WSUS Delete Obsolete Updates

Posted: August 15, 2017
in Configuration Manager, Information, SQL, Windows Update
Tags: delete obsolete updates, deleteobsoleteupdates, index, wsus

NOTE: Usual warnings apply. Do a backup before making any changes. If you are unsure about anything in the post then ask or look for more information or help before attempting it.

Over time WSUS will accumulate update metadata that can create performance issues for clients. In large environments this can be quite an issue.

There is a script Microsoft often provides during Premier Support calls to cleanup this update metadata, however there are a few issues:

  • The query can take a *really* long time to run if there are a lot of updates to cleanup. In some cases it can take *days*
  • You need to stop all the WSUS services while it runs
  • If it fails for whatever reason, it will have to start all over because it doesn’t commit the changes until it completes successfully
  • While it runs, the TEMPDB and Transaction logs will grow quite significantly until the data is committed
  • It gives no useful information on progress

There is a TechNet article (This is essential reading and has LOTS of important stuff) and a Forum Post where an improved version was written that gave progress of the cleanup, however it didn’t address the temp/transaction growth issues or the time issues. To this end I have applied my very rudimentary SQL scripting skills.

To find out just how many updates are waiting to be cleaned up, run this stored procedure:

EXEC spGetObsoleteUpdatesToCleanup

Firstly, when the script runs on a default WSUS install it can take over a minute to process *each* record. If there are thousands or tens of thousands or updates to remove this is going to take a while. There is an index you can add to the WSUS table that dramatically improves this so it happens at about 1 second per record. Microsoft confirmed this index is OK, however it is not officially supported (at time of writing)

USE [SUSDB]
GO
CREATE NONCLUSTERED INDEX [IX_tbRevisionSupersedesUpdate] ON [dbo].[tbRevisionSupersedesUpdate]([SupersededUpdateID])
GO
CREATE NONCLUSTERED INDEX [IX_tbLocalizedPropertyForRevision] ON [dbo].[tbLocalizedPropertyForRevision]([LocalizedPropertyID])
GO

Now to the cleanup script. Simply this script will cleanup obsolete records, provide progress feedback and also allow you to run it in small blocks. This allows you to run in short blocks without needing to stop the WSUS server and avoids generating huge transaction loads on the SQL server.

To “tweak” the script, modify this line with the number of updates you want to do in each block. Start with 50, see how it runs in your environment and increase as needed. Ideally don’t run batches that take more than 5-10 minutes to prevent those SQL transaction logs growing.

IF @curitem < 101

If you do want to run a larger batch that may take hours, you should of course stop the WSUS services to do so. Also, don’t run this script if a WSUS Sync is in progress or scheduled to start.

USE SUSDB
DECLARE @var1 INT, @curitem INT, @totaltodelete INT
DECLARE @msg nvarchar(200)
CREATE TABLE #results (Col1 INT) INSERT INTO #results(Col1)
EXEC spGetObsoleteUpdatesToCleanup
SET @totaltodelete = (SELECT COUNT(*) FROM #results)
SELECT @curitem=1
DECLARE WC Cursor FOR SELECT Col1 FROM #results
OPEN WC
FETCH NEXT FROM WC INTO @var1 WHILE (@@FETCH_STATUS > -1)
BEGIN SET @msg = cast(@curitem as varchar(5)) + '/' + cast(@totaltodelete as varchar(5)) + ': Deleting ' + CONVERT(varchar(10), @var1) + ' ' + cast(getdate() as varchar(30))
RAISERROR(@msg,0,1) WITH NOWAIT
EXEC spDeleteUpdate @localUpdateID=@var1
SET @curitem = @curitem +1
IF @curitem < 101
 FETCH NEXT FROM WC INTO @var1
END
CLOSE WC
DEALLOCATE WC
DROP TABLE #results
deleteobsolete

If for any reason the script is interrupted, you will find SQL still has the transaction table open and won’t let you run again (There is already an object named ‘#results’ in the table). To resolve this highlight and execute the last line to drop the table.

If this still doesn’t help, close the SQL Studio Manager session and you should be prompted with a warning about uncommitted transactions. Select Yes to commit then reopen and start the query again.

If for any reason the query is not properly closed there may be locks held on the SQL database that will prevent the normal WSUS service functioning resulting in failure of service.

Source :
https://kickthatcomputer.wordpress.com/2017/08/15/wsus-delete-obsolete-updates/

10 Best Firewalls for Small & Medium Business Networks in 2023

BY AMINU ABDULLAHI MAY 16, 2023

Small and medium-sized businesses (SMBs) are increasingly becoming targets for cyber attacks. According to Verizon, about 61 percent of SMBs reported at least one cyber attack in 2021. Worse, Joe Galvin, chief research officer at Vistage, reported that about 60 percent of small businesses fold within six months of a cyber attack.

To protect your network from potential threats, you need a reliable and effective firewall solution. This tool will act as the first line of defense against unauthorized access and can help prevent malicious attacks from infiltrating a business’s network.

We reviewed the top SMB firewall solutions to help you determine the best one for your business.

Top SMB firewall software comparison

 Best forIPSContent filteringStarting price
Perimeter 81Best overallYesYes$8 per user per month, billed annually
pfSenseOpen sourceYesYes$0.01 per hour 
Comodo Free FirewallWindows PCsYesYesFree
ManageEngine Firewall AnalyzerLog, policy, and firewall configuration managementYesYes$395 per device
Fortinet FortiGateHybrid workforcesYesYesApprox. $335
SonicWall TZ400 Security FirewallAdvanced threat protectionYesYesApprox. $1,000–$1,500
Cisco Meraki MX68Small branches with up to 50 usersYesYesApprox $640
Sophos XGS SeriesRemote workersYesYesApprox. $520
Protectli Vault – 4 PortBuilding your own OPNsense or pfSense router and firewallYesYes$269 for FW4B – 4x 1G Port Intel J3160
OPNSenseFlexibilityYesYesFree, or $170.46/yr for business ed.

Jump to:

Perimeter81 icon

Perimeter 81

Best overall

Founded in 2018, Perimeter 81 is a cloud and network security company that provides organizations with a secure and unified platform for accessing and managing their applications and data.

It provides many security solutions, including firewall as a service (FWaaS), secure web gateway (SWG), zero trust network access (ZTNA), malware protection, software-defined perimeter, VPN-alternative and secure access service edge (SASE) capabilities, to ensure that data is secure and accessible to authorized personnel. It also provides centralized management and user access monitoring, enabling organizations to monitor and control user activity across the network.

Perimeter 81 provides granular access control policies that enable organizations to define and enforce access rules for their network resources based on the user’s identity, device type, and other contextual factors—making it easy for employees to access the company’s resources without compromising security.

Pricing

Pricing plansMinimum usersCost per month, plus gateway costCost per year, plus gateway costCloud firewallAgentless application accessDevice posture check
Essential10$10 per user, plus $50 per month per gateway$8 per user, plus $40 per month per gatewayNo2 applicationsNo
Premium10$12 per user, plus $50 per month per gateway$15 per user, plus $40 per month per gateway10 policies10 applications3 profiles
Premium Plus20$16 per user, plus $50 per month per gateway$20 per user, plus $40 per month per gateway100 policies100 applications20 profiles
Enterprise50Custom quotesCustom quotesUnlimitedUnlimitedUnlimited

Features

  • Identity-based access for devices and users.
  • Network segmentation.
  • OS and application-level security and mutual TLS encryption.
  • Enable traffic encryption enforcement, 2FA, Single Sign-On, DNS filtering, and authentication.

Pros

  • Provides visibility into the company network.
  • Allows employee access from on-premise.
  • Automatic Wi-Fi security.
  • 30-day money-back guarantee.

Cons

  • Low and mid-tiered plans lack phone support.
  • Limited support for Essential, Premium, and Premium Plus.
pfSense icon

pfSense

Best open-source-driven firewall

pfSense is an open-source firewall/router network security solution based on FreeBSD. Featuring firewall, router, VPN, and DHCP servers, pfSense is a highly customizable tool that can be used in various network environments, from small home networks to large enterprise networks.

The tool supports multiple WAN connections, failover and load balancing, and traffic shaping, which can help optimize network performance. pfSense can be used on computers, network appliances, and embedded systems to provide a wide range of networking services.

Pricing

pfSense pricing varies based on your chosen medium—cloud, software, or hardware appliances.

For pfSense cloud:

  • pfSense on AWS: Pricing starts from $0.01 per hour to $0.40 per hour.
  • pfSense on Azure: Pricing starts from $0.08 per hour to $0.24 per hour.

For pfSense software:

  • pfSense CE: Open source version available to download for free.
  • pfSense+ Home or Lab: Available at no cost for evaluation purposes only.
  • pfSense+ W/TAC LITE: Currently available at no charge, but vendor may increase rate to $129 per year in the future. 
  • pfSense+ W/TAC PRO: $399 per year.
  • pfSense+ W/TAC ENT: $799 per year.

For pfSense appliances:

pfSense+ appliancesDevice costBest forFirewall speed (IPERF3 TRAFFIC)Firewall speed
(IMIX TRAFFIC)
Netgate 1100$189Home607 Mbps(10k ACLs)191 Mbps(10k ACLs)
Netgate 2100$349Home
Home Pro
Branch/Small Business
964 Mbps(10k ACLs)249 Mbps(10k ACLs)
Netgate 4100$599Home Pro
Branch/Small Business
Medium Business
4.09 Gbps(10k ACLs)1.40 Gbps(10k ACLs)
Netgate 6100$799Home Pro
Branch/Small Business
Medium Business
9.93 Gbps(10k ACLs)2.73 Gbps(10k ACLs)
Netgate 8200$1,395Branch/Small Business
Medium Business
Large Business
18.55 Gbps5.1 Gbps
Netgate 1537$2,199Medium Business
Large Business
Data Center
18.62 Gbps(10k ACLs)10.24 Gbps(10k ACLs)
Netgate 1541$2,899Medium Business
Large Business
Data Center
18.64 Gbps(10k ACLs)12.30 Gbps(10k ACLs)

Features

  • Stateful packet inspection (SPI).
  • IP/DNS-based filtering.
  • Captive portal guest network.
  • Time-based rules.
  • NAT mapping (inbound/outbound).

Pros

  • Anti-spoofing capability.
  • Connection limits option.
  • Community support.

Cons

  • The tool’s open-source version support is limited to community or forum. It lacks remote login support, private login support, a private support portal, email, telephone, and tickets.
  • Complex initial setup for inexperienced users.
Comodo icon

Comodo Free Firewall

Best for Windows PCs

Comodo Firewall is a free firewall software designed to protect computers from unauthorized access and malicious software by monitoring all incoming and outgoing network traffic. 

The firewall features packet filtering, intrusion detection and prevention, and application control. It also includes a “sandbox” feature that allows users to run potentially risky applications in a protected environment without risking damage to the underlying system. 

The software works seamlessly with other Comodo products, such as Comodo Antivirus and Comodo Internet Security.

Pricing

Comodo is free to download and use. The vendor recommends adding its paid antivirus product (Comodo Internet Security Pro) to its firewall for added security. The antivirus costs $29.99 per year for one PC or $39.99 per year for three PCs. 

Features

  • Auto sandbox technology.
  • Cloud-based behavior analysis. 
  • Cloud-based allowlisting. 
  • Supports all Windows OS versions since Windows XP (Note: Windows 11 support forthcoming).
  • Website filtering.
  • Virtual desktop.

Pros

  • Monitors in/out connections.
  • Learn user behavior to deliver personalized protection.
  • Real-time malware protection.

Cons

  • Lacks modern user interface.
  • Pop-up notifications—some users may find the frequent alerts generated by the software annoying and intrusive.
ManageEngine icon

ManageEngine Firewall Analyzer

Best for log, policy, and firewall configuration management

ManageEngine Firewall Analyzer is a web-based log analytics and configuration management software for firewall devices. 

It provides real-time visibility into network activity and helps organizations identify network threats, malicious traffic, and policy violations. It supports various firewalls, including Cisco ASA, Palo Alto, Juniper SRX, Check Point, SonicWall, and Fortinet. 

Firewall Analyzer helps monitor network security, analyze the security posture of the network, and ensure compliance with security policies. It also provides reports, dashboards, and automated alerting to ensure the network remains secure.

Pricing

The amount you will pay for this tool depends on the edition you choose and the number of devices in your organization. 

You can download the enterprise edition’s 30-day free trial to test-run it and learn more about its capabilities. It’s available in two versions: Windows OS or Linux. You can also download it for mobile devices, including iPhone devices and Android phones or tablets.

  • Standard Edition: Starts at $395 per device, up to 60 devices.
  • Professional Edition: Starts at $595 per device, up to 60 devices.
  • Enterprise Edition: Starts at $8,395 for 20 devices, up to 1,200 devices.

Feature

  • Firewall rules report and firewall device audit report.
  • Regulatory compliance with standards such as ISO, PCI-DSS, NERC-CIP, SANS, and NIST.
  • Network behavioral anomaly alert.
  • Security reports for viruses, attacks, spam, denied hosts, and event summaries.
  • Historical configuration change tracking.
  • Bandwidth report for live bandwidth, traffic analyzer, URL monitor, and employee internet usage.
  • Compatible with over 70 firewall versions.

Pros

  • Excellent technical support.
  • Users praise its reporting capability.
  • In-depth auditing with aggregated database entries capability.
  • VPN and security events analysis.

Cons

  • Complex initial setup.
  • Users reported that the tool is occasionally slow.
Fortinet icon

Fortinet FortiGate

Best for hybrid workforces

Fortinet FortiGate is a network security platform that offers a broad range of security and networking services for enterprises of all sizes. It provides advanced threat protection, secure connectivity, and secure access control. It also provides advanced firewall protection, application control, and web filtering. 

Business owners can use Fortinet’s super-handy small business product selector to determine the best tool for their use cases. 

Small and mid-sized businesses may find the following FortiGate’s model suitable for their needs:

 IPSNGFWThreat ProtectionInterfacesSeries
FortiGate 80F1.4 Gbps1 Gbps900 MbpsMultiple GE RJ45 | Variants with PoE, DSL,3G4G, WiFi and/or storageFG-80F, FG-80F-PO, FG-80F-Bypass, FG-81F, FG-81F-PO, FG-80F-DSL, FWF-81F-2R-POE, FWF-81, F-2R-3G4G-POE, FWF-80F/81F-2R, and FWF-80F/81F-2R-3G4G-DSL
FortiGate 70F 1.4 Gbps1 Gbps800 MbpsMultiple GE RJ45 | Variants with internalstorageFG-70F and FG-71F
FortiGate 60F 1.4 Gbps1 Gbps700 MbpsMultiple GE RJ45 | Variants with internalstorage | WiFi variantsFG-60F, FG-61F, FWF-60F, and FWF-61F
FortiGate 40F 1 Gbps800 Mbps 600 MbpsMultiple GE RJ45 | WiFi variantsFG-40F, FG-40F-3G4G, FWF-40F, FWF-40F-3G4G

Fortinet FortiGate is compatible with several operating systems and can easily be integrated into existing networks. 

Pricing

Unfortunately, Fortinet doesn’t publish their prices. Reseller prices start around $335 for the FortiGate 40F with no support. Contact Fortinet’s sales team for quotes.

Features

  • Offers AI-powered security services, including web, content, and device security, plus advanced tools for SOC/NOC.
  • Continuous risk assessment. 
  • Threat protection capability.

Pros

  • Top-rated firewall by NSS Labs.
  • Intrusion prevention.

Cons

  • According to user reviews, the CLI is somewhat complex.
  • Complex initial setup.
SonicWall icon

SonicWall TZ400 Security Firewall

Best for advanced threat protection

The SonicWall TZ400 is a mid-range, enterprise-grade security firewall designed to protect small to midsize businesses. It supports up to 150,000 maximum connections, 6,000 new connections per second, and 7×1-Gbe. 

The TZ400 features 1.3 Gbps firewall inspection throughput, 1.2 Gbps application inspection throughput, 900 Mbps IPS throughput, 900 Mbps VPN throughput, and 600 Mbps threat prevention throughput. 

Pricing

This product’s pricing is not available on the Sonicwall website. However, resellers such as CDW, Staples, and Office Depot typically sell it in the $1,000–$1,500 range. You can request a quote for your particular use case directly from Sonicwall.

Features

  • Deep memory inspection.
  • Single-pane-of-glass management and reporting.
  • SSL/TLS decryption and inspection.
  • SD-WAN and zero-touch deployment capabilities.

Pros

  • Optional PoE and Wi-Fi options.
  • DDoS attack protection (UDP/ICMP/SYN flood).
  • Fast performance with gigabit and multi-gigabit Ethernet interfaces.
  • Protects against intrusion, malware, and ransomware.
  • High-performance IPS, VPN, and threat prevention throughput.
  • Efficient ​​firewall inspection and application inspection throughput.

Cons

  • Support can be improved.
  • It can be difficult to configure for inexperienced users.
Cisco icon

Cisco Meraki MX68

Best for small branches with up to 50 users

The Cisco Meraki MX68 is a security appliance designed for SMBs. It’s part of the Cisco Meraki MX series of cloud-managed security appliances that provide network security, content filtering, intrusion prevention, and application visibility and control.

The MX68 is equipped with advanced security features such as a stateful firewall, VPN, and intrusion prevention system (IPS) to protect your network from cyber attacks. The MX68 has a variety of ports and interfaces, including LAN and WAN ports and a USB port for 3G/4G failover. It also supports multiple WAN uplinks, providing redundancy and failover options to ensure your network remains online and available.

Pricing

The Cisco Meraki MX68 pricing isn’t listed on the company’s website, but resellers typically list it starting around $640. You can request a demo, free trial, or quotes by contacting the Cisco sales team.

