Innominate mGuard PCI
Easy to protect a single PC.
Poor web management.
While trickier to configure than other firewalls, the mGuard PCI is an invaluable tool for adding extra protection to a single PC.
Protecting a single PC from harm usually involves installing a software firewall. However, on a server the overhead this causes can be too much, hence Innominate's mGuard PCI firewall, which has its own 266MHz processor and 32MB of RAM. We tested the professional version. There is also an enterprise version with higher specifications and a greatly improved management interface.
Looking like a dual-port PCI Fast Ethernet adaptor, the device plugs into a spare expansion slot (there is also an external USB powered version).
Just connect the local machine's network cable to the LAN port and your network to the WAN port and you have got a stealth firewall without needing drivers.
You can also change a jumper on the mGuard PCI to turn it into a driver mode, where the OS then recognizes the card as a new network adaptor. In either case, management is performed through the web console by the machine connected to the LAN port, using the IP address 188.8.131.52. You can enable remote management if you want to run the firewall from a central console.
The management console is rather plain to look at and quite simplistic in its approach. You can only define inbound or outbound rules using the firewall's stateful inspection engine. Rules simply contain the originating and destination IP address and port number. The card is not predefined with well-known ports, such as port 80 for HTTP, so you'll need to look them up to make sure you're defining the correct rule. There is no default policy, either, so the card automatically blocks all data until you define alternative rules.
As well as the firewall, the mGuard PCI can also accelerate up to two VPN tunnels, offloading the work from the processor while safeguarding a particular data stream. This in itself is a very useful security tool.
License updates can also enable Kaspersky's anti-virus detection on the card. Obviously without any storage on the card, you ca not quarantine infected files, but delete them instead.
As a simple way to protect a single computer without adding any processor overhead, it is an excellent piece of kit.