Question

Locked

Firewall and Router --- 1 or 2 Devices?

By Working IT ·
Should I use 1 device that can act as firewall and router or use 2 devices (one as firewall and the other one as router)?

This conversation is currently closed to new comments.

10 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

depends on what is needed.

by w2ktechman In reply to Firewall and Router --- 1 ...

Is this for a home network, a small network, or a larger network?
For a home network on DSL/Cable, an all-in-one should be fine (HW), but extra protection (SW) is advised.
For a small business network, you will need to determine costs, and justify the equipment.
For a larger network, independant HW devices should be deployed

Collapse -

For Small Business Network with

by Working IT In reply to depends on what is needed ...

5 locations, 20 internal users, and 10 mobile users.

What is the benefit to have 2 device instead of 1?

What do people put between the router and firewall?

Collapse -

Easy answer is 1 device

by HAL 9000 Moderator In reply to For Small Business Networ ...

The benefit of having 2 devices is that if the router fails you still have an Internet connection but with limited security. Personally I don't see this as a benefit but depending on your budget it may be. Or you could go with a computer running a dedicated Firewall application which would give you an excellent Firewall solution depends on just how secure you need the internal LAN to be.

What do people put between the router and firewall?

Mostly a CAT 5E Cable is used though you could use a CAT 6 cable but it wouldn't offer any real advantage.

Collapse -

Hal has the answer

by w2ktechman In reply to For Small Business Networ ...

In your case, if budgeting is an issue, get the 2-in-1 option. If funding is available, go with the 2 seperate devices.

Collapse -

well it's a little more complex than that

by mdavis In reply to For Small Business Networ ...

You say 5 locations. What is your method of interconnectivity? Frame Relay? Simple T-1 with internet connection? DSL? Cable?

Most all of these, your provider is going to supply you with the "router" either in the form of a real actual router or a DSL/Cable modem. The modems act as a router (by dfinition a router is nothing more than a device that forwards information to disparate networks). The firewall is also in and of itself a router since typically there is one network on the untrusted side (ie. internet) and another network on the LAN side (trusted).

If you do NOT have a router provided to you by your service provider, then you will most certainly need one of those and most of the units built for a SOHO are assuming that you have a modem in front of them, as MOST are not capable of internet routing protocols.

Making the assumption that you are like most small businesses and have opted for the cable modem/dsl option I would recommend a small firewall such as a Cisco ASA 5505 (the replacement of the PIX 501). http://www.cisco.com/en/US/products/ps6120/index.html there are other products like Netscreen and SonicWall and Watchgaurd to name a few. These are scaleable, quasi-enterprise class devices that would also allow you to set up site to site VPNs and other things as well. Basically they give you flexibility options and are in the 500-700 dollar range, quite affordable actually.

Collapse -

ASA 5505 and PIX 501

by Working IT In reply to well it's a little more c ...

I thought of ASA 5500 series, too. But the price different between ASA 5500 and PIX 501 is huge. ASA 5500 is around $2200 and PIX 501 is around $750.

Are these 2 device are basically the same? Do you recommend PIX 501 even though Cisco will not support that within the next few years?

Collapse -

800 or 1800 series

by CG IT In reply to ASA 5505 and PIX 501

I'd go with the 800 or 1800 series routers if he's small business and even if he has 5 seperate locations all of which are small in size [# of employees and workstations]. Note: most consumer level routers offer 8 mbps throughput on the WAN link. To get more, you have to go to SOHO or better routers. Symantec has the 360 series SOHO which offers 55 mbps throughput on the WAN link.

So choosing a router and firewall device really has one looking more at infrastructure and users needs which will determine what type of device or devices to purchase.

With gigabit LANs and NICs one could opt for a single device like ISA Server 2006 which is proxy/firewall and imo a good one.

Collapse -

1800 Series

by Working IT In reply to 800 or 1800 series

I agree. For the router, I will pick 1800 series.

For the firewall/VPN, which one you prefer, PIX 501 or ASA 5500?

Collapse -

Or you could always go with something better

by HAL 9000 Moderator In reply to 1800 Series

Googgun Linux has an excellent product called Trustifier which is easy to work and runs on a Linux platform that's I've found unbreakable so far and I've tried but gave up trying to break in after about 3 months of off and on attacks.

It's extremely easy to set up even easier to maintain and can run on some very old cheap hardware and still appear to work as well as something loaded on the newest hardware available. While an ISA Server is good this is both cheaper to buy and easier to maintain and if someone goes all out to attack it there is nothing else on that server for them to find if they actually manage to bypass the security that is built in. Even if they manage to break the Gateway server they then have to break into the internal LAN. If you are using ISA on a server you will most likely have other applications running off that server so once they break ISA they will have total access tot he internal system.

Don't gt me wrong ISA is good but it's weakness is that it can be run on a server doing other things and that gives it weakness that other things like Trustifier just don't have. I'm running Googgun Linux on an old IBM Netfinity 5000 that cost me about $100.00 AU and with that I expect it to run for a very long time without problems I just tend to have the particular case buried away and I only pay any attention to it when there are severe Thunder Storms about as I have to remember to restart it after I power down the UPS that it's on.

Col

Back to Networks Forum
10 total posts (Page 1 of 1)  

Hardware Forums