Features

  • Centralized management via web-based dashboard or API.
  • Intrusion detection and prevention (IDS/IPS).
  • Next-generation layer 7 firewalls and content filtering.
  • SSL decryption/inspection, data loss prevention (DLP), and cloud access security broker (CASB).
  • Instant wired failover with added 3G/4G failover via a USB modem.

Pros

  • Remote browser isolation, granular app control, and SaaS tenant restrictions.
  • Support for native IPsec or Cisco AnyConnect remote client VPN.
  • Provides unified management for security, SD-WAN, Wi-Fi, switching, mobile device management (MDM), and internet of things (IoT)

Cons

  • The license cost is somewhat high.
  • Support can be improved.
Sophos icon

Sophos XGS Series

Best for remote workers

Sophos XGS Series Desktop is a range of network security appliances designed to provide comprehensive protection for SMBs. These appliances combine several security technologies, including firewall, intrusion prevention, VPN, web filtering, email filtering, and application control, to provide a robust and integrated security solution.

Here’s a comparison table of the Sophos XGS series firewalls:

 FirewallTLS inspectionIPSIPSEC VPNNGFWFirewall IMIXThreat protectionLatency (64 byte UDP)
XGS Desktop Models3,850 Mbps375 Mbps1,200 Mbps3,000 Mbps700 Mbps3,000 Mbps280 Mbps6 µs
XGS 107 / 107w7,000 Mbps420 Mbps1,500 Mbps4,000 Mbps1,050 Mbps3,750 Mbps370 Mbps6 µs
XGS 116 / 116w7,700 Mbps650 Mbps2,500 Mbps4,800 Mbps2,000 Mbps4,500 Mbps720 Mbps8 µs
126/126w10,500 Mbps800 Mbps3,250 Mbps5,500 Mbps2,500 Mbps5,250 Mbps900 Mbps8 µs
136/136w11,500 Mbps950 Mbps4,000 Mbps6,350 Mbps3,000 Mbps6,500 Mbps1,000 Mbps8 µs

The Sophos XGS Series Desktop appliances are available in several models with varying performance capabilities, ranging from entry-level models suitable for small offices to high-performance models suitable for large enterprises. They are designed to be easy to deploy and manage, with a user-friendly web interface and centralized management capabilities.

Pricing

Sophos doesn’t advertise the pricing for their XGS Series Desktop appliances online, but they typically retail starting at about $520 from resellers. 

Potential customers are encouraged to request a free trial and pricing information by filling out a form on the “Get Pricing” page of their website.

Features

  • Centralized management and reporting.
  • Wireless, SD-WAN, application aware routing, and traffic shaping capability.
  • SD-WAN orchestration.
  • Advanced web and zero-day threat protection.

Pros

  • Zero-touch deployment.
  • Lateral movement protection.
  • Users find the tool scalable.

Cons

  • Performance limitations.
  • Support can be improved.
Protectli icon

Protectli Vault – 4 Port

Best for building your own OPNsense or pfSense router and firewall

The Protectli Vault is a small form-factor network appliance designed to act as a firewall, router, or other network gateway. The 4-Port version has four gigabit Intel Ethernet NIC ports, making it ideal for SMB or home networks.

The device is powered by a low-power Intel processor and can run a variety of open-source firewall and router operating systems, such as pfSense, OPNsense, or Untangle. It comes with 8GB DDR3 RAM and up to 32GB DDR4 RAM. 

The Protectli Vault is designed to be fanless, silent, and compact, making it ideal for use in the home or office environments where noise and space may be an issue. It’s also designed to be energy-efficient, consuming only a few watts of power, which can save businesses considerable amounts of money on energy costs over time.

Pricing

The amount you will pay for this tool depends on the model you select and your desired configuration. The rates below are starting prices; your actual rate may vary based on your configuration. Note that all these items ship free to U.S. addresses.

  • VP2410 – 4x 1G Port Intel J4125: Starts at $329.
  • VP2420 – 4x 2.5G Port Intel J6412: Starts at $379.
  • FW4B – 4x 1G Port Intel J3160: Starts at $269.
  • FW4C – 4x 2.5G Port Intel J3710: Starts at $289.

Features

  • Solid-state and fanless tool.
  • Provides 2.5 GB ports unit.
  • AES-NI, VPN, and coreboot options.

Pros

  • A 30-day money-back guarantee.
  • Transparent pricing.
  • Coreboot support.
  • CPU supports AES-NI.

Cons

  • Steep learning curve.
OPNSense icon

OPNSense

Best for flexibility 

OPNsense is a free and open-source firewall and routing platform based on the FreeBSD OS. It was forked from the popular pfSense and m0n0wall project in 2014 and was officially released in January 2015.

OPNsense provides a modular design that allows users to easily add or remove functionality based on their needs. 

OPNsense is popular among IT professionals and network administrators who need a flexible and customizable firewall and routing platform that they can tailor to their specific needs. It’s also a good choice for small businesses and home users who want to improve their networks’ security without spending a lot of money on commercial solutions.

Pricing

OPNSense is a free, open source tool. It is available in two editions: Community edition and business edition. You can download the community version at no cost. For the business version, a one-year subscription costs $170.46 per year.

Features

  • High availability and hardware failover.
  • Intrusion detection and prevention.
  • Captive portal.
  • VPN (site-to-site and road warrior, IPsec, OpenVPN, and legacy PPTP support).
  • Built-in reporting and monitoring tools, including RRD Graphs.

Pros

  • Free, open source.
  • Traffic shaper.
  • Support for plugins.
  • Multi-language support, including English, Czech, Chinese, French, German, Italian, Japanese, Portuguese, Russian, and Spanish.

Cons

  • Reporting capability can be improved.
  • The interface can be improved.

Key features of SMB firewalls

Firewalls designed for SMBs share many of the same characteristics as their enterprise-grade cousins—such as firewall rule and policy configuration, content filtering, reporting and analytics—while placing additional emphasis on affordability and ease of use.

Firewall rules and policies

Administrators should be able to set up firewall rules and policies that control traffic flow and block or permit traffic based on various criteria, such as source/destination IP addresses, ports, and protocols. 

These rules and policies can be used to control the types of applications, services, and data that are allowed to traverse the network, as well as create restrictions on access. 

Firewall rules and policies are essential to the security of a network, as they provide the first line of defense against malicious attacks.

Content filtering

Content filtering is the process of blocking or restricting certain types of content from entering or leaving a network. It can be used to block websites, applications, or data that may contain malicious or unwanted content, such as malware, viruses, or pornographic material. 

Content filtering is typically implemented using a combination of hardware and software solutions. Hardware solutions, such as routers and switches, can be configured to block certain types of traffic or data or to restrict access to certain websites or applications. Software solutions, such as firewall rules and policies, can also be used to block or restrict certain types of content.

Reporting and analytics 

Reporting and analytics are essential for any business network, as they provide important insights into the health and security of the network. Firewall reporting and analytics features allow network administrators to identify trends, detect potential threats, and analyze the performance of the network over time.

Reporting and analytics can also be used to identify any areas of the network that may be vulnerable to attack, as well as identify any areas where the network may not be performing optimally.

Affordability

For SMBs, affordability is a key factor when it comes to purchasing a firewall. SMB firewalls are typically more affordable than enterprise firewalls and can be purchased for as little as a few hundred dollars, so it is important to consider your budget when selecting a firewall.

Some SMB firewalls offer additional features for a fee, so consider what features are necessary for your network and the ones you can do without, as this will help you decide on the most cost-effective firewall solution. At the same time, be careful not to cut corners—your business’s data is too important to be insufficiently protected.

Ease of use and support

For SMBs, finding a firewall solution that is easy to use and has good support is essential. Firewalls should be easy to configure and manage so the network administrator can quickly and easily make changes as needed.

Additionally, good support should be available for any issues or questions that arise. This support should include an online knowledge base and access to technical support staff that can assist with any questions or problems, ideally 24/7.

How to choose the best SMB firewall software for your business

When shopping for the best SMB firewall software for your business, look for software that offers the features you need, easy installation and management, scalability to grow with your business, minimal impact on network performance, and an affordable price.

It’s also important to choose a vendor with a good reputation in the industry, backed up by positive reviews and customer feedback.

Frequently asked questions (FAQs)

What is an SMB firewall?

An SMB firewall is a type of network security device that is designed specifically for small and medium-sized businesses. It’s used to protect networks from unauthorized access, malicious attacks, and other security threats.

What features should I look for in an SMB firewall?

Above all you need a solution with a strong security profile. Look for specific security measures such as:

  • Intrusion prevention
  • Content filtering
  • Malware protection
  • Application control
  • Traffic shaper 

Other factors to consider include ease of management, scalability, and cost.

Do small businesses need a firewall?

Yes, small businesses need a firewall. It provides an essential layer of network security that helps protect against unauthorized access, malware, and other security threats. Without a firewall, small businesses are vulnerable to attacks that could compromise sensitive data, cause network downtime, and damage their reputation.

How much does a firewall cost for SMBs?

The cost of an SMB firewall can vary widely depending on the features, capabilities, and brand of the firewall. Generally, SMB firewalls can range in price from a few hundred to several thousand dollars.

How many firewalls do you need for a small business?

The number of firewalls needed for a small business will depend on the size and complexity of the network. In many cases, a single firewall may be sufficient to protect the entire network. However, in larger networks, it may be necessary to deploy multiple firewalls to provide adequate protection.

Factors such as network segmentation, geographic location, and compliance requirements may also influence the number of firewalls needed. It’s best to consult with a network security expert to determine the appropriate number of firewalls for your small business.

Methodology

We analyzed dozens of SMB firewall software and narrowed down our list to the top ten. We gathered primary data—including pricing details, features, support, and more—from each tool provider’s website, as well as third-party reviews. We selected each software based on five key data points: security, ease of use, affordability, quality of service, and user satisfaction.

Bottom line: Choosing an SMB firewall

The solutions we evaluated are some of the best SMB firewalls currently available on the market. They are designed to provide SMBs with advanced security features, easy management, and scalability at affordable rates.

If your business is growing fast and you need an enterprise-grade network firewall solution, we also reviewed the best firewall software for enterprise networks.

Read our complete guide to designing and configuring a firewall policy for your organization, complete with a free, downloadable template.

Source :
https://www.enterprisenetworkingplanet.com/guides/best-firewalls-for-small-medium-business/

7 Best Firewall Software Solutions: 2023 Firewall Comparison

BY COLLINS AYUYA MAY 23, 2023

In the fast-paced realm of cyberspace where threats continue to multiply, firewall software represents a critical line of defense for businesses of all sizes.

Such programs function as digital gatekeepers, regulating the flow of inbound and outbound network traffic according to a set of rules defined by the user.

With the continued rise of data breaches, investing in the best firewall software isn’t a mere consideration; it’s a necessity.

That’s why we researched, analyzed, and selected the best firewall software solutions for 2023:

Best firewall software comparison

Before delving into each firewall software’s in-depth review, let’s take a quick overview of what each product offers via a comparison chart:

Comprehensive security suiteScalabilityUser-friendly interfaceRobust featuresCloud-based managementOpen-sourceStarting price
Norton$49.99 for 5 devices for the first year
FortiGate$250/year for home office
GlassWireFree, or $2.99/month/license
Cisco Secure Firewall Management CenterContact Cisco
pfSenseFree
Sophos FirewallContact Sophos
ZoneAlarmFree, or $22.95/year for 1 PC

Jump to:

Norton icon

Norton

Best for a comprehensive security suite

Norton is a household name in cybersecurity that has long been delivering top-tier firewall software that signifies its wealth of experience in the sector.

The standout attribute of Norton is its comprehensive security suite, going beyond basic firewall protection to incorporate a smart firewall and intrusion prevention system (IPS), antivirus capabilities, identity theft protection, and even a VPN offering.

All that adds up to a holistic solution for businesses desiring a single-stop security software.

Pricing

Norton’s Smart Firewall is included in Norton 360, whose pricing plans at the time of writing are:

  • Deluxe: $49.99 for the first year for 5 PCs, Macs, tablets, or phones.
  • Select + LifeLock: $99.99 for the first year for 10 PCs, Macs, tablets, or phones.
  • Advantage + LifeLock: $191.88 for the first year for 10 PCs, Macs, tablets, or phones.
  • Ultimate Plus + LifeLock: $299.88 for the first year for unlimited PCs, Macs, tablets, or phones.

Features

  • Advanced smart firewall with customizable rules, allowing businesses to modify access based on their specific needs, thus providing a higher level of personalized security.
  • Integrated VPN for safe browsing ensures users can access the internet securely without worrying about potential threats or privacy breaches.
  • Identity theft protection is another vital feature, which helps safeguard sensitive personal and business data from potential hackers.
  • SafeCam feature prevents unauthorized access to your webcam, thwarting any potential spying or privacy intrusions.
  • Automatic updates ensure that your protection is always up-to-date, reinforcing defenses against new and evolving threats.

Pros

  • Norton offers a comprehensive security suite, providing a broad spectrum of protective measures beyond the typical firewall, creating a fortified line of defense against a myriad of cyber threats.
  • The interface is easy to navigate, making the process of setting up and managing the firewall less complex and more user-friendly, even for those with limited technical knowledge.
  • It provides 24/7 customer support, ensuring that you’ll have access to assistance whenever you need it, regardless of the hour or day.

Cons

  • While perfect for small to mid-sized businesses, Norton might not be as scalable for larger businesses with a vast network of devices, potentially limiting its effectiveness in such an environment.
  • Depending on your requirements, the subscription can become expensive with add-ons, which might be a drawback for businesses on a tight budget.
Fortinet icon

Fortinet

Best for scalability

Fortinet is a well-regarded player in the cybersecurity arena and its firewall software exemplifies its commitment to delivering high-quality solutions. FortiGate, Fortinet’s firewall offering, is recognized for its advanced firewall solutions that are scalable and robust.

Particularly useful for growing businesses, FortiGate brings forward top-notch features that can effortlessly adapt to the needs of expanding network infrastructures.

Pricing

Fortinet offers a variety of solutions priced broadly to accommodate all business sizes—from $250 for home office to $300,000 for large enterprises. Contact Fortinet for accurate pricing information.

Features

  • FortiGate offers an advanced firewall with extensive protection against incoming threats, thus maintaining the security of your network.
  • With scalability at its core, FortiGate can adapt and grow along with your business, addressing increasing security demands seamlessly.
  • Smooth integration with other Fortinet security solutions, enabling a comprehensive security ecosystem for your business.
  • FortiGate Cloud-Native Firewall offers high resiliency to ease security delivery across cloud networks and availability zones at scale.
  • Automatic updates keep the firewall current and equipped to deal with the latest threats, ensuring your network’s protection remains robust.

Pros

  • Fortinet’s robust firewall features deliver comprehensive security for your network, providing the necessary defenses to ward off potential threats.
  • With a strong focus on scalability, Fortinet is an ideal choice for rapidly growing businesses that need a security solution to match their expanding network.
  • The software’s high-performance nature means that it delivers robust security without hampering your network’s speed or efficiency.

Cons

  • Despite (or because of) offering a wealth of features, Fortinet’s interface may not be as user-friendly as some other options, potentially causing difficulties for those without substantial technical knowledge.
  • While Fortinet offers a range of pricing options, the cost can quickly escalate for larger networks or when additional features are included, which may not suit budget-conscious businesses.
  • Pricing information is not transparent and requires negotiation. Your mileage may vary.
GlassWire icon

GlassWire

Best for user-friendly interface

GlassWire is an elegant and visually appealing firewall software that provides comprehensive network monitoring capabilities.

It uniquely combines a network monitor and firewall, offering users a clear visual representation of their network activity. This functionality helps users to understand their online behavior and potential threats in a way that’s easy to interpret.

Pricing

GlassWire offers a tiered pricing model:

  • Free: provides limited features, perfect for individual users or small businesses.
  • Premium: Starts at $2.99 per month per license, paid annually. Its premium tier plans suitable for business range between 10 and 200 licenses.

Features

  • Real-time and detailed visualization of your current and past network activity, offering an intuitive and easy-to-understand representation of what’s happening on your network.
  • Built-in firewall that allows users to easily monitor applications using the network and block any suspicious activity, providing a comprehensive network security solution.
  • A unique “Incognito” mode for users who do not want certain network activities to appear on the network graph, ensuring user privacy.
  • Firewall profiles to instantly switch between different environments, such as public and private networks.
  • The network time machine feature allows users to go back in time up to 30 days to see what their computer or server was doing in the past.

Pros

  • GlassWire offers a beautifully designed, user-friendly interface that presents complex network security information in a visually appealing and understandable way.
  • Its comprehensive network monitoring capability allows users to understand their online behavior, identify patterns and detect anomalies.
  • The software’s built-in firewall offers users the flexibility to control which applications can access the network, enhancing the overall security of their systems.

Cons

  • The software requires a moderate amount of system resources to run efficiently, which might be an issue for systems with limited resources.
  • Although GlassWire’s visualizations are beautiful and informative, some users may find them overwhelming and would prefer a more traditional interface.
Cisco icon

Cisco Secure Firewall Management Center

Best for centralized management and control

The Cisco Secure Firewall Management Center provides a comprehensive solution for centralized control and management of security policies. It enhances the overall efficiency of network administration by offering a unified platform to manage multiple Cisco security appliances.

Businesses that use a variety of Cisco security tools will find this a valuable addition to streamline operations and enhance control.

Pricing

Cisco Secure Firewall Management Center’s pricing depends on the scale of operations and the specific needs of a business. For detailed and customized pricing information, you can directly contact Cisco or its partners.

