Discussions

Hardware firewall, which one ?

Tags:
+
0 Votes
Locked

Hardware firewall, which one ?

marco7683-info
Hardware firewall for 85 users ?
Hello everybody,

i would like to setup an hardware firewall in my company.

At this time we have.

One server running as file server and firewall
with:
- Windows server 2003 R2 enterprise edition.

- Isa 2006 enterprise edition running as a gateway firewall.

- GFI web monitor real time antivirus scanning. (We block all the mp3, exe, msn, and scan all the remaning content with kaspersky and bitdefender).

- Kaspersky fileserver and workstation for each computer manage by Kaspersky administration kit.

All the incoming traffic is scanned by Isa 2006.
We also block all the msn messenger traffic.

To improve the safety i would like to setup a such firewall:
D-link DFL-M510
http://www.dlink.com/products/?sec=2&pid=*** or Symantec? Gateway Security 300 Series
http://www.symantec.com/region/hk/product/gtw/

Could you give me your advices concerning such devices.

Thanks for your answers.

Pierre
  • +
    0 Votes
    BALTHOR

    The defense against computer virus is costing the Earth a lot of money!My advice would be to contact your computer manufacturer.Par for the course would be that these computer manufacturers never even heard of virus---

    +
    0 Votes
    ncrick

    any hardware firewall that is cheap along with proxy server is best choice.

    +
    0 Votes
    JoeCuba

    I haven't used these two products but Barracuda makes an award winning product.

    I don't like out sourced services so I'm not proposing the following products in their current forms. But Cisco recently purchased Iron Port and I've seen commercials for the hardware so they may be selling a hardware product now as opposed to a service.

    Another company in the same space is Postini, but I don't know if they're selling a hardware product yet. They may have been acquired by McAfee (Network Associates) and if so I'm sure NA will sell the product. My friends swear by Postini's service.

    +
    0 Votes
    szander

    We have a 60 user network plus offsite offices. While not on the low end of pricing, Watchguard makes a number of excellent products and with their add-on web blocking will give you the added protection of blocking things like messenger.

    +
    0 Votes
    SBRION

    Watchguard is good...but beware they will discontinue support on your box every couple of years! Makes it real expensive and annoying! Nothing like feeling ripped off to make you move to another product.

    +
    0 Votes
    ScriptDummy

    I have worked with the Watchguard products and agree that they make a good product. I've also worked with the Cisco discontinued PIX and replacement ASA products but believe that they would be too expensive for your needs except that you could shift a lot of the content filtering to the ASA box.
    However I think another option that I would look into are the Linksys RV Series VPN Routers. They come with dual WAN ports that can be used to load balance, an Advanced SPI firewall, and can be used to VPN remote users OR HW - HW VPN Tunnels to remote offices.
    The RV042 4-port VPN Router can be had for less than $200 and the 8-port is in the mid to upper $300 range.
    I had a customer using one in an office with 75 people.

    +
    0 Votes
    razz2

    I disagree with the Linksys idea. I have deployed the RV
    Servies for small business customers but if your are on ISA
    06 and 2003 Enterprise then I will assume you can afford
    an entry level business class firewall. These <$200 boxes
    are based on consumer needs with poor logging and
    limited if any Webblocker type support. Also, VPN
    performance can increase greatly with a good VPN
    hardware device. Watchguard, Sonic wall, and Cisco are all
    fine products. I like watchguards myself but it is mostly
    personal choice and product models available in your
    price point. I like the Watchguard Core series with
    offboard management but the edge with an internal web
    based management works great too and the wireless offer
    guest services blocking wireless LAN from the Trusted
    LAN.

    Good Luck,

    razz

    +
    0 Votes
    glennkopf

    I have been an IT Security Manager and Engineer for many years and if you are looking for a solid perimeter security appliance for protecting yout IT assets, adding business value to your organization's mission and mitigating inherent risks, then look at the Nokia IPSO appliances. A little more expensive, but well worth it in terms of manageabilitiy and reliabilitiy with low TCO.

    +
    0 Votes
    NewBeeAdmin

    Sonicwall have good products we use it pretty much for every remote office. Only problem will be price for Unlimited node TZ 170 with 24 X 7 support will cost you close to 1K easily but they do some extra options that you can buy like IDS, enforece anti-virus, Content filtering, email filter and more. Now i am sure there are few other vendors out there but this is what we use so thought mentioning it.

    +
    0 Votes
    smaharajan

    Hi

    WatchGuard X series will be the best Hardware firewall compare to others like Sonicwall, Checkpoint, Cisco PIX because it has
    1. real time traffic monitoring.
    2. Java based System management tool will provide easy to deploy policy and configuration of Firewall.
    3. It has 8 port for using of DMZ, multplie Internet connection etc..

    +
    0 Votes
    Chris_Muncy

    I also recommend the Watchguard firewalls. I just purchased a Firebox x750e ( http://www.watchguard.com/products/x750e.asp ) with the Unified Threat Management package ( http://www.watchguard.com/products/UTM-bundle_core.asp ).
    For the hardware and 1 year of the subscription service for spam and virus and support, it came in at $3800.00 delivered from Dell.

