. I can ping out from behind my Linksys to all branch offices to specific computers, but I can't ping from a branch office through the WAN side of the Linksys to any computers on the LAN. My ISP insists that its ICMP packets are being blocked at my Linksys firewall, therefore, preventing anyone from my branch offices from "seeing" anything behind the firewall. I'm assuming they're right since I do see log entries on my firewall which tell me that certain ICMP packets are getting dropped because it thinks it's a Smurf Attack. These packets are originating from my ISP's equipment.

Even with Block Unsolicited WAN Requests disabled on the firewall these ICMP packets do not seem to get through.

I'm wondering if I need to upgrade my firewall to something a bit more sophisticated. Something on which I can tell it specifically which IPs to trust for ICMP. If so, what would anyone recommend? I'm not a firewall expert so it would need to be something that was fairly intuative but with more granular control than Linksys.

Any ideas folks?

Thanks
Wanabe

[mbossman2]

Cisco PIX, Sonicwall, Juniper/Netscreen

All of these are good products.

Specific models will depend on the number of users behind the firewalls and additional features that you would want.

[Wanabe]

Thanks mbossman2.

I'll look into these.

Wanabe

[mbossman2]

i can talk in detail to the PIX box if you need help in that direction.