Features

  • A unified management console that can control a wide range of Cisco security appliances, reducing the complexity associated with managing multiple devices.
  • Advanced threat detection and analysis capabilities, enabling administrators to swiftly identify and respond to security incidents.
  • Flexible deployment options, including on-premises, virtual and cloud-based solutions, catering to various operational needs and preferences.
  • Comprehensive policy management, allowing administrators to efficiently establish and enforce security policies across their Cisco security infrastructure.
  • Integration with other Cisco security tools, such as Cisco Threat Response, provides a cohesive and powerful security solution.

Pros

  • The ability to manage multiple Cisco security appliances from a single platform is a significant advantage, especially for larger enterprises managing complex security infrastructures.
  • Cisco Secure Firewall Management Center offers advanced threat detection and analysis capabilities, aiding in swift and efficient incident response.
  • Its flexible deployment options cater to diverse operational needs, providing convenience and ease of setup to businesses of all sizes.

Cons

  • Although powerful, the platform may require a steep learning curve, particularly for those who are new to Cisco’s ecosystem.
  • Some users have reported a desire for more customization options within the management interface to meet their specific operational needs.
  • Pricing information is not transparent and requires negotiation. Your mileage may vary.
pfSense icon

pfSense: Best open source solution

pfSense is an open-source firewall software solution that is highly customizable, suitable for tech-savvy businesses that prefer having the flexibility to tailor their firewall to specific needs. It’s built on the FreeBSD operating system, offering a comprehensive range of features for network management and security.

Pricing

As an open-source platform, pfSense is free to download and use. However, Netgate, the company behind pfSense, offers paid support and services, including hardware solutions integrated with pfSense software.

Features

  • A wide array of networking functionalities, including firewall, VPN, and routing services, ensuring comprehensive network protection.
  • Being open-source, it offers extensive customization options, allowing businesses to tailor the software to their specific needs.
  • Supports a large selection of third-party packages for additional features, granting more flexibility in expanding its capabilities.
  • Detailed network monitoring and reporting tools, allowing for granular insight into network traffic and potential security threats.
  • It has a community-backed development model, ensuring continuous improvements and updates to its features.

Pros

  • pfSense’s open-source nature allows for extensive customization, giving businesses control over how they want to configure their firewall.
  • The software provides a comprehensive set of features, ensuring thorough network protection and management.
  • Its support for third-party packages allows for the addition of further functionalities, enhancing its overall capabilities.

Cons

  • The configuration of pfSense can be quite complex, particularly for users without a strong technical background, which could pose a challenge for some businesses.
  • The user interface, while functional, may not be as polished or intuitive as some commercial firewall solutions.
  • As with many open-source projects, while there’s a supportive community, professional customer service might not be as accessible as with commercial solutions.
Sophos icon

Sophos Firewall

Best for cloud-based management

Sophos Firewall brings a fresh approach to the way you manage your firewall and how you can detect and respond to threats on your network.

Offering a user-friendly interface and robust features, this product provides businesses with an effective and efficient solution for their network security needs. It’s a versatile solution that not only offers traditional firewall capabilities but also integrates innovative technologies to ensure all-round security.

Pricing

Sophos does not publicize pricing information, because their solutions are provided by resellers and can vary depending on the business’s size, needs, and location. You can contact them directly for accurate pricing information.

Features

  • All-in-one solution by integrating advanced threat protection, IPS, VPN, and web filtering in a single comprehensive platform, thereby providing robust security for your network.
  • Deep learning technology and threat intelligence, both of which work in synergy to identify and respond to threats before they can cause damage, offering advanced protection against malware, exploits, and ransomware.
  • User-friendly interface that simplifies configuration and management tasks, making it easier for users to set up security policies and monitor network activities.
  • Synchronized Security technology that facilitates communication between your endpoint protection and your firewall, creating a coordinated defense against cyber threats.
  • The Sophos Firewall comes with an effective cloud management platform, allowing administrators to remotely manage the system, configure settings, and monitor network activity.

Pros

  • A user-friendly interface that simplifies the process of setting up and managing network security policies, making it suitable for businesses with limited technical expertise.
  • It integrates advanced protection capabilities, such as threat intelligence and deep learning technology, to provide robust defense against sophisticated cyber threats.
  • This firewall software’s unique Synchronized Security feature offers a coordinated and automated response against threats, enhancing the overall effectiveness of your network security.

Cons

  • Some users have reported that while the user interface is intuitive, it might take some time to navigate due to the depth of features available.
  • The initial setup and configuration might require technical expertise, although Sophos provides comprehensive resources and customer support to guide users.
  • Although Sophos’ site advertises “Simple Pricing,” their costs are not in fact transparent and will require negotiating a quote. Your mileage may vary.
ZoneAlarm icon

ZoneAlarm

Best for personal use

ZoneAlarm is an excellent choice for personal use and small businesses due to its simplicity and effectiveness.

With a robust set of features and an intuitive interface, it provides robust protection without requiring extensive technical knowledge. Its reputation as a reliable firewall solution makes it an attractive choice for users seeking to safeguard their systems from various threats.

Pricing

ZoneAlarm offers both free and premium versions of their firewall software. The free version provides basic protection, while the Pro Firewall version, which comes at a yearly subscription fee starting from $22.95 for 1 PC, offers advanced features such as zero-day attack protection and full technical support.

Features

  • Robust two-way firewall protection, preventing unauthorized access to your network while also stopping malicious applications from sending out your data.
  • Advanced privacy protection feature that protects your personal information from phishing attacks.
  • Unique ID Lock feature that keeps your personal information safe.
  • ZoneAlarm boasts an Anti-Phishing Chrome Extension that detects and blocks phishing sites, protecting your information online.
  • The premium version offers advanced real-time antivirus protection, ensuring that your system is continuously protected from threats.

Pros

  • ZoneAlarm offers a straightforward interface and setup process, making it an ideal choice for users who lack advanced technical skills.
  • The software provides a comprehensive suite of features, including robust firewall protection, advanced privacy tools and real-time antivirus capabilities.
  • ZoneAlarm’s ID Lock feature is a standout, helping to ensure the security of personal data.

Cons

  • While ZoneAlarm offers robust features, its protection level may not be adequate for large enterprises or businesses with complex network architectures.
  • Some users have reported that the software can be resource-intensive, potentially slowing down system performance.

Key features of firewall software

When choosing the best firewall software for your business, there are key features you should consider. These range from the extent of the security suite to scalability and cloud-based management, all of which play a significant role in how effectively the software will serve your needs.

Comprehensive security suite

A comprehensive security suite is more than just a basic firewall. It includes additional layers of security like antivirus capabilities, identity theft protection, and a VPN.

The best firewall software solutions should deliver this kind of comprehensive coverage, protecting against a wide variety of threats and helping you maintain the security of your entire network. Norton, Cisco, and Sophos firewalls excel in this area.

Scalability

Scalability is particularly important for businesses that are growing or plan to grow. As the size of your network increases, your security needs will change and become more complex.

Firewall software like FortiGate and pfSense are designed with scalability in mind, allowing them to adapt to the increasing security demands of your expanding network.

User-friendly interface

A user-friendly interface is crucial, especially for those who may not have a lot of technical expertise. Firewall software should be easy to navigate and manage, making the process of setting up and adjusting the firewall less daunting.

Norton excels in this area, with an intuitive interface that is straightforward to use. GlassWire, while not as intuitive, also offers an attractive and convenient interface.

Robust features

Having robust features in firewall software is key to ensuring comprehensive protection. This includes an advanced firewall with extensive customizable rules, IPS, and threat detection capabilities.

The most robust firewall solutions include Norton, FortiGate, Cisco, and Sophos, as well as pfSense, although you’ll have to do some legwork to program the latter in particular.

Cloud-based management

Cloud-based management is a significant advantage in today’s digital landscape. It allows for the remote configuration and monitoring of your firewall, making it easier to manage and adjust as needed. This feature is particularly beneficial for businesses with remote workers or multiple locations.

Norton, FortiGate, Cisco, Sophos, and ZoneAlarm all provide this capability.

Advanced firewall protection

Advanced firewall protection includes capabilities like deep packet inspection, which examines data packets to detect malware that could otherwise bypass standard firewalls. This kind of advanced protection is vital to secure your network from sophisticated threats. Most of the firewalls in this list offer advanced, next-generation capabilities.

Integration

Integration capabilities are crucial as they allow your firewall software to work in harmony with other security solutions you might have in place. Cisco firewalls, as you might expect, integrate seamlessly with other Cisco solutions, but can falter when trying to integrate with third-party solutions. On the other hand, thanks to its open-source nature, pfSense can be configured to integrate very broadly.

By considering these features when choosing your firewall software, you can ensure that you select a solution that meets the specific needs of your business, provides comprehensive protection and offers room for growth and adaptation as your business evolves.

Benefits of working with firewall software

Employing robust firewall software within your network infrastructure brings along a myriad of benefits that contribute to the overall security and efficiency of your business operations, from enhanced network security and data protection to reduced downtime and regulatory compliance.

Enhanced network security

Perhaps the most fundamental advantage of using firewall software is the enhanced network security it provides. Firewall software acts as the first line of defense against potential threats, including hackers, viruses, and other cyberattacks.

By monitoring and controlling incoming and outgoing network traffic based on predetermined security rules, firewall software ensures that only safe connections are established, thus protecting your network.

Data protection

With the increasing incidence of data breaches and cyber theft, data protection is more crucial than ever. Firewall software plays a pivotal role in safeguarding sensitive data from being accessed or stolen by unauthorized users.

By blocking unauthorized access, it ensures the safety of important information and reduces the risk of data breaches.

Traffic management

Firewall software is not only about protection but also about managing and optimizing the network traffic. Features like bandwidth management can be leveraged to allocate network resources effectively and ensure the smooth functioning of your online operations.

Real-time security updates

With the constantly evolving threat landscape, maintaining up-to-date security measures is vital. Firewall software frequently receives real-time security updates, which help to protect your network against the latest threats. This ensures that your network remains secure against even the most recent forms of cyberattacks.

Reduced downtime

Downtime can be a significant issue for any business, leading to financial losses and damage to reputation. By proactively identifying and preventing potential threats, firewall software can significantly reduce the risk of system outages, leading to increased uptime and reliability.

Scalability

As your business grows, so does the complexity and the scope of your network. Scalable firewall software grows with your business, adjusting to the increased demands and providing consistent protection despite the expanding network size. This makes it a cost-effective solution that can support your business in the long term.

Regulatory compliance

Many industries have regulations in place requiring businesses to protect sensitive data. Firewall software helps meet these regulatory requirements by providing robust security measures that prevent data breaches and protect client and customer information.

Incorporating firewall software into your network infrastructure is a critical step towards securing your business in an increasingly digital world. The benefits it offers are invaluable, providing not just enhanced protection, but also efficiency and adaptability that can significantly contribute to your business’s success.

How to choose the best firewall software for your business

Choosing the best firewall software for your business involves a careful examination of your specific needs and security requirements. 

  • Size and security level: The size and nature of your business, the sensitivity of your data, and the extent of your network operations are crucial factors that determine what kind of firewall software will be the most beneficial.
  • Comprehensive features: Moreover, you should consider firewall solutions that offer a comprehensive suite of security features, such as VPN services, antivirus protection, and advanced threat detection capabilities.
  • Scalability: The scalability of a firewall software solution is important, particularly for growing businesses. Opt for software that can seamlessly adapt to the expanding needs of your network, providing reliable protection irrespective of your business size.
  • Interface: Unless you have a robust, well-trained IT department, the interface of your chosen software will need to be user-friendly and easily manageable, even for those with minimal technical expertise.
  • Cloud-based management: Features that allow for remote configuration and monitoring are highly beneficial in the current era of remote work. These features offer the flexibility of managing your network’s security from any location, improving overall efficiency.
  • Integration: Your chosen software should integrate smoothly with your existing security infrastructure to create a comprehensive, effective security system.
  • Support: Solid customer support from the vendor is also crucial to navigating any issues that may arise during setup or throughout the software’s lifespan.

Choosing firewall software is an investment in your business’s security, so take the time to evaluate each option thoroughly.

Frequently Asked Questions (FAQs)

Who should use firewall software?

Any individual, business, or organization that uses a network or the internet should consider using firewall software. Whether you’re a small business owner, a large corporation, or a home user, a firewall can provide essential protection against unauthorized access and various cyber threats.

Where are firewalls located on a network?

Firewalls are typically located at the edge of a network, serving as a barrier between a trusted internal network and an untrusted external network, such as the internet. They can also be positioned between different parts of an organization’s networks to control access.

Are there any downsides to using a firewall?

While firewalls are essential for network security, they can occasionally block legitimate traffic if the security settings are too restrictive. Additionally, managing and maintaining a firewall can require technical expertise. However, the benefits of using a firewall far outweigh these potential challenges.

How often should a firewall be updated?

Firewall software should be updated regularly to ensure it can protect against the latest threats. Many firewall providers release updates regularly and many firewalls are set to update automatically. However, it’s a good idea to check for updates manually periodically to ensure your firewall is up-to-date.

What is firewall software’s role in regulatory compliance?

For many businesses, especially those in regulated industries like healthcare or finance, firewall software plays a critical role in meeting compliance requirements. Regulations like the Health Insurance Portability and Accountability Act (HIPAA) or the General Data Protection Regulation (GDPR) require robust data protection measures, which includes network security provided by a firewall.

Can firewall software protect against all cyber threats?

While firewall software provides a strong layer of protection, it’s not a panacea for all cyber threats. Some sophisticated threats, like targeted phishing attacks or insider threats, require additional security measures. It’s essential to have a comprehensive security strategy in place that includes firewall software, antivirus software, strong access controls, and user education about safe online practices.

Methodology

To deliver this list, we based our selection on an examination of firewall software features and overall reputation in addition to their ease of use, quality of customer support, and value for money.

This information is available in user reviews as well as official product pages and documentation. Nonetheless, we encourage you to conduct your own research and consider your unique requirements when choosing a firewall software solution.

Bottom line: Choosing the best firewall software for your business

The evolving threat landscape necessitates a robust and reliable firewall solution for both personal use and businesses of all sizes. Based on the products listed, it’s evident that several excellent options exist in the market, each with its own unique strengths and capabilities.

Choosing the best firewall software ultimately depends on your requirements, the nature of the network environment, and the budget at hand. It’s essential to consider each product’s features, pros, and cons, and align them with your individual or business needs.

The chosen solution should provide comprehensive protection, be user-friendly, and ideally offer scalability for future growth. Whether it’s for personal use or to protect a multilayered enterprise network, there’s a firewall solution out there that fits the bill.

Also see

Firewalls come in all shapes and sizes. Here’s a look at eight different types of firewalls.

We also did a review of the best firewalls for small and medium-sized businesses.

And once you’ve selected your firewall, make sure you define and implement a clear, strong firewall policy to back it up—as well as setting robust firewall rules to govern the software.

Source :
https://www.enterprisenetworkingplanet.com/guides/best-firewall-software/

7 Best Firewall Solutions for Enterprises in 2023

BY AMINU ABDULLAHI MAY 26, 2023

Enterprise firewall software is an essential component of network security infrastructure for organizations. These firewalls are designed to provide high availability and scalability to meet the needs of large and complex networks because they can handle high traffic volumes and accommodate the growth of network infrastructure.

By exploring the following top firewall solutions, enterprises can make an informed decision to fortify their network defenses and safeguard critical assets from ever-evolving cyber threats.

Best firewall solutions for enterprises: Comparison chart

Best for DLP capabilityURL filteringReportingIntegration with third party solutionDNS filteringStarting price
Palo Alto NetworksOverallAvailable on request
Check Point QuantumConnected devicesAvailable on request
Fortinet FortiGateFlexibility and scalabilityAvailable on request
Juniper NetworksLogging and reporting capabilityAvailable on request
Cisco Secure FirewallCentralized managementAvailable on request
ZscalerBusinesses with cloud network infrastructure$72 per user per year
pfSenseOpen source$0.01 per hour

Jump to:

Palo Alto Networks icon

Palo Alto Networks

Best overall enterprise firewall

Palo Alto is a leading network security provider of advanced firewall solutions and a wide range of network security services.

The company offers various firewall solutions for various enterprise use cases, including cloud next generation firewalls, virtual machine series for public and private clouds, container series for Kubernetes and container engines like Docker, and its PA-series appliances designed for data centers, network edge, service providers, remote branches and retail locations, and harsh industrial sites.

These firewalls provide enhanced visibility, control, and threat prevention capabilities to protect networks from various cyber threats, including malware, viruses, intrusions, and advanced persistent threats (APTs).

Pricing

Palo Alto doesn’t advertise its product pricing on its website. Our research found that the Palo Alto PA-series price range from $2,900 to $200,000 (more or less). To get the actual rates for your enterprise, contact the company’s sales team for custom quotes.

Standout features

  • Advanced threat prevention.
  • Advanced URL filtering.
  • Domain name service (DNS) security.
  • Medical IoT security.
  • Enterprise data loss prevention (DLP).
  • Up to 245 million IPv4 OR IPv6 sessions.

Pros

  • Provides visibility across IoT and other connected devices.
  • Provides visibility across ​​physical, virtualized, containerized and cloud environments.
  • Offers a variety of products for different business sizes, from small businesses to large enterprises.
  • Easy-to-navigate dashboard and management console.

Cons

  • Complex initial setup.
  • Some users reported that the Palo Alto license is pricey.
Check Point icon

Check Point Quantum

Best for connected devices

Check Point is an Israeli multinational company that develops and sells software and hardware products related to network, endpoint, cloud, and data security.

Check Point Quantum is designed to protect against advanced cyber threats, targeting Gen V cyber attacks. This solution encompasses various components to safeguard networks, cloud environments, data centers, IoT devices, and remote users.

Check Point’s SandBlast technology employs advanced threat intelligence, sandboxing, and real-time threat emulation to detect and prevent sophisticated attacks, including zero-day exploits, ransomware, and advanced persistent threats.