    I first looked at a PIX setup, but they are at end-of-lofe. I looked at an ASA solution but lots of $$$$. I also looked at Barracuda, but you would need 3 boxes to do what the firebox does with the same throughput.

    I'm very happy with it.

    +
    0 Votes
    Dumphrey

    and you plan on keeping everything else in place, a solid whitebox 1u server with pfsense installed is a good option. Fast, reliable, and stable. Lack of vendor support may be a problem for you though.

    Other then that, I also prefer the Watchguard line now that the PIX is EoL.

  • +
    0 Votes
    BALTHOR

    The defense against computer virus is costing the Earth a lot of money!My advice would be to contact your computer manufacturer.Par for the course would be that these computer manufacturers never even heard of virus---

    +
    0 Votes
    ncrick

    any hardware firewall that is cheap along with proxy server is best choice.

    +
    0 Votes
    JoeCuba

    I haven't used these two products but Barracuda makes an award winning product.

    I don't like out sourced services so I'm not proposing the following products in their current forms. But Cisco recently purchased Iron Port and I've seen commercials for the hardware so they may be selling a hardware product now as opposed to a service.

    Another company in the same space is Postini, but I don't know if they're selling a hardware product yet. They may have been acquired by McAfee (Network Associates) and if so I'm sure NA will sell the product. My friends swear by Postini's service.

    +
    0 Votes
    szander

    We have a 60 user network plus offsite offices. While not on the low end of pricing, Watchguard makes a number of excellent products and with their add-on web blocking will give you the added protection of blocking things like messenger.

    +
    0 Votes
    SBRION

    Watchguard is good...but beware they will discontinue support on your box every couple of years! Makes it real expensive and annoying! Nothing like feeling ripped off to make you move to another product.

    +
    0 Votes
    ScriptDummy

    I have worked with the Watchguard products and agree that they make a good product. I've also worked with the Cisco discontinued PIX and replacement ASA products but believe that they would be too expensive for your needs except that you could shift a lot of the content filtering to the ASA box.
    However I think another option that I would look into are the Linksys RV Series VPN Routers. They come with dual WAN ports that can be used to load balance, an Advanced SPI firewall, and can be used to VPN remote users OR HW - HW VPN Tunnels to remote offices.
    The RV042 4-port VPN Router can be had for less than $200 and the 8-port is in the mid to upper $300 range.
    I had a customer using one in an office with 75 people.

    +
    0 Votes
    razz2

    I disagree with the Linksys idea. I have deployed the RV
    Servies for small business customers but if your are on ISA
    06 and 2003 Enterprise then I will assume you can afford
    an entry level business class firewall. These <$200 boxes
    are based on consumer needs with poor logging and
    limited if any Webblocker type support. Also, VPN
    performance can increase greatly with a good VPN
    hardware device. Watchguard, Sonic wall, and Cisco are all
    fine products. I like watchguards myself but it is mostly
    personal choice and product models available in your
    price point. I like the Watchguard Core series with
    offboard management but the edge with an internal web
    based management works great too and the wireless offer
    guest services blocking wireless LAN from the Trusted
    LAN.

    Good Luck,

    razz

    +
    0 Votes
    glennkopf

    I have been an IT Security Manager and Engineer for many years and if you are looking for a solid perimeter security appliance for protecting yout IT assets, adding business value to your organization's mission and mitigating inherent risks, then look at the Nokia IPSO appliances. A little more expensive, but well worth it in terms of manageabilitiy and reliabilitiy with low TCO.

    +
    0 Votes
    NewBeeAdmin

    Sonicwall have good products we use it pretty much for every remote office. Only problem will be price for Unlimited node TZ 170 with 24 X 7 support will cost you close to 1K easily but they do some extra options that you can buy like IDS, enforece anti-virus, Content filtering, email filter and more. Now i am sure there are few other vendors out there but this is what we use so thought mentioning it.

    +
    0 Votes
    smaharajan

    Hi

    WatchGuard X series will be the best Hardware firewall compare to others like Sonicwall, Checkpoint, Cisco PIX because it has
    1. real time traffic monitoring.
    2. Java based System management tool will provide easy to deploy policy and configuration of Firewall.
    3. It has 8 port for using of DMZ, multplie Internet connection etc..

    +
    0 Votes
    Chris_Muncy

    I also recommend the Watchguard firewalls. I just purchased a Firebox x750e ( http://www.watchguard.com/products/x750e.asp ) with the Unified Threat Management package ( http://www.watchguard.com/products/UTM-bundle_core.asp ).
    For the hardware and 1 year of the subscription service for spam and virus and support, it came in at $3800.00 delivered from Dell.

    I first looked at a PIX setup, but they are at end-of-lofe. I looked at an ASA solution but lots of $$$$. I also looked at Barracuda, but you would need 3 boxes to do what the firebox does with the same throughput.

    I'm very happy with it.

    +
    0 Votes
    Dumphrey

    and you plan on keeping everything else in place, a solid whitebox 1u server with pfsense installed is a good option. Fast, reliable, and stable. Lack of vendor support may be a problem for you though.

    Other then that, I also prefer the Watchguard line now that the PIX is EoL.