Pricing

Check Point does not publicly post pricing information on its website. Data from resellers shows that Check Point products can range from around $62 for a basic solution to over $50,000 for an enterprise-level solution. Contact the Check Point sales team for your actual quotes.

Standout features

  • URL filtering.
  • DLP.
  • Full active-active redundancy.
  • Zero-trust protection for IoT devices.
  • Check Point Quantum protects against GenV attacks.
  • Advanced threat protection.

Pros

  • 24/7 customer service and support.
  • Easy to setup and use.
  • Management platform with automation features.
  • Sandblast protection for testing malware.

Cons

  • Users reported that the Check Point firewall is expensive.
  • Documentation can be improved.
Fortinet icon

Fortinet FortiGate

Best for flexibility and scalability

Fortinet offers various firewall products for different organization sizes, from home offices to large enterprises.

The FortiGate 7000 series (FG-7121F, FG-7081F, FG-7081F-2, FIM-7921F, FIM-7941F, and FPM-7620F) is an enterprise firewall product that provides high-performance network security. It is designed for organizations with high network traffic volumes and that have to manage large network infrastructures.

This firewall series is powered by a Security Processing Unit (SPU) of up to 520Gbps and also includes the latest NP7 (Network Processor 7) and CP9 (Content Processor 9).

Pricing

Fortinet’s FortiGate firewall tool pricing is available upon request. Pricing will depend on various factors, including the size of the network, the number of users, and the types of security features needed. Contact a Fortinet representative for pricing and product information.

Standout features

  • Protects IT, IIoT, and OT devices against vulnerability and device-based attack tactics.
  • FortiGate 7000F series provides NGFW, segmentation, secure SD-WAN, and mobile security for 4G, 5G, and IoT.
  • Offers various types of firewalls, including container firewalls, virtual firewalls and hardware firewall appliances.
  • Zero Touch Integration with Fortinet’s Security Fabric Single Pane of Glass Management.

Pros

  • Integrations with over 500 third-party services.
  • AI-powered capabilities.
  • Users reported that the tool is user-friendly.

Cons

  • Support can be improved.
  • Its reporting feature can be improved.
Juniper Networks icon

Juniper Networks

Best for logging and reporting capability

Juniper Networks’ firewall helps enterprises protect their network edge, data center, and cloud applications.

The company is also known for its Junos operating system (OS), a scalable network OS that powers Juniper Networks devices. Junos provides advanced routing, switching, and security capabilities and allows for seamless integration with third-party software and applications.

Juniper Networks vSRX virtual firewall provides enhanced security for Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, IBM Cloud, and Oracle Cloud environments, while its cSRX Container Firewall offers advanced security services to secure applications running in containers and microservices. The company’s SRX firewalls series is designed for various organization sizes, from small to large enterprises.

Pricing

Juniper Network pricing is available on request. However, they offer different license methods, including Pay-As-You-Go (PAYG) and Bring-Your-Own-License (BYOL) options for public clouds. Contact the company’s sales team for custom quotes.

Standout features

  • Juniper Network has various types of firewalls, including container firewalls, virtual firewalls and hardware firewall appliances.
  • Public cloud workload protection, including AWS, Microsoft Azure, and Google Cloud Platform.
  • Logging and reporting capability.
  • Supports VMware ESXi, NSX, and KVM (Centos, Ubuntu).

Pros

  • Advanced threat prevention capability.
  • Deployable on-premises and cloud environments.

Cons

  • Support can be improved.
  • Users report that some Juniper Networks firewall products are expensive.
Cisco icon

Cisco Secure Firewall

Best for centralized management

Cisco Secure Firewall combines firewall capabilities with advanced security features to protect networks from various threats, including unauthorized access, malware, and data breaches.

Cisco Secure Firewall integrates with Cisco Talos, a threat intelligence research team. This collaboration enables the firewall to receive real-time threat intelligence updates, enhancing its ability to identify and block emerging threats.

Cisco Secure Firewall can be centrally managed through Cisco Firepower Management Center (FMC). This management console provides a unified interface for configuration, monitoring, and reporting, simplifying the administration of multiple firewalls across the network.

Pricing

Contact Cisco’s sales team for custom quotes.

Standout features

  • IPS to protect against known threats.
  • Web filtering.
  • Network segmentation.
  • Centralized management.

Pros

  • Provides comprehensive visibility and control.
  • Efficient support team.
  • Highly scalable tool.

Cons

  • Support can be improved.
  • Complex initial setup.
Zscaler icon

Zscaler

Best for businesses with cloud network infrastructure

The Zscaler firewall provides cloud-based security for web and non-web traffic for all users and devices. Zscaler inspects all user traffic, including SSL encrypted traffic, with elastically scaling services to handle high volumes of long-lived connections.

One of the key advantages of Zscaler’s cloud-based approach is that it eliminates the need for on-premises hardware or software installations. Instead, organizations can leverage Zscaler’s infrastructure and services by redirecting their internet traffic to the Zscaler cloud. This makes scaling and managing security easier across distributed networks and remote users.

Pricing

Zscaler doesn’t advertise its rates on its website. However, data from resellers shows that its pricing starts from about $72 per user per year. For your actual rate, contact the Zscaler sales team for quotes.

Standout features

  • Centralized policy management.
  • Fully-integrated security services.
  • Real-time granular control, logging, and visibility.
  • User-aware and app-aware threat protection.
  • Adaptive IPS security and control.
  • File transfer protocol (FTP) control and network address translation (NAT) support.

Pros

  • Easy to use and manage.
  • AI-powered cyberthreat and data protection services.
  • Always-on cloud intrusion prevention system (IPS).
  • AI-powered phishing and C2 detection.

Cons

  • Complex initial setup.
  • Documentation can be improved.
pfSense icon

pfSense

Best open-source firewall

pfSense is an open-source firewall and routing platform based on FreeBSD, an open-source Unix-like OS. It is designed to provide advanced networking and security features for small and large networks.

pfSense can be deployed as a physical appliance or as a virtual machine. pfSense offers many capabilities, including firewalling, VPN connectivity, traffic shaping, load balancing, DNS and DHCP services, and more.

Pricing

For pfSense cloud:

  • pfSense on AWS: Pricing starts from $0.01 per hour to $0.40 per hour.
  • pfSense on Azure: Pricing starts from $0.08 per hour to $0.24 per hour.

For pfSense software:

  • pfSense CE: Open source version available to download for free.
  • pfSense+ Home or Lab: Available at no cost for evaluation purposes only.
  • pfSense+ W/TAC LITE: Currently available at no charge, but the vendor may increase the rate to $129 per year in the future. 
  • pfSense+ W/TAC PRO: $399 per year.
  • pfSense+ W/TAC ENT: $799 per year.

pfSense offers three hardware appliances tailored to the needs of large enterprises.

  • Netgate 8200: Cost $1,395. It has 18.55 Gbps IPERF3 and 5.1 Gbps IMIX traffic speed.
  • Netgate 1537: Cost $2,199. It has 18.62 Gbps(10k ACLs) IPERF3 and 10.24 Gbps (10k ACLs) IMIX traffic speed.
  • Netgate 1541: Cost $2,899. It has 18.64 Gbps(10k ACLs) IPERF3 and 12.30 Gbps(10k ACLs) IMIX traffic speed.

Standout features

  • NAT mapping (inbound/outbound).
  • Captive portal guest network.
  • Stateful packet inspection (SPI).

Pros

  • Free open-source version.
  • Community support.
  • Anti-spoofing capability.

Cons

  • Steep learning curve for administrators with limited experience.
  • GUI is old-fashioned and could be simplified.

Key features of enterprise firewall software

There’s a wide variety of capabilities that enterprise firewall software can provide, but some of the key features to look for include packet filtering, stateful inspection, application awareness, logging and reporting capabilities, and integration with your existing security ecosystem.

Packet filtering

Firewall software examines incoming and outgoing network packets based on predefined rules and policies. It filters packets based on criteria such as source/destination IP addresses, ports, protocols, and packet attributes. This feature enables the firewall to block or allow network traffic based on the configured rules.

Stateful inspection

Enterprise firewalls employ stateful inspection to monitor network connections’ state and analyze traffic flow context. By maintaining information about the state of each connection, the firewall can make more informed decisions about which packets to allow or block.

Application awareness 

Modern firewall software often includes application awareness capabilities. It can identify specific applications or protocols within network traffic, allowing organizations to enforce granular policies based on the application or service used. This feature is handy for managing and securing web applications and controlling the use of specific services or applications.

Logging and reporting

Firewall software logs network events, including connection attempts, rule matches, and other security-related activities. Detailed logging enables organizations to analyze and investigate security incidents, track network usage, and ensure compliance with regulatory requirements. Reporting capabilities help generate comprehensive reports for auditing, security analysis, and compliance purposes.

Integration with the security ecosystem

Firewall software is typically part of a broader security ecosystem within an organization. Integration with other security tools and technologies, such as antivirus software, threat intelligence platforms, Security Information and Event Management (SIEM) systems, and network access control (NAC) solutions, allows for a more comprehensive and coordinated approach to network security.

Benefits of working with enterprise firewalls

Key advantages of enterprise firewall solutions include enhanced network security, threat mitigation, and access control, as well as traffic analytics data.

  • Network security: Firewalls act as a protective barrier against external threats such as unauthorized access attempts, malware, and other malicious activity. Enforcing access control policies and modifying network traffic helps prevent unauthorized access and protect critical data.
  • Threat mitigation: By combining intrusion prevention techniques, deep packet monitoring, and threat intelligence, a firewall can detect and block suspicious traffic, reducing the risk there that the network will be corrupted and damaged so
  • Access control: Firewall software allows administrators to restrict or allow access to network resources, applications, and services based on specific user roles, departments, or needs. This ensures that only authorized people or systems can access the screen and its accessories.
  • Traffic data and analytics: In addition to protecting your network, firewalls can also provide granular information about traffic and activity passing through your network, as well as its overall performance.

How do I choose the best enterprise firewall solution for my business?

When choosing the best enterprise firewall software for your business, consider the following factors.

  • Security: Assess your organization’s specific security needs and requirements.
  • Features: Evaluate the features and capabilities of firewall solutions, such as packet filtering, application awareness, intrusion prevention, VPN support, centralized management, and scalability. Consider the vendor’s reputation, expertise, and support services.
  • Compatibility: Ensure compatibility with your existing network infrastructure and other security tools.
  • Hands-on tests: Conduct a thorough evaluation of different firewall solutions through demos, trials, or proofs of concept to assess their performance, ease of use, and effectiveness in meeting your organization’s security goals.
  • Total cost of ownership (TCO): Consider the cost, licensing models, and ongoing support and maintenance requirements.

By considering these factors, you can make an informed decision and select the best enterprise firewall software that aligns with your business needs and provides robust network security.

Frequently Asked Questions (FAQ)

Is an enterprise firewall different from a normal firewall?

Although they share many characteristics, an enterprise firewall is not the same as a consumer-grade firewall. Enterprise firewalls are designed to meet large organizations’ security needs and network infrastructure challenges. They are robust, scalable, and can handle high network traffic volumes and sophisticated threats, compared to generic firewalls for home or small office environments.

What is the strongest type of firewall?

A firewall’s strength depends on various factors, and no universally dependable firewall exists. A firewall’s effectiveness depends on its materials, configuration, and how well it fits into the organization’s security needs. 

That said, next-generation firewalls (NGFWs) provide improved security capabilities and are often considered the ideal firewall solution in today’s enterprise. NGFWs combine traditional firewall features with additional functionality such as application awareness, intrusion prevention, deep packet monitoring, and user-based policies. They provide advanced protection against modern threats with greater visibility and control over network traffic.

How do you set up an enterprise firewall?

Setting up an enterprise firewall involves several steps:

  1. Determine your network topology.
  2. Define security policies.
  3. Plan firewall placement.
  4. Configure firewall rules.
  5. Implement VPN and remote access.
  6. Test and monitor firewall performance.
  7. Perform regular updates and maintenance.

We recommend engaging network security experts or reviewing vendor documentation and support materials for specific guidance in installing and configuring your enterprise firewall.

Methodology

The firewall solutions mentioned in this guide were selected based on extensive research and industry analysis. Factors such as industry reputation, customer reviews, infrastructure, and customer support were considered.

We also assessed the features and capabilities of the firewall solutions, including packet filtering, application awareness, intrusion prevention, DLP, centralized management, scalability, and integration with other security tools.

Also see

If you’re not sure one of the firewalls included here is right for your business, we also determined the best firewalls for SMBs, as well as the best software-based firewalls.

And once your firewall is in place, don’t neglect its maintenance. Here are the best firewall audit tools to keep an eye on its performance.

Source :
https://www.enterprisenetworkingplanet.com/security/enterprise-firewalls/

A Step-by-Step Guide to Export Office 365 Mailbox to PST

April 26, 2023 Thiraviam

As an organization admin, you may encounter situations such as users leaving their position or migrating to another mail service, etc. In such circumstances, you need to export Office 365 mailbox to PST and store them offline for investigation purposes. You can accomplish this in Office 365 without depending on any external third-party tools. You can export individual mailboxes or entire exchange mailboxes as an eDiscovery admin through the Microsoft Purview compliance portal. 

This guide will walk you through the steps to export Office 365 mailboxes to PST format using eDiscovery and PowerShell.  

Why Do We Need to Export Exchange Online Mailbox to PST?

PST stands for Personal Storage Table file format used by Microsoft Outlook to store email messages, contacts and calendar entries. When you back up your email mailbox to a PST file, that will be saved on your computer. 

Here are some reasons why PST files are commonly used for exporting Office 365 mailbox data: 

Compatibility: PST files can be opened and accessed by a variety of email clients, including Outlook and some third-party email clients. This makes it easy to share data with others or to access your data from different devices. 

Portability: PST files are small in size and can be easily transferred to a different location, such as a hard drive, USB drive, or cloud storage. This makes it easy to create backups of your mailbox data or to move your data to a different computer. 

Offline Access: PST files can be accessed even when you are not connected to the internet, making it easy to access your email messages and other data when you are on the go. 

Organization: PST files allow you to organize your email messages, contacts, and other data into folders, making it easy to find and retrieve specific items. 

Steps to Export Office 365 Mailbox to PST

As an Office 365 admin you can get the Exchange Online mailboxes and their details by exporting them to PST with eDiscovery admin permission. You need to follow the steps listed below. 

  1. Assign eDiscovery administrator 
  2. Content search to export Office 365 mailbox 
  3. Export Office 365 mailbox to PST 
  4. Download exported PST file from Office 365 mailbox

Assign eDiscovery Administrator 

To export Office 365 mailboxes, you must be an eDiscovery Administrator. By default, this role is not assigned to a global administrator. Follow the steps to assign user(s) to eDiscovery admin role.  

  1. Login to the Microsoft Purview compliance portal with your global administrator account. 
  2. Navigate to ‘Roles & Scopes’ tab and select ‘Permissions’ option. 
  3. Select ‘Roles’ under ‘Microsoft Purview Solutions’ category.                                                                                                                                                                                                                  Assign Permissions eDiscovery Admin
  4. Click on ‘eDiscovery Manager’ role and select ‘Edit’ option in the popup window.                                                                                                 eDiscovery Role Management
  5. Navigate to ‘Manage eDiscovery Administrator’ page by clicking on ‘Next’ button.                                                                                               Manage eDiscovery Manager
  6. Select ‘Choose users’ and select the user(s) who you want to make as eDiscovery admin. Then click on the ‘Select’ button in the popup and select ‘Next’ button.                                                                                                                                                                                           Manage eDiscovery Administrator
  7. Finally, click ‘Save’ on the ‘Review and finish’ page.                                                                                                                                                     eDiscovery Admin Review and Finish Page

In Office 365, before exporting a mailbox, it’s necessary to perform a content search that collects all the mail of the specified user(s) or all the contents of a mailbox. Once you complete the search, you can use the Export option to export the results to a PST file.

Note: An informational alert will trigger, and you will receive mail when an eDiscovery search started or exported. 

  1. Login to the Microsoft Purview compliance portal with the user account with which you have assigned an eDiscovery Administrator role.  
  2. Go to ‘Content search’ tab in the solutions menu and click on ‘New Search’ option.                                                                                      Content Search to Export Office365 Mailbox to PST
  3. Type the preferred name and description in the ‘Name and description’ page and click on ‘Next’.
  4. Turn ‘Exchange mailboxes’ on and click on ‘Choose users, groups, or Teams’ to select the users from the list.                                                                                                                                                                                                       Choose Users, Groups, or Teams for Content Search
  5. Select the required users whose mailbox is to be exported or leave this option to export all user’s mailboxes and click on the ‘Next’ button. 
  6. Leave the conditions empty if you want to export the complete mailbox and click on ‘Next’. You can also define your conditions if you want filtered results.   
  7. Check the details in ‘Review your search’ page and click on ‘Submit’. 
  8. A message ‘New search created. Soon you will be able to review estimates and preview results for your search’ will show in the portal.
  9. Click on ‘Done’ and wait for the status to change to ‘Completed’ in the content search page.                                                                                                                                                                                                                                                                                             Content Search Status

Note: The waiting time may differ with respect to the size of the mailboxes you have performed a content search. 

You can also perform Content search using the PowerShell with ‘New-ComplianceSearch cmdlet. First, connect to the compliance center ‘Connect-IPPSSession‘ cmdlet. 

Connect-IPPSSession

Now run the cmdlet below by providing the name for the content search and Exchange location that you want to do content search. 

New-ComplianceSearch <SearchName> -ExchangeLocation <UPN>| Start-ComplianceSearch

Export Office 365 Mailbox to PST 

Once you have successfully created a mailbox content search, the next step is to export the search results. To do this, simply follow the steps below, which will guide you through the process.  

  1. Click on the content search ‘Mailbox Export’ that you have created in the previous steps. 
  2. Select ‘Actions’ and choose ‘Export results’.                                                                                                                                                                               Export Office 365 Mailbox to PST
  3. Select the appropriate ‘Output options’ and the ‘Export Exchange Content as’ options. Then click on ‘Export’. If you are not sure about the options, leave it as default.                                                                                                                                                                        PST Export Results Options
  4.  A message box with a message “A job has been created” is displayed. Click on ‘OK’. It will take some time to complete the export. 

You can also perform export using the PowerShell with ‘New-ComplianceSearchAction cmdlet. 

Run the below cmdlet with the content search name to export the mailbox. 

New-ComplianceSearchAction <SearchName> -Export -Format Fxstream
Content Search Using PowerShell

 You can also get the properties related to the export by using the following cmdlet. 

Get-ComplianceSearchAction "<SearchName>_export" -IncludeCredential | FL 

Download Exported PST File From Office 365 Mailbox  

With the help of Microsoft Office 365 eDiscovery Export Tool, you can download the exported mailbox results as a PST file. 

Note:  It’s important to note that this can only be done using the Microsoft Edge browser.

  1. Make sure that the status of the export is completed by clicking on the export job name in the ‘Export’ tab.                                                                                                                                                                                                                                                                  Mailbox Export Status Check
  2. Copy the ‘Export key’ by clicking on the ‘Copy to clipboard’ option and click on the ‘Download results’ option.                                                                                                                                                                                                                                                         Download Exported Results
  3. If this is the first time you are downloading a .pst file, you are prompted to install Microsoft Office 365 eDiscovery Export Tool. If you have already installed, skip this step and go to the next step. 
  4. Click ‘Open’ button in the upcoming popup and paste the export key.                                                                                                                    Permission to Open the Exported PST File
  5. Select the required location to store the download file by clicking on the ‘Browse’ button and click ‘Start’.                                                                                                                                                                                                                                                                                                  eDiscovery Export Tool
  6. You can be able to see the “Processing has completed” message after the download. Go to the specified location in your PC to view the downloaded PST file(s).                                                                                                                                                                                       Download Exported PST file from Office 365 Mailbox 

Office 365 Export PST File Size Limit 

When exporting PST files, the default file size limit is 10 GB. However, you have the ability to change this limit depending on your specific needs by increasing or decreasing the file size. Additionally, if the exported mailbox exceeds the PST size limit, the tool will automatically split the PST file into sequentially numbered files to accommodate the larger size.  

The main reason to do this is so PST files can fit on removable media, such a DVD, a compact disc, or a USB drive. You can adhere to the following steps to change the PST export file size limit. 

  • Before proceeding, make sure to check whether the eDiscovery Export tool is open, and if so, be sure to close it before continuing.
  • Type the following text in a notepad and save the following text to a filename suffix of .reg. For example, Pst.reg.   
Windows Registry Editor Version 5.00 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\eDiscovery\ExportTool] 
"PstSizeLimitInBytes"="1073741824"

In the example above, the PstSizeLimitInBytes value is set to 1,073,741,824 bytes or approximately 1 GB. However, if you need to change this limit, you can easily do so by replacing the existing value with your desired limit in bytes.

  • Once you have created the .reg file by following the previous steps, it’s time to open it and proceed with the next steps.
  • In the User Access Control window, choose ‘Yes’ to grant permission to the Registry Editor to make the change. 
  • When asked to confirm, select ‘Yes’.                                                                                                                                                                               
Registry entry

The Registry editor will then display a confirmation message indicating that the “keys and values was successfully added to the registry”. 

Limitations in Exporting PST File in Office 365 

When exporting an Office 365 mailbox to a PST file, it is important to be aware of the limitations involved. Here is a list of the limitations you may encounter during the export process.

  • Browser Restrictions: You need to use Microsoft Edge browser. It’s not possible to export mailboxes to PST using other browsers without any extensions. 
  • File Corruption Issues: Increasing the default size of PST files larger than 10 GB might have corruption issues. 
  • Mailbox count limitation: You cannot download more than 100,000 mailboxes for search results using the eDiscovery Export Tool. 
  • Export Data Size Constraint: An organization can export 2TB data per day through content search. 
  • Output Display Restriction: Only 1,000 exports or reports will be displayed in Content search. 

Thus, exporting Office 365 mailbox to PST is a simple process that can be done in a few clicks. You can have a clear understanding of how to complete this task efficiently by following the above steps. Feel free to leave a comment below if you encounter any difficulties or need any assistance.

Source :
https://m365scripts.com/microsoft365/a-step-by-step-guide-to-export-office-365-mailbox-to-pst/

7 Reasons Why Security Awareness Is Critical for Employees

by hse | Apr 14, 2023 | Security information

There was a time when security awareness training was informal, short, and focused on simple things like using complex passwords. Well, it transpires that keeping these on a post-it note under your keyword or in a text file is in fact not a safe practice.

This was when cyber threats from hackers were the work of people with expert skills, and at worst resulted in your computer getting infected with a virus, causing a brief interruption to your working day. Fast forward to the modern reality of the dark web where you can literally shop around and choose the method in which you want to carry out a targeted attack.

Added to that are the near-constant cyber-attacks, where we can see an increase in phishing in the below graph from the Cyber Security Report 2023.

cyber security report - attack techniques - security awareness training

Attackers are not slowing down and always finding new, harmful ways to compromise businesses. The efforts therefore to stay ahead and protect organizations must continue, and one of those is to introduce security awareness training. There is significant evidence that security awareness training is more than just essential. A recent Remote Management Survey by Hornetsecurity showed in fact that 1 in 3 organizations do not provide any kind of cybersecurity awareness training to remote employees.

A reliance solely on an organization’s security function for detection and prevention is no longer sufficient. Employees must be armed with security awareness training to become foot soldiers in this war, and I’ll explain the reasons why.

1. Protects Sensitive Data

Security awareness training helps employees understand the importance of protecting sensitive information and the consequences of a data breach. Protecting sensitive data helps to ensure cyber security and maintain the confidentiality, integrity, and availability of your information systems.

Using security awareness services, users are educated to understand how and why sensitive data needs to be protected and can help prevent unauthorized access and data breaches. This security awareness software in turn protects the organization’s reputation and financial well-being, as well as protects the personal information of customers and employees.

Sensitive data is essentially confidential information such as financial records and personally identifiable information (PII) and, depending on the nature of the organization, could also include trade secrets or proprietary information considered commercially sensitive.

Theft and subsequent compromise of sensitive data is very common and a highly prized target during security or data breaches. In IBM’s “Cost of a data breach report 2022” we can see the year-on-year cost of a data breach is going in the wrong direction!

Through a cyber security training program, users become aware of the legal and ethical obligations they have to safeguard it from unauthorized access, disclosure, or misuse. Arming your users with security awareness training provides the knowledge and skills necessary how to handle sensitive information and significantly reduces the risk of a data or security breach.

2. Fosters a Sustainable Security Culture

Creating and fostering a culture of security within the organization is a fundamental step in raising awareness of security threats and practices for mitigating them.

Regular security awareness training promotes a security culture within an organization, making security a priority for all employees. You might have heard the catchphrase “security is everyone’s responsibility.” There’s a lot of truth to that.

Through a security awareness training program, employees benefit by learning and becoming aware of the roles and responsibilities and shifting their mindset from “that’s someone else’s problem” to “that’s my problem.”

Providing security awareness training empowers them to take responsibility and notice and report anything out of the ordinary. This can extend from information security things like phishing scams and emails to physical security and being able to identify or report someone suspicious lurking in the office or tailgating when entering the premises!

A security-conscious workforce brings about a culture where users are more likely to take proactive steps to protect their sensitive data and report suspicious activity.

3. Detects and Prevents Insider Threats

Security awareness training can help identify and prevent potential insider threats, such as employees who may be intentionally or unintentionally compromising the security of an organization, and here is why cybersecurity awareness training is important.

Insider threats refer to security breaches that are caused by a person who has authorized access to an organization’s systems, network, and data. Although only employees are commonly considered, it includes anyone who has access to the organization’s systems like vendors or contractors.

Theft of sensitive information, sabotage of systems, using security credentials, and unauthorized access to confidential data are also examples of insider threats. These threats can significantly impact the organization like financial loss, reputational damage, and even legal liabilities.

4. Increases Employee Engagement

By educating employees on the importance of security threats within and towards it, organizations can increase employee engagement and buy-in to security initiatives.

Engaged employees are more likely to feel like they have a vested interest in the success of their organization, thereby creating a sense of loyalty and responsibility towards it. Ultimately resulting in overall better security practices and reducing the risk of security breaches.

Increased employee engagement through security awareness training can result in employee retention, an often overlooked benefit. When employees leave an organization, they often take away with them potentially institutional sensitive information especially if an employee has a role within the security function of that organization, as their departure could create a security gap and therefore a security risk.

Although most organizations have a defined security policy, in reality, the only time an employee reads this is when they initially join and are required to read this part of their onboarding as a compliance exercise. By being and feeling more engaged, you’re likely to see better compliance with and understanding of security policies and procedures.

Understanding why these policies are necessary and how they contribute to the organization’s overall security reduces the risk of accidental or intentional security breaches.

security employee engagement

5. Education on Security Threats and How to Mitigate Them

Educating employees on security threats and how to mitigate them is crucial to maintaining a strong cybersecurity posture within an organization.

Employees who don’t work in a security-related role are often unaware of the plethora of security threats their organization faces every day. Incorporating education of security threats in a security awareness training program is an effective method to “enlist” employees as “soldiers” in this perpetual war.

Time is often of the essence when it comes to recognizing an IT security threat. For example, if a user who has not undergone a security awareness training program opens a malicious link, then realizes this, they are less likely to understand the significance of how quickly they must act on this information and report this.

Employees who understand the impact posed by security threats are more likely to make better decisions armed with this education.

6. Reduces Human Error

Employees are less likely to make costly security mistakes if they have received training on identifying and responding to security threats. Human error is a common cause of security incidents and one of the most common methods attackers use to infiltrate a network.

As you will have been, whenever there is a data breach, along with significant reputational damage, the financial cost is often significant. Assessing the cost and worth of implementing these security measures and awareness training is easily outweighed by the savings in not.

7. Supports Incident Response

Security awareness training equips employees with the knowledge and skills to respond effectively to security incidents, reducing the impact and recovery time of such incidents.

In an organization’s cyber security incident response plan, it will include and detail the roles and responsibilities for everyone in the organization. In the event of a security incident, it is important for all members of the organization to understand their roles and responsibilities in responding to the incident.

A security awareness program will help to educate people who are involved in being able to respond in the face of a security incident adequately and more quickly. Educated users are also more likely to recognize the signs of a security incident and report is prompt, which can help the incident response team take action more quickly.

The ability of an organization to respond in such a manner that minimizes the impact can be the difference between “getting owned” and mitigating a potential disaster.

We at Hornetsecurity work hard perpetually to give our customers confidence in their Security Awareness ServiceSpam & Malware ProtectionAdvanced Threat ProtectionEmail EncryptionEmail Archiving, and VM backup strategies.

To keep up to date with the latest security best practices, become a member of the Hornetsecurity blog now (it’s free).

Summary

The importance and benefits of security awareness training programs should not be underestimated for how organizations combat cybersecurity threats. Organizations can no longer think of cyber security awareness training as a maybe when they plan and strategize on how to improve cyber security posture, it’s essential.

In this digital age, many options and methods exist in which a cyber security awareness training program can be delivered, both online and in person. Hornetsecurity is one such place that offers a cyber security awareness training service.

FAQs

What is security awareness training?

Security awareness training is a kind of training that helps people learn about different security risks and how to keep themselves safe from them. Hornetsecurity provides security awareness training to help people become more aware and knowledgeable about security risks and how to protect themselves. By implementing proper security awareness training in your company, your employees will be able to recognize and avoid potential dangers.

Why is security awareness important?

Security awareness training is important to ensure the safety of sensitive data, and protecting against cyber threats is critical in today’s digital age. We at Hornetsecurity provide one-of-a-kind security awareness training that mainly focuses on creating a user-centric experience for employees better to understand the importance of security measures and procedures. With our training, you can rest assured that your systems and confidential information are secure.

What are the types of security awareness?

Our security expertise distinguishes 4 main types of security awareness training:

  1. Classroom training (lecture-based training)
  2. Video training
  3. Cloud training
  4. Simulation training

How often should security awareness training be conducted?

At Hornetsecurity, the Awareness Engine is the technological heart of our Security Awareness Service. It offers the following:

  • Everyone to have the right amount of training;
  • Each user receives as much training as necessary and as little as possible;
  • Demand-driven roll out of relevant e-training content;
  • Booster option for users who need more intensive e-training;
  • Fully automated steering of the e-training.

Source :
https://www.hornetsecurity.com/en/security-information/security-awareness-training/

Using Wireshark to Analyze and Troubleshoot Hyper-V Networking

Analyze traffic and uncover Hyper-V networking problems has never been easier

Networking problems frequently challenge administrators. Introducing a virtualized switch to the mix adds another layer of complexity and multiple failure points. We can use the popular Wireshark tool to analyze traffic and uncover problems.

Requirements for Success with Wireshark

First, you need the software. You can download Wireshark from Wireshark.org. The site includes substantial information and links to more. Due to the extensive depth of the tool, the value that you get from Wireshark depends directly on how well you’ve learned it. Ideally, you’d go through a guided course and practice on training captures. I understand that you might have more immediate needs. This article illustrates enough to get you started but expect to invest time in training and practice.

Second, you need a working knowledge of Ethernet frame structure. You do not need anything near expert level, but you won’t get far if you can’t make sense of what Wireshark reveals. We have an article series on basic networking that can get you started.

Remote Captures in Wireshark

Wireshark can capture information on remote systems. However, it includes more hints than details. I could not find any directions that I felt comfortable sharing. Fortunately, you have alternatives.

Wireshark will run on Windows Server. Because it relies on the Qt library for its graphical interface, you can run the entire program on a Core mode installation by manually starting “C:\Program Files\Wireshark\Wireshark.exe”. I have no objection to running Wireshark on a server. However, I do not like RDP or similar remote connections to servers. These technologies present a significant attack surface for malware and intruders. Use at your own risk.

During the Wireshark install, you can also select the TShark program, which gives you command-line access to captures. TShark works inside a PowerShell Remote session. That means that you can install TShark on a system that you want to capture “remotely”, output its capture to disk, and then import it into a management system. I will not spend much time on TShark in this article, but I will get you started.

TShark Fundamentals

First, install at least the TShark portion of Wireshark on the target server. That might require a remote desktop connection as Wireshark has no official support for remote or scripted installation. However, running “Wireshark-Win64-<VER>.exe /s” at a command prompt, (or via a script, or possibly even a remote session), should install the software with default options.

Second, open a remote PowerShell session to the server using credentials with administrative privileges on the target:

Connect-PSSession -ComputerName <SERVERNAME>

Alternatively, you can supply credentials at the point of entry:

Connect-PSSession -ComputerName <SERVERNAME> -Credential (Get-Credential)

Once you have your remote session, run Get-NetAdapter to retrieve a list of adapters on the remote server:

TShark Fundamentals

Locate the adapter(s) that host the Hyper-V virtual switch on the server and note the value(s) for ifIndex. In my case, I want interfaces 4 and 10. With that knowledge, initiate TShark. Tell it which interfaces to include in the capture and where to write an output file with the -i and -w switches, respectively. That looks something like this:

& ‘C:\Program Files\Wireshark\tshark.exe’ -i 4 -i 10 -w C:\Users\esadmin\Documents\cap.pcapng

You do need the leading ampersand. If you use tab completion for assistance in entering the path to TShark, PowerShell will insert it automatically.

Upon pressing [Enter], the capture starts and writes to the file. Most importantly, you need to know that pressing [CTRL]+[C] stops the capture. Because we did not specify a capture limit, it will run until we either cancel it or the remote system runs out of disk space. Less importantly, the TShark program does not generate all its console output in a way that PowerShell remote sessions can process. You will see some things that look like error messages and other things will not appear at all. Just remember how to start and stop the capture and you will get the expected capture file.

TShark allows you to restrict captures with limits and filters.

TShark allows you to restrict captures with limits and filters. I will leave learning about that to you. Start with tshark.exe –help. The instructions above will generate a capture file that, at worst, has more data than you want. Once you have that file, you can transfer it to your management workstation and use Wireshark to operate on it.

A Warning about Wireshark and Resources

Wireshark will write to capture files, but it defaults to keeping captured packets in memory unless told otherwise. When possible, only run captures for the time needed to gather the data relevant to the problem you want to solve. Take care to set limits on long-running captures to ensure that you do not consume all host memory or disk space. Remember that a full disk will cause any VMs on that disk to pause. Also, remember that Hyper-V prioritizes processes in the management operating system, so it will squeeze virtual machines as needed to provide CPU and memory resources to Wireshark.

Set capture limits from Wireshark’s main interface by clicking the Capture menu item on the menu bar and then clicking Options.

Wireshark will write to capture files

The Input tab allows you to select the adapters to watch and to define capture filters. The Output tab gives you options for writing to files. You can set finite capture limits on the Options tab that apply whether writing to memory or disk, along with some handy quality-of-life settings.

While we frequently want to capture all data so that we don’t miss environmental problems, you can greatly reduce capture size with capture filters. Unlike display filters, capture filters tell Wireshark to discard information without storing it. Use these cautiously; if you inadvertently throw out interesting frames, you’ll have to perform additional captures.

Finally, remember that 10GB and faster interfaces can already generate heavy CPU loads. Using Wireshark to capture and decipher frames costs that much more. Few systems drive their networking capabilities anywhere near their maximums but remain mindful.

Traffic Must Pass a Physical Adapter for Wireshark to Capture It

With the current way that the Hyper-V virtual switch projects into the management operating system, Wireshark cannot bind directly to it. Instead, we attach it to one or more physical adapters. This means that, at the management operating system level, Wireshark cannot intercept any traffic that never leaves the VMBus.

The VMBus limitation primarily impacts internal and private virtual switches. Without a physical adapter, you have few options. If you have an unused physical adapter, you could temporarily bind the virtual switch to it with Set-VMSwitch. If your host uses the older LBFO technology, you can add a team NIC in another VLAN and bind your virtual switch to that. Even with these alternatives, you will still miss anything that does not cross the bound adapter.

However, this should only present a problem in edge cases. Wireshark and TShark can operate just as well inside a virtual machine as they can in the management operating system. Wireshark does not distinguish between virtual and physical adapters. Set it to watch the virtual adapters involved in your communications chain, and you’ll see the traffic. If you can’t install either product inside a given virtual machine, you still have Hyper-V’s port mirroring feature.

Capturing All Virtual Switch Traffic

When you don’t know exactly what you’re looking for, which applies well when you don’t have much experience with network captures, just get everything. When you first open Wireshark, it will present all network adapters that it can operate with. Find the physical adapters that host your virtual switch and highlight them:

Capturing All Virtual Switch Traffic

Remember that choosing anything that says “vEthernet” in its name binds to that virtual adapter, not the virtual switch. For switch monitoring, you must choose the physical adapter(s).

You can either right-click your selection and click Start Capture or you can click the blue shark icon at the left of Wireshark’s icon menu. If you made a mistake in adapter selection or just want to change it after the capture has started, select Options from the Capture menu:

click Start Capture

Once the capture starts. you should see a rapidly scrolling screen like the one below. If you’re working on a problem, reproduce it while the trace runs.

Once the capture starts. you should see a rapidly scrolling screen

Once the trace has captured enough information, click the red square button on the toolbar to end it. Regardless of your intentions, I recommend saving the file. It’s better to have a capture file that you don’t need than the opposite.

You can scan through the capture to look for anything that seems out of place or just to acclimate yourself to a network capture. If you’ve never used Wireshark before, the topmost pane shows a list of captured frames with some basic information about each. The middle pane tries to break the selected frame down into its individual components. Click on the triangle icon to the left of any item to drill down further. Wireshark uses “dissectors” to interpret frame components. Anything that it doesn’t recognize goes into the generic “Data” portion. The third pane shows a binary dump of the frame. If you click any part of that, the dissector pane will shift focus to that location.

Listings such as this allow you to peruse the activity crossing your virtual switch. You can investigate whatever interests you.

Exercise 1: Capturing Virtual Switch Traffic by Port

Tracing traffic by port can help you locate breaks in communication. It helps you to discover if messages that you expect to arrive on a virtual machine ever make it to the virtual switch at all. You can ensure that servers on virtual machines respond to clients as expected. You can watch for traffic coming from unexpected (potentially malicious) sources.

In my example exercise, I want to verify that my “primary” domain controller properly receives and responds to authentication traffic. For the most basic trace, I can set a display filter on a previously captured file or on an active trace with this format: tcp.port == 389:

Capturing Virtual Switch Traffic by Port

For thoroughness, I want to look at all traffic that a domain controller would utilize for authentication traffic. I can filter to multiple ports like this: tcp.port == 88 or tcp.port == 389 or tcp.port == 636 or tcp.port == 3268 or tcp.port == 3269

domain controller would utilize for authentication traffic

Pressing [Enter] or the white arrow with the blue background at the end of the filter field will update the display to show only frames that match the filter:

blue background at the end of the filter field

Scanning the filtered view, I see frames that it clearly identifies as LDAP and others that it marks only as TCP. When Wireshark cannot identify a frame, look to the Info column. In the third row of the screenshot, we see that it has marked the frame as [ACK]. That tells us that the frame contains an acknowledgement of a previously received frame.

If I want to find out what the frame acknowledged, I can right-click on the line item, hover over Conversation Filter, and choose one of the offered items. In this case, I don’t want to miss anything, so I choose Ethernet as the least specific filter:

Conversation Filter

In response, Wireshark pares down the display to only the items that belong to that particular “conversation”. Also, notice that it updated the display filter:

display filter

I know that 192.168.5.1 belongs to the domain controller of interest. I also know that 192.168.5.2 belongs to my “secondary” domain controller. Therefore, before I even performed any of these tasks, I could have guessed that these frames carry requests or updates that keep domain information synchronized. To confirm, I select the first frame in the conversation in the top pane. In the second pane, I find the Lightweight Directory Access Protocol section that indicates a dissector has come into play. In the bottom frame, I locate the highlighted information (remember that this matches whatever I selected in the middle frame):

Lightweight Directory Access Protocol

The frame appears to have something to do with DNS settings. I look at the same portion of the second frame:

The frame appears to have something to do with DNS settings

We already know that the third and final frame in the conversation is an ACK. So, we can surmise that 192.168.5.2 asked 192.168.5.1 about SVDC02 as a DNS server, got a NO_OBJECT result, and acknowledged receipt of the result. It appears that I may have some DNS troubleshooting to do.

However, I was interested in authentication traffic. We learned that the tracked conversation dealt with DNS servers. I can return to my previous filtered view by clicking the drop-down arrow at the end of the filter line and choosing the filter that I want to see again:

We learned that the tracked conversation dealt with DNS servers

Exercise 2: Including or Excluding Virtual Switch Traffic by IP Address

To continue with the scenario set up in exercise 1, I still want to see all the authentication traffic to my “primary” domain controller, but I want to exclude anything between it and my “secondary” domain controller. The simplest display filter looks like this: ip.addr != 192.168.5.2. If I wanted to only see traffic on that IP, then I could use double equals (==) or eq instead of!=.

Of course, I don’t want non-authentication traffic. So, let’s modify the filter to ip.addr != 192.168.5.2 and (tcp.port == 88 or tcp.port == 389 or tcp.port == 636 or tcp.port == 3268 or tcp.port == 3269). Pay attention to the usage of parentheses. This grouping tells Wireshark that we want traffic where no frame includes IP address 192.168.5.2 but does contain any of the TCP ports inside the parentheses:

Including or Excluding Virtual Switch Traffic by IP Address

The remaining list tells us multiple things:

  • No non-domain controller except 192.168.10.1 talked to the domain controller during the capture (were we expecting traffic from someone else?)
  • We see the beginning of a conversation between the domain controller and 192.168.10.1 (indicated by the SYN packets)
  • 192.168.10.1 performed a bind and SASL operation
  • All traffic was on port 389
  • We see the end of a conversation (indicated by the RST, ACK packet followed by a FIN, ACK packet)

While not captured in the screenshot, the Info contents provide enough preview information for me to understand what the SASL conversation was about. However, I can click on the individual frames and use the other two panes to get a deeper look at the traffic.

Exercise 3: Determine the Physical Adapter(s) Used by a Virtual Machine

The Hyper-V virtual switch makes its own decisions when placing traffic on the members of a switch-embedded team. If you use the Hyper-V Port load balancing algorithm, it will affinitize each virtual adapter’s incoming traffic to a physical adapter. While it can dynamically change affinities in response to events, each virtual adapter will always receive on exactly one physical adapter. If you use the Dynamic load balancing algorithm instead, then Hyper-V can exploit Ethernet and TCP/IP characteristics to distribute physical adapter use down at the conversation level.

If you want to view its decisions in action, Wireshark can help. Get a capture of traffic on your switch’s physical adapters. Select any frame in the top pane. In the middle pane, expand the Frame group at the top, then the Interface item. Look at the Interface description field:

Determine the Physical Adapter

Skip around in a generic capture and look at the ways that it uses physical adapters. Notice how it freely distributes multicast and broadcast traffic as it sees fit. Notice how it picks an adapter for any given individual unicast conversation and keeps it there.

Frame

We will expand on this subject in the next two exercises.

Exercise 4: Determine the MAC Addresses Used by a Virtual Machine

This exercise may seem pointless because you can use PowerShell or the various graphical tools to find the MAC assigned to a Hyper-V virtual network adapter. Bear with me though, as you may see things that you don’t expect.

This exercise begins similarly to exercise 3. Pick a frame from the top pane and look in the center pane. The second section, after Frame, is Ethernet. It shows the MAC addresses involved in the frame, which probably aligns with what you see in your tools:

Determine the MAC Addresses Used by a Virtual Machine

Then again, it might not:

Ethernet

In fact, even though it includes the IP address of a virtual machine (192.168.127.3, visible in the third row), neither the source nor destination MAC belong to a Microsoft virtual adapter. For this reason, I counsel against filtering Hyper-V virtual switch traffic by any MAC owned by a virtual adapter unless you’re doing something like validating MAC address spoofing.

How did this happen? Short answer: Hyper-V silently utilizes the MAC addresses of physical adapters when load balancing traffic from a single virtual adapter. If that seems strange, understand that physical switches do the same thing. Knowing the MAC address that Hyper-V assigned to a virtual adapter does not guarantee that the virtual switch will only use that MAC in conversations involving that adapter. The only Ethernet segment that absolutely must have the correct MAC for an adapter is its direct switch connection. In Hyper-V’s case, that connection only exists on VMBus which, as we discussed earlier, cannot be seen in Wireshark. If you want a longer explanation, I wrote an article that talks about how this very thing can cause problems when using a dynamic-mode Hyper-V virtual switch in conjunction with load balancers.

You can see the MAC-to-adapter matching by comparing the MAC to the interface ID or description (as shown in exercise 3). You can use this information to filter a virtual machine’s traffic by adapter as shown in the next exercise.

Exercise 5: Find Traffic for a Virtual Machine that Uses a Specific Virtual Adapter

We’ll combine what we learned in the previous two exercises to answer a specific question: how do I filter the traffic from a specific virtual adapter that crosses a specific physical adapter? In case you skipped the previous sections, this question only makes sense when your Hyper-V virtual switch involves a physical adapter team.

The part of the virtual machine that does not change is its IP address, so I will filter by that first. Next, I will have Wireshark look at the frame object. As you type the filter, it will make suggestions. I begin my filter with ip.addr == 192.168.127.3 and frame.. Note that this is an incomplete query, and it includes a period at the end of frame:

Find Traffic for a Virtual Machine

You can see that Wireshark makes suggestions to help us out. The subcomponent of frame that interests us is the interface, so start typing that to shorten the suggestion list:

The subcomponent of frame that interests us is the interface

If you recall the Wireshark-assigned interface ID from previous exercises, then you can select the interface_id subcomponent and that number. I like repeatable, memorable things, so I will use the interface_description with the name that I gave the adapter in Windows: ip.addr == 192.168.127.3 and frame.interface_description == PTL. You do not need quotes around the name:

interface_id

My display now contains traffic for that virtual machine that uses the designated physical adapter, even though none of it includes the virtual machine’s “correct” MAC address:

My display now contains traffic for that virtual machine

Expect to see many frames marked “TCP Spurious Retransmission” on the physical adapter(s) that substitute their own MAC in place of the virtual adapter’s. Network load balancing does not come free.

Expand on these Lessons

This article only scratched the surface of Wireshark’s capabilities. Most importantly, it empowers you to see below the layer 3 and higher pieces that the virtual adapters deliver into the guest operating systems. You can now see the data that enters and leaves your virtual switch and use that knowledge to find the truth behind those vague “it must be something wrong with the network” excuses.

Source :
https://www.altaro.com/hyper-v/wireshark-hyper-v-networking/

Get Domain name using PowerShell and CMD

In a large organization, its very quite common to have many domain and child domain names. While performing task automation for set of computers in domain, its best practice to get domain name of a computer.

In this article, I will explain how to get domain name using PowerShell script and command line (CMD)

Get-WmiObject class in PowerShell management library find the domain name for computer and wmic command-line utility to get domain name using command line (cmd)

Let’s understand how to get domain name in PowerShell and command line with below examples.

Table of Contents  hide 

1 PowerShell Get Domain name

2 Using Get-AdDomainController to get domain name

3 Get Domain Distinguished Name in PowerShell

4 Get FQDN (Fully Qualified Domain Name)

5 Get Domain Name using Command Line

6 Find Domain Name using SystemInfo in CMD

7 Conclusion

PowerShell Get Domain name

You can use Get-WmiObject class in PowerShell.Management gets WMI classes in the root namespace of computer and get domain name for a computer

Get-WmiObject -Namespace root\cimv2 -Class Win32_ComputerSystem | Select Name, Domain

In the above PowerShell script, Get-WmiObject gets the WMI classes in the root\cimv2 namespace of computer and uses Win32_ComputerSystem to get computer system information.

Second command select Name and Domain name of a computer.

Output of above command to get domain name of a computer as below

PowerShell Get Domain Name
PowerShell Get Domain Name

Using Get-AdDomainController to get domain name

PowerShell Get-AdDomainController cmdlet in Active Directory get one or more domain controllers based on search criteria.

You can get domain name of a computer in active directory using PowerShell Get-AdDomainController cmdlet as below

Get-ADDomainController -Identity “ENGG-PRO” | Select-Object Name, Domain

In the above PowerShell script, Get-AdDomainController command get domain controller specified by name of server object

Second command, select name and domain name, output as below

PS C:\Windows\system32> Get-ADDomainController -Identity "ENGG-PRO" | Select-Object Name, Domain

Name     Domain
----     ------
ENGG-PRO SHELLPRO.LOCAL


PS C:\Windows\system32>

Get Domain Distinguished Name in PowerShell

You can get domain distinguished name for current logged in user in active directory using PowerShell as below

Get-ADDomain -Current LoggedOnUser

PowerShell Get-ADDomain cmdlet find domain name in active directory for current logged on user.

Output of above command to get domain distinguished name as below

PS C:\Windows\system32> Get-ADDomain -Current LoggedOnUser


AllowedDNSSuffixes                 : {}
ChildDomains                       : {}
ComputersContainer                 : CN=Computers,DC=SHELLPRO,DC=LOCAL
DeletedObjectsContainer            : CN=Deleted Objects,DC=SHELLPRO,DC=LOCAL
DistinguishedName                  : DC=SHELLPRO,DC=LOCAL
DNSRoot                            : SHELLPRO.LOCAL

Get FQDN (Fully Qualified Domain Name)

In the PowerShell, there are environment variable which contains FQDN ( fully qualified domain name) of a computer.

These variables are $env:USERDNSDomain and $env:$USERDomain

$env:USERDNSDomain variable contains FQDN ( fully qualified domain name) of domain or DNS name

$env:USERDomain variable contains NetBIOS domain name.

# Get Domain name using $env:USERDNSDoman

# Get FQDN – Fully Qualified Domain Name or DNS name

$env:USERDNSDOMAIN

#Get NetBios Domain name

$env:USERDOMAIN

Output of above environment variable to get domain name are as below

Find Domain Name using env:USERDNSDOMAIN
Find Domain Name using env:USERDNSDOMAIN

Get Domain Name using Command Line

You can use wmic command-line utility to get domain name using command line.

Run below command in cmd to retrieve domain name

wmic computersystem get domain

Output of above command to find domain name using cmd as below

C:\Windows\system32>wmic computersystem get domain
Domain
SHELLPRO.LOCAL

Find Domain Name using SystemInfo in CMD

You can get domain name using systeminfo which contains detailed information about computer system and operating system, run below command

systeminfo | findstr /B /C:”Domain”

Above SystemInfo command gets domain name of a computer joined to. Output of above command as below

C:\Windows\system32>systeminfo | findstr /B /C:"Domain"
Domain:                    SHELLPRO.LOCAL

Conclusion

In the above article, we have learned how to get domain of a computer using PowerShell and command line.

Use Get-WmiObject to get domain name of a computer using PowerShell. Using Get-AdDomainController get domain name in active directory.

wmic and SystemInfo command-line tool are useful to get domain name in cmd.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.CategoriesPowerShell TipsTagsGet domain nameGet-AdDomainController

Get-ComputerInfo – Get Computer Multiple Properties

Enable-AdAccount in Active Directory using PowerShell

Source :
https://shellgeek.com/get-domain-name-using-powershell-and-cmd/

How to Solve Hyper-V Cannot Delete Checkpoint | 3 Solutions

Case: Hyper-V snapshot no delete option

My Hyper-V host is Server 2012 R2. I have a virtual machine (Server 2012 R2) with a checkpoint. When I right click on the checkpoint, there is no “Delete checkpoint… ” option. I need to delete this checkpoint so that it is merged with the parent VHDX. What is the best method for doing this?

– Question from social.technet.microsoft.com

Have you ever encountered the situation where your Hyper-V cannot delete checkpoint because of “Delete” option missing? Right-clicking on the Hyper-V checkpoint, there are only “Settings”, “Export”, “Rename” and “Help” options left, why would this happen?

Hyper-V snapshot no delete option

There are many reasons may cause Hyper-V snapshot delete option not available, such as connection error with the host, or a backup tool failure. The most likely scenario is that the checkpoint created by a third-party tool was not deleted properly by the same tool.

More specifically, the checkpoints and associated .AVHDX files should be merged and deleted at the end of a backup – only the newer .AVHDX files should be kept. However, sometimes the checkpoints may be corrupted because the VM is in a locked or backed up state, or some other reason is preventing the deletion and merging. In this case, you may find the delete option missing, and Hyper-V cannot delete this checkpoint.

How to fix this? I will provide you 3 proven solutions, you can try them one by one. *They also work for cleaning up after a failed Hyper-V checkpoint.

How to solve Hyper-V cannot delete checkpoint (3 solutions)

When you are unable to delete checkpoint in Hyper-V, you can first try some regular troubleshooting means. If they cannot solve this issue, don’t worry, there are still some alternatives can help you delete Hyper-V checkpoint properly. I will cover all of them below.

Solution 1. Troubleshooting steps that you should try first

Before taking other measures, you can try some simple ways in Hyper-V Manager to see if you can make snapshot removal work. That is:

  • Right-click on the host name in Hyper-V Manager and select Refresh.
Refresh Hyper-V host
  • Close and restart the Hyper-V Manager.
  • Highlight the target checkpoint and use the [Delete] key on the keyboard. It should pop up a window confirming whether to delete the checkpoint or not.

If none of these ways can help, then you may need to try delete checkpoint Hyper-V with PowerShell.

Solution 2. Properly delete Hyper-V checkpoint with PowerShell

Hyper-V PowerShell module is a bundle of cmdlets for creating, configuring and managing Microsoft Hyper-V hosts and virtual machines. It can be more a time efficient method than using GUI. You can use it remove any Hyper-V checkpoint that has no delete option.

Launch Windows PowerShell as administrator on the Hyper-V host, input and execute the following command to delete the checkpoint:

Get-VMSnapshot -VMName <VMName> | Remove-VMSnapshot

Delete Hyper-V checkpoint via PowerShell

Note:

1. You need to replace <VMName> with your target virtual machine name.

2. If you need to specify a host, you can add a parameter of -ComputerName. The command looks like:

Get-VMSnapshot -ComputerName <ComputerName> -VMName <VMName> | Remove-VMSnapshot

3. If you want to delete a specified checkpoint, you can first run the command to get the checkpoint name:

Get-VMSnapshot -ComputerName <ComputerName> -VMName <VMName>

Then use the name to delete the specified checkpoint, the command will be like:

Get-VMSnapshot -VMName <VMName> -Name <CheckpointName> | Remove-VMSnapshot

Once the command succeeded, you can see the merge progress for the particular VM. It may take some time depending on the snapshot size. After that, you should be able to modify the virtual machine configuration again.

If this method still cannot delete your Hyper-V checkpoint, turn to the next one.

Solution 3. Export and import Hyper-V VM to resolve checkpoint cannot delete

You can try Hyper-V export VM and import as suggested by some other users, which are also said can be used to solve the problem.

1. Launch Hyper-V Manager. Right-click on the name of the target checkpoint, and select Export…

Export Hyper-V checkpoint

2. In the pop-up window, click Browse to specify a network share as the storage destination to the exported files. And then click Export.

export  checkpoint

3. Right-click on the host name and select Import Virtual Machine… Click Next on the pop-up wizard.

Import Virtual Machine

4. On Locate Folder page, click Browse… to specify the folder containing the exported VM files. Click Next to continue.

Locate Folder

5. On Select Virtual Machine page, select the virtual machine to import, then click Next.

Select Virtual Machine

4. On Choose Import Type page, choose the type of import to perform:

  • Register the virtual machine in-place (use the existing unique ID): use the exported files in-place, and when the import has completed, the export files become the running state files and can’t be removed. The ID will be the same as the exported one.
  • Restore the virtual machine (use the existing unique ID): restore the VM to the specified or default location, with the same ID as the exported one. When the import has completed, the exported files remain intact and can be removed or imported again.
  • Copy the virtual machine (create a new unique ID): restore the VM to the specified or default location, and create a new unique ID. Which means the exported files remain intact and can be removed or imported again, and you can import the VM to the same host multiple times.

Click Next to continue.

Choose Import Type

5. Choose the second or the third option, the wizard will add 2 more pages for selecting storage.

On Choose Destination page, you can check Store the virtual machine in a different location option, and click Browse… to specify Virtual machine configuration folder, Checkpoint store, and Smart paging folder. Leave the option unchecked the wizard will import the files to default Hyper-V folders. Then click Next.

Choose Destination

6. On Choose Storage Folders page, you can click Browse… to specify where you want to store the imported virtual hard disks for this VM, or leave the default location unchanged. Then click Next.

Choose Storage Folders

7. On Summary page, review the settings and click Finish to start restore.

Summary

Furthere reading: FAQ about Hyper-V delete checkpoint

The above describes how to solve the problem that the delete option disappears and the hyper-v checkpoint cannot be deleted. Besides, many users may have some other confusion about checkpoints. I have compiled some common questions and their answers here.

Q: Where are checkpoints stored on a Hyper-V host?

In general, the default location for storing checkpoint configuration files is:

%systemroot%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots

And the default locations for storing AVHDX files (checkpoint storages) are:

Windows Server 2012R2 / Windows 8.1: C:UsersPublicDocumentsHyper-VVirtual Hard Disks

Windows Server 2012 / Windows 8: C:ProgramDataMicrosoftWindowsHyper-VNew Virtual MachineVirtual Hard Disks

Q: Can you directly delete checkpoint files (.avhdx)?

Whenever a checkpoint is deleted, Hyper-V merges the .vhdx and .avhdx files automatically, and the .avhdx files should be removed from the disk after the Hyper-V checkpoint merging process is complete. So a proper checkpoint deletion does not result in data loss.

It’s not a good idea to delete the .avhdx file in VM folder directly, because it may cause the checkpoint tree to fail.

The normal steps to delete a checkpoint is:

Open the Hyper-V Manager -> Select the virtual machine for which you need to remove checkpoints -> Locate the Checkpoints tab -> Right-click on the desired checkpoint -> click “Delete Checkpoint”. If asked to confirm the action, make sure the checkpoint is correct and click “Delete” again.

Note if you need to delete all subsequent checkpoints, right-click the earliest checkpoint and click “Delete Checkpoint Subtree”.

If you find some orphaned Hyper-V AVHDX files in the VM folder, but no snapshots on that VM, this may be because incomplete deletion or merging, you can refer to: delete Hyper-V AVHDX file without checkpoints.

Q: Hyper-V checkpoint delete vs merge

A checkpoint is any new change or save between the old state and the present, it stops writing to the actual disk and writes to the change disk.

Once you are satisfied and delete the checkpoint, the changes are written back/merged to the actual disk and are write enabled again. Therefore, deleting a checkpoint and merging a checkpoint are actually the same thing.

If you don’t want the changes, you just need to revert them and any changes since the checkpoint will be deleted.

Q: Can Hyper-V checkpoints be used as regular backup means?

The answer is NO. VM snapshot and backup are different from each other. Microsoft’s Hyper-V checkpoint is not a replacement of backup.

When you create a backup, you are creating a copy of your virtual machine. It stores complete data of VM. Backups in Hyper-V can be used to restore a whole VM and do not affect the performance.

When you create a checkpoint, you are creating a differencing disk based on the original virtual machine hard disk. If the original disk is damaged, the child disk is easy to be lost or damaged as well. All changes made after the checkpoint are re-directed to the child disk and leaves the original virtual machine disk read-only.

Meanwhile, checkpoints are running out of the memory of disk with a rapid speed, which will gradually  to the poor performance of your virtual machines.

Hyper-V Restore Checkpoint

In short, Hyper-V checkpoint is just a secure “undo” button. If you want to test something quickly and restore the VM to a stable state, checkpoint in Hyper-V is convenient and fast to execute the process. But, if you want long-term and independent protection for VMs, you still need to find effective Hyper-V backup solution.

Better option for long-term protection: Image-based VM backup

As mentioned above, if you are looking for long-term data protection and the ability to quickly restore VMs to a usable state in the event of a disaster, then you are more suited to an image-based VM backup solution.

Here I’d like to introduce you AOMEI Cyber Backup, this free Hyper-V backup solution is designed to protect virtual machines from any data threats, whether you are using Hyper-V in Microsoft Windows Server 2022 / 2019 / 2016 / 2012 R2, Microsoft Windows 11 / 10 / 8 / 8.1 or Hyper-V Server 2019 / 2016 / 2012 R2.

You can use the software to simplify Hyper-V backup and management. If offers you the following benefits:

Easy-to-use: User-friendly interface to complete backup and restore process based on several clicks.
Perpetual Free: No time limit for AOMEI Cyber Backup Free Edition to protect up to multiple virtual machines.
Auto Backup Schedule: Schedule backups for multiple VMs at once and auto run it without powering off VMs.
Centralized Management: Create and manage Hyper-V VM backups from the central console without installing Agent on each VM.
Flexible Backup Strategy: Flexibly tracking data and store backups to different storages.
Role Assignment: allows one administrator to create sub-accounts with limited privileges.

Please hit the button below to download and use AOMEI Cyber Backup for free:

Download FreewareVMware ESXi & Hyper-V

Secure Download

*You can choose to install this VM backup software on either Windows or Linux system.

3 easy steps to perform free VM backup:

1. Open AOMEI Cyber Backup web client, and access to Source Device >> Hyper-V >> Add Hyper-V to bind your Hyper-V host, then enter the required information and click Confirm.

Add Hyper-V Host

2. Access to Backup Task >> Create New Task to configure your Hyper-V backup task. In the opened wizard, you can select Hyper-V virtual machines to back up, the storages to save the backups.

Backup Target

Also, you can configure Schedule to select backup method as full / incremental backup, and specify the backup frequency on basis of daily / weekly / monthly to automatically run the Hyper-V backup task.

Schedule Hyper-V VM Backup

3. Start Backup: click Start Backup and select Add the schedule and start backup now, or Add the schedule only.

When completing the Hyper-V backup solution, you can monitor the backing up process on the main interface, and you can also check the Backup Log to see if there are any errors that result in your backup failure.

When you want to Restore a VM from the backup, you can select any backup version from the history, and Restore to original location easily.

Restore Hyper-V VM

✍While the Free Edition covers most of the VM backup needs, you can also upgrade to enjoy:

  • Backup Cleanup: Specify retention policy to delete old VM backups automatically, thus saving storage space.
  • Restore to new location: Make a clone of a virtual machine in the same or another datastore/host, without reinstalling or configuring a new VM.

Summary

If you find your Hyper-V snapshot no delete option, I summarized several ways to solve the problem Hyper-V cannot delete checkpoint in this article. Hope it could be helpful to you.

Besides this, you may encounter some other issues, such as Hyper-V VM running slow, stuck at restoring or saved state, Hyper-V VM no internet, failed to change state, etc. To prevent your virtual machines from getting all kinds of errors and eventual crashes, it’s always recommended to back up your VMs that are loaded with important data.

Source :
https://www.ubackup.com/enterprise-backup/hyper-v-cannot-delete-checkpoint.html

Hyper-V Virtual Networking configuration and best practices

If you’re new to the world of virtualization, networking configuration can be one of the toughest concepts to grasp. Networking is also different in Hyper-V than in other hypervisors, so even those with years of experience can stumble a bit when meeting Hyper-V for the first time. This article will start by looking at the conceptual design of virtual networking in Hyper-V, configuration and then work through implementation best practices.

Networking Basics

Before beginning, it might be helpful to ensure that you have a solid grasp of the fundamentals of Ethernet and TCP/IP networking in general. Several articles that explain common aspects begin with this explanation of the OSI model.

The Hyper-V Virtual Switch

The single most important component of networking in Hyper-V is the virtual switch. There’s an in-depth article on the Hyper-V Virtual Switch on this blog, but for the sake of this article I’ll give you a basic introduction to the concept, within the bigger picture.

The key to understanding is realizing that it truly is a switch, just like a physical switch. It operates in layer 2 as the go-between for virtual switch ports. It directs packets to MAC addresses. It handles VLAN tagging. It can even perform some Quality of Service (QoS) tasks. It’s also responsible for isolating network traffic to the virtual adapter that is supposed to be receiving it. When visualized, the Hyper-V network switch should be thought of in the same way as a standard switch:

The next part of understanding the virtual switch is how it interacts with the host. To open that discussion, you must first become acquainted with the available types of virtual switches.

Virtual Switch Modes

There are three possible modes for the Hyper-V switch: private, internal, and public. Do not confuse these with IP addressing schemes or any other virtual networking configuration in a different technology.

Hyper-V’s Private Switch

The private switch allows communications among the virtual machines on its host and nothing else. Even the management operating system is not allowed to participate. This switch is purely logical and does not use any physical adapter in any way. “Private” in this sense is not related to private IP addressing. You can mentally think of this as a switch that has no ability to uplink to other switches.

Hyper-V’s Internal Switch

The internal switch is similar to the private switch with one exception: the management operating system can have a virtual adapter on this type of switch. This allows the management operating system to directly communicate with any virtual machines that also have virtual adapters on the same internal switch. Like the private switch, the internal switch does not have any relation to a physical adapter and therefore also cannot uplink to any another switch.

Hyper-V’s External Switch

The external switch type must be connected to a physical adapter. It allows communications between the physical network and the management operating system and the virtual adapters on virtual machines. Do not confuse this switch type with public IP addressing schemes or let its name suggest that it needs to be connected to an Internet-facing system. You can use the same private IP address range for the adapters on an external virtual switch that you’re using on the physical network it’s attached to. External in this usage means that it can connect to systems that are external to the Hyper-V host.

How to Conceptualize the External Virtual Switch

Part of what makes understanding the external virtual switch artificially difficult is the way that the related settings are worded. In the Hyper-V Manager GUI, it’s worded as Allow management operating system to share this network adapter. In PowerShell’s New-VMSwitch cmdlet, there’s an AllowManagementOS parameter which is no better, and its description — Specifies whether the parent partition (i.e. the management operating system) is to have access to the physical NIC bound to the virtual switch to be created. — makes it worse. What seems to happen far too often is that people read these and think of the virtual switch and the virtual adapters like this:

Unfortunately, this is not at all an accurate representation of Hyper-V’s virtual network stack. Once the virtual switch is bound to a physical adapter, that adapter is no longer used for anything else. TCP/IP, and most other items, are removed from it. The management operating system is quite simply unable to “share” it. If you attempt to bind anything else to the adapter, it’s quite probable that you’ll break the virtual switch.

In truth, the management operating system is getting a virtual network adapter of its own. That’s what gets connected to the virtual switch. That adapter isn’t exactly like the adapters attached to the virtual machines; it’s not quite as feature-rich. However, it’s nothing at all like actually sharing the physical adapter in the way that the controls imply. A better term would be, “Connect the management operating system to the virtual switch”. That’s what the settings really do. The following image is a much more accurate depiction of what is happening:

As you can see, the management operating system’s virtual adapter is treated the same way as that of the virtual machines’ adapters. Of course, you always have the option to take one or more physical adapters out of the virtual switch. Those will be used by the management operating system as normal. If you do that, then you don’t necessarily need to “share” the virtual switch’s adapter with the management operating system:

How to Use Physical NIC Teaming with the Hyper-V Virtual Switch

As of Windows Server 2012, network adapter teaming is now a native function of the Windows Server operating system. Teaming allows you combine two or more adapters into a single logical communications channel to distribute network traffic. Hyper-V Server can also team physical adapters.

When a teamed adapter is created, the individual adapters still appear in Windows but, in a fashion very similar to the virtual switch, can no longer be bound to anything except the teaming protocol. When the team is created, a new adapter is presented to the operating system. It would be correct to call this adapter “virtual”, since it doesn’t physically exist, but that can cause confusion with the virtual adapters used with the Hyper-V virtual switch. More common terms are team adapter or logical adapter, and sometimes the abbreviation tNIC is used.

Because teaming is not a central feature or requirement of Hyper-V, it won’t be discussed in detail here. Hyper-V does utilize native adapter teaming to great effect and, therefore, it should be used whenever possible. As a general rule, you should choose the Dynamic load balancing algorithm unless you have a clearly defined overriding need; it combines the best features of the Hyper-V Port and Transport Ports algorithms. As for whether or not to use the switch independent teaming mode or one of the switch dependent modes, that is a deeper discussion that involves balancing your goals against the capabilities of the hardware that is available to you. For a much deeper treatment of the subject of teaming with Hyper-V, consult the following articles in the Altaro blog:

[thrive_leads id=’17165′]

Hyper-V and Network Convergence

Network convergence simply means that multiple traffic types are combined in a single communications channel. To a certain degree, Hyper-V always does this since several virtual machines use the same virtual switch, therefore the same network hardware. However, that could all technically be classified under a single heading of “virtual machine traffic”, so it’s not quite convergence.

In the Hyper-V space, true convergence would include at least one other role and it would include at least two physical network adapters. The simplest way to achieve this is by teaming two or more adapters as talked about in the preceding section and then creating a virtual switch atop the team adapter. When the virtual switch is created, use the “share” option or PowerShell to create a virtual adapter for the management operating system as well. If that adapter is used for anything in the management operating system, then that is considered convergence. Other possible roles will be discussed later on.

While the most common convergence typically binds all adapters of the same speed into a single channel, that’s not a requirement. You may use one team for virtual machine traffic and another for the management operating system if you wish.

Hyper-V and Networking within a Cluster

Failover Clustering has its own special networking needs, and Hyper-V extends those requirements further. Each node begins with the same requirements as a standalone Hyper-V system: one management adapter and a virtual switch. A cluster adds the need for cluster-related traffic and Live Migration.

In versions prior to 2012, the only supported configuration required that all of these roles be separated into unique gigabit connections. With the enhancements introduced in 2012 and 2012 R2, these requirements are much more relaxed. There aren’t any published requirements with the new versions (although it could be argued that the requirements for 2008 R2 were never officially superseded, so they are technically still enforced). In practice, it’s been observed that it is absolutely necessary for there to be at least two unique cluster paths, but the rest can be adjusted up or down depending on your workloads.

The following describes each role and gives a brief description of its traffic:

  • Management: This role will carry all traffic for host-level backups and any host-related file sharing activities, such as accessing or copying ISO images from a remote system. During other periods, this role usually does not experience a heavy traffic load. The typical usage is for remote management traffic, such as RDP and WS-Man (PowerShell), which are very light.
  • Cluster Communications: Each node in the cluster continually communicates with all the other nodes in a mesh pattern to ensure that the cluster is still in operation. This operation is commonly known as the “heartbeat”, although network configuration information is also traded. Heartbeat traffic is typically very light, but it is extremely sensitive to latency. If it does not have a dedicated network, it can easily be drowned out by other operations, such as large file copies, which will cause nodes to lose quorum and fail over virtual machines even though nothing is technically wrong.
    • Cluster Shared Volumes: CSV traffic is not a unique role; it travels as part of standard cluster communications. When all is well, CSV traffic is fairly minimal, only passing CSV metadata information between the nodes. If a CSV goes into Redirected Access mode, then all traffic to and from that CSV will be handled by the owner node. If any other node needs to access that CSV, it will do so over a cluster network. The cluster will ensure that the normal cluster communications, such as heartbeat, are not sacrificed, but any struggles for bandwidths will cause virtual machines to perform poorly – and possibly crash. If your cluster does not use CSVs, then this traffic is not a concern.
  • Live Migration: Without constraints, a Live Migration operation will use up as much bandwidth as it can. The typical configuration provides a dedicated adapter for this role. With converged networking, the requirement is not as strict.
  • Virtual Machine traffic: VM traffic is arguably the most important in the cluster, but it also tends to not be excessively heavy. The traditional approach is to dedicate at least one adapter to the virtual switch.

While legacy builds simply separated these onto unique, dedicated gigabit pipes, you now have more options at your disposal.

SMB Enhancements for Cluster Communications

Cluster communications have always used the SMB protocol. The SMB protocol was upgraded substantially in 2012 and now has the ability to multichannel. This feature will auto-negotiate between the source and destination host and will automatically spread SMB traffic across all available adapters.

Whereas it used to be necessary to set networks for cluster communications and then modify metric assignments to guide traffic, the preferred approach in 2012 R2 is to simply designate two or more networks as cluster networks. The hosts will automatically balance traffic loads.

SMB Enhancements for Live Migration

If the cluster’s nodes are all set to use SMB for Live Migration, then it will take advantage of the same SMB enhancements that the standard cluster communications use. In this way, management traffic, cluster communications traffic, and Live Migration could all be run across only two distinct networks instead of two. This is potentially risky, especially if Redirected Access mode is triggered.

Converged Networking Benefits for Clustering

By using converged networks, you gain substantially more options with less hardware. SMB multichannel divides traffic across distinct networks – that is, unique subnets. By using converged networks, you can create more subnets than you have physical adapters.

This is especially handy for 10GbE adapters since few hosts will have more than two. It also has its place on 1GbE networks. You can simply combine all physical adapters into one single large team and create the same number of logical networks that you would have for a traditional role, but enable each of them for cluster communications and Live Migration. This way, SMB multichannel will be able to automatically load balance its needs. Remember that even with converged networking, it’s best to not combine all roles onto a single virtual or teamed adapter. SMB multichannel requires distinct subnets to perform its role and teaming balances some traffic according to the virtual adapter.

Quality of Service Benefits for Clustering

While the concern is rarely manifested, it is technically possible for one traffic type to fully consume a converged team. There are a number of QoS (Quality of Service) options available to prevent this from occurring. You can specifically limit SMB and/or Live Migration traffic and set maximums and minimums on virtual adapters.

Before you spend much time investigating these options, be aware that most deployments do not require this degree of control and will perform perfectly well with defaults. Hyper-V will automatically work to maintain a balance of traffic that does not completely drown out any particular virtual network adapter. Because the complexity of configuring QoS outweighs its benefits in the typical environment, this topic will not be investigated in this series. The most definitive work on the subject is available on TechNet.

How to Design Cluster Networks for Hyper-V

The one critical concept is that cluster networks are defined by TCP/IP subnet. The cluster service will detect every IP address and subnet mask on each node. From those, it will create a network for each unique subnet that it finds. If any node has more than one IP address in a subnet, the cluster service will use one and ignore the rest unless the first is removed. If the service finds networks that only some nodes have IP addresses for, the network will be marked as partitioned. A network will also be marked as partitioned if cluster communications are allowed but there are problems with inter-node traffic flow. The following diagram shows some sample networks and how clustering will detect them.

In the illustration, the only valid network is Cluster Network 2. The worst is Cluster Network 4. Due to the way the subnet is configured, it overlaps with all of the other networks. The cluster service will automatically lock the node 2 adapter with IP address 192.168.5.11 out of cluster communications and mark the network as None to indicate that it is disallowed for cluster communications.

Before building your cluster, determine the IP subnets that you’ll be using. It’s perfectly acceptable to create all-new networks if necessary. For cluster communications, the nodes will not intentionally communicate with anything other than the nodes in the same cluster. The minimum number of unique networks is two. One must be marked to allow client and cluster communications; this is the management network. One must be marked to allow cluster communications (client communications optional but not recommended). Further networks are optional, but will grant the cluster the opportunity to create additional TCP streams which can help with load-balancing across teamed adapters.

Hyper-V Networking Best Practices – Configuration in Practice

There isn’t any single “correct” way to configure networking in Hyper-V any more than there is a single “correct” way to configure a physical network. This section is going to work through a number of best practices and procedures to show you how things are done and provide guidance where possible. The best advice that anyone can give you is to not overthink it. Very few virtual machines will demand a great deal of networking bandwidth.

There are a few best practices to help you make some basic configuration decisions:

  • A converged network results in the best overall bandwidth distribution. It is extremely rare to have any situation in which a single network role will be utilizing an entire gigabit connection constantly. By dedicating one or more adapters to a single role, you prevent any other role from using that adapter, even when its owning role is idle.
  • A single TCP/IP stream can only use a single physical link. One of the most confusing things about teaming that new-comers face is that combining multiple links into a single team does not automatically mean that all traffic will automatically use all available links. It means that different communications streams will be balanced across available. Or, to make that more clear, you need at least four different communications streams to fully utilize four adapters in a team.
  • Avoid using iSCSI or SMB 3 directly with teaming. It is supported for both, but it is less efficient than using MPIO (for iSCSI) or SMB multichannel. It is supported to have multiple virtual network adapters on a team that are configured for iSCSI or SMB multichannel. However, you will always get the best performance for network storage by using unteamed adapters that are not bound to a virtual switch. This article explains how to configure MPIO.
  • If iSCSI and/or SMB connections are made through virtual adapters on a converged team, they will establish only one connection per unique IP address. Create multiple virtual adapters in order to enable MPIO and/or SMB multichannel.
  • For Failover Clustering, plan in advance what IP range you want to use for each role. For example:
    • Management: 192.168.10.0/24
    • Cluster communications/CSV: 192.168.15.0/24
    • Live Migration: 192.168.20.0/24
    • SMB network 1: 192.168.30.0/24
    • SMB network 2: 192.168.31.0/24
  • The only adapter in the management operating system that should have a default gateway is the management adapter. Assigning default gateways to other adapters will cause the system unnecessary difficulty when choosing outbound connections.
  • If cluster nodes have adapters that will only be used to communicate with back-end storage (iSCSI or SMB), exclude their networks from participating in cluster communications.
  • Only the management adapter should register itself in DNS.
  • Except for the one created by checking Allow the management operating system to share this network adapter, you cannot use the GUI to create virtual network adapters for the management operating system’s use.
  • You cannot use the GUI to establish a QoS policy for the virtual switch. The only time this policy can be selected is during switch creation.
  • If desired, virtual machines can have their IP addresses in the same range as any of the cluster roles. Failover Clustering does not see the ranges in use by virtual machines and will not collide with them.
  • The management operating system will allow you to team network adapters with different feature sets and even different speeds, but it is highly recommended that you not do this. Different features can result in odd behaviors as communication are load balanced. The system balances loads in round-robin fashion, not based on adapter characteristics (for instance, it will not prioritize a 10GbE link over a 1GbE link).
  • Networking QoS only applies to outbound communications. Inbound traffic will flow as quickly as it is delivered and can be processed.
  • 10GbE links have the ability to outpace the processing capabilities of the virtual switch. A single virtual adapter or communications stream may top out at speeds as low as 3.5 Gbps, depending upon the processing power of the CPU. Balanced loads will be able to consume the entire 10GbE link, especially when offloading technologies, primarily VMQ, are in place and functional.
  • When teaming, choose the Dynamic load balancing algorithm unless you have a definite, verifiable reason not to. Do not prefer the Hyper-V Port mode simply based on its name; Dynamic combines the best aspects of the Hyper-V Port and Hash modes.
  • You can use iSCSI on a virtual machine’s virtual adapter(s) to connect it/them directly to network storage. You will have better performance and access to more features by connecting from the host and exposing storage to the guests through a VHDX. Virtual machines can have multiple network adapters, which enables you to connect the same virtual machine to different VLANs and subnets.
  • Avoid the creation of multiple virtual switches. Some other hypervisors require the administrator to create multiple virtual switches and attach them to the same hardware. Hyper-V allows only a single virtual switch per physical adapter or team. Likewise, it is not advisable to segregate physical adapters, whether standalone or in separate teams, for the purpose of hosting multiple virtual switches. It is more efficient to combine them into a single large team. The most common exception to this guideline is in situations where physical isolation of networks is required.

The necessary steps to create a team were linked earlier, but here’s the link again: https://www.altaro.com/hyper-v/how-to-set-up-native-teams-in-hyper-v-server-2012/.

Adapter and TCP/IP Configuration

If your system is running a GUI edition of Windows Server, you can configure TCP/IP for all adapters using the traditional graphical tools. For all versions, you can also use sconfig.cmd for a guided process. This section shows how to perform these tasks using PowerShell. To keep the material as concise as possible, not all possible options will be shown. Refer to the introductory PowerShell article for assistance on using discovering the capabilities of cmdlets using Get-Help and other tools.

See Adapter Status (and Names to Use in Other Cmdlets)

Get-NetAdapter

Rename a Physical or Team Adapter

Rename-NetAdapter Name CurrentName NewName NewName

Set an Adapter’s IP Address

New-NetIPAddress InterfaceAlias AdapterName IPAddress 192.168.20.20 PrefixLength 24

Set an Adapter’s Default Gateway

New-NetRoute InterfaceAlias AdapterName DestinationPrefix 0.0.0.0/0 NextHop 192.168.20.1

Tip: use “Set-NetRoute” to make changes, or “Remove-NetRoute” to get rid of a gateway.

Set DNS Server Addresses

Set-DNSClientServerAddresses InterfaceAlias AdapterName –ServerAddresses 192.168.20.5, 192.168.20.6

Prevent an Adapter from Registering in DNS

Set-DnsClient InterfaceAlias AdapterName RegisterThisConnectionsAddress $false

One final option that you may wish to consider is setting Jumbo Frames on your virtual adapters. A Jumbo Frame is any TCP/IP packet that exceeds the base size of 1514 bytes. It’s most commonly used for iSCSI connections, but can also help a bit with SMB 3 and Live Migration traffic. It’s not useful at all for traffic crossing the Internet and most regular LAN traffic doesn’t benefit much from it either. If you’d like to use it, the following post explains it in detail: https://www.altaro.com/hyper-v/how-to-adjust-mtu-jumbo-frames-on-hyper-v-and-windows-server-2012/. That particular article was written for 2012. The virtual switch in 2012 R2 has Jumbo Frames enabled by default, so you only need to follow the portions that explain how to set it on your physical and virtual adapters.

Configuring Virtual Switches and Virtual Adapters

All of the graphical tools for creating a virtual switch and setting up a single virtual adapter for the management operating system were covered in this previous article in the series. You cannot use the graphical tools to create any further virtual adapters for use by the management operating system. You also must use PowerShell to create your virtual switch if you want to control its QoS policy. The following PowerShell commands deal with the virtual switch and its adapters.

Create an External Virtual Switch

New-VMSwitch –InterfaceAlias AdapterName –Name vSwitch –AllowManagementOS $false –EnableIOV $false –MinimumBandwidthMode Weight

There are several things to note about this particular cmdlet:

  • The “InterfaceAlias” parameter shown above is actually an alias for “NetAdapterName”. The alias was chosen here because it aligns with the parameter name and output of Get-NetAdapter.
  • The cmdlet was typed with “vSwitch” as the virtual switch’s name, but you’re allowed to use anything you like. If your chosen name has a space in it, you must enclose it in single or double quotes.
  • If you do not specify the “AllowManagementOS” parameter or if you set it to true, it will automatically create a virtual adapter for the management operating system with the same name as the virtual switch. Skipping this automatic creation gives you greater control over creating and setting your own virtual adapters.
  • If you do not wish to enable SR-IOV on your virtual switch, it is not necessary to specify that parameter at all. It is shown here as a reminder that if you’re going to set it, you must set it when the switch is created. You cannot change this later.
  • The help documentation for Get-VMSwitch indicates that the default for “MinimumBandwidthMode” is “Weight”. This is incorrect. The default mode is “Absolute”. As with SR-IOV support, you cannot modify this setting after the switch is created.

Create a Private Virtual Switch

New-VMSwitch Name Isolated SwitchType Private MinimumBandwidthMode Weight

Many of the notes from the creation of the external switch apply here as well. The “EnableIOV” switch is not applicable to a private or internal switch at all. The “AllowManagementOS” switch is redundant: if the switch type is “Private” then no virtual adapter is created; if the switch type is “Internal”, then one is created. Adding one virtual adapter to the management OS on a Private switch will convert it to internal; removing all management OS virtual adapters from an Internal switch will make it Private.

Permanently Remove a Virtual Switch

Remove-VMSwitch Name vSwitch

This operation is permanent. The entire switch and all of its settings are lost. All virtual adapters in the management operating system on this switch are permanently lost. Virtual adapters in virtual machines connected to this switch are disconnected.

Add a Virtual Adapter to the Management OS

Add-VMNetworkAdapter ManagementOS SwitchName vSwitch Name 'New vAdapter'

The first thing to note is that, for some reason, this cmdlet uses “Add” instead of the normal “New” verb for creating a new object. Be aware that this new adapter will show up in Get-NetAdapter entries as vEthernet (New vAdapter) and that is the name that you’ll use for all such non-Hyper-V cmdlets. Use the same cmdlets from the previous section to configure

Retrieve a List of Virtual Adapters in the Management OS

Get-VMNetworkAdapter –ManagementOS

Rename a Virtual Adapter in the Management OS

Rename-VMNetworkAdapter ManagementOS Name CurrentName NewName NewName

How to Set VLAN Information for Hyper-V Virtual Adapters

Adapters for the management operating system and virtual machines can be assigned to VLANs. When this occurs, the Hyper-V virtual switch will handle the 802.1q tagging process for communications across the virtual switches and for packets to and from physical switches. As shown in the article on Virtual Machine settings, you can use Hyper-V Manager to change the VLAN for any of the adapters attached to virtual machines. You can only use PowerShell to change the VLAN for virtual adapters in the management operating system.

Retrieve the VLAN Assignments for All Virtual Adapters on the Host

GetVMNetworkAdapterVlan

You can use the “ManagementOS” parameter to see only adapters in the management operating system. You can use the “VMName” parameter with an asterisk to see only adapters attached to virtual machines.

Set the VLAN for a Virtual Adapter in the Management Operating System

Set-VMNetworkAdapterVlan ManagementOS VMNetworkAdapterName vAdapterName Access VlanId 10

Set the VLAN for all of a Virtual Machine’s Adapters

Set-VMNetworkAdapterVlan -VMName svtest -Access -VlanId 7

Remove VLAN Tagging from all of a Virtual Machine’s Adapters

Set-VMNetworkAdapterVlan -VMName svtest –Untagged

If a virtual machine has more than one virtual adapter and you’d like to operate on it separately, that might require a bit more work. When the GUI is used to create virtual adapters for a virtual machine, they are always named Network Adapter, even if there are several. So, you’ll have to use PowerShell to rename them as they are created or you won’t be able to use the “VMNetworkAdapterName” to distinguish them. Instead, you can use Get-VMNetworkAdapter to locate other distinguishing features and pipe the output to cmdlets that accept VMNetworkAdapter objects. For example, you want to change the VLAN of only one adapter attached to the virtual machine named “svtest”. By using the tools inside the guest operating system, you’ve determined that the MAC address of the adapter you want to change is “00-15-5D-19-0A-24”. With the MAC address, you can change the VLAN of only that adapter by using the following PowerShell construct:

GetVMNetworkAdapter VMName svtest | where { $_.MacAddress eq '00155D190A24' } | SetVMNetworkAdapterVlan –VMName Access VlanId 7

Cluster Networking Configuration

It is possible to use PowerShell to configure networking for your Failover Cluster, but it’s very inelegant with the current status of those cmdlets. At this time, they are not well-configured, so you must directly manipulate object property values and registry settings in fashions that are risky and error-prone. It is much preferred that you use Failover Cluster Manager to make these settings as explained in this article earlier on in the series.

Continue Exploring Networking

There’s a lot to digest in Hyper-V virtual networking. What you’ve seen so far truly is only the fundamentals. For a relatively simplistic deployment with no more than a few dozen virtual machines, you might not ever need any more information. As densities start to climb, the need to more closely tune networking increases. With gigabit adapters, your best option is to scale out. 10GbE adapters allow you to overcome physical CPU limitations with a number of offloading techniques, chief among these being VMQ. Begin your research on that topic by starting with the definitive article series on the subject, VMQ Deep Dive.

Otherwise, your best next steps are to practice with the PowerShell cmdlets. For example, learn how to use Set-VMNetworkAdapter to modify virtual adapters in similar fashion to the procedures you saw in the earlier GUI articles. With a little effort, you’ll be able to change groups of adapters at once. Hyper-V’s networking may be multi-faceted and complicated, but the level of control granted to you is equally vast.

Source :
https://www.altaro.com/hyper-v/virtual-networking-configuration-best-practices/