Questions

Firewall for WAN or Intranet

+
0 Votes
Locked

Firewall for WAN or Intranet

pc21geek
We currently have a Sonicwall soho3 for our firewall. They want to have a webserver on a dmz. What firewall should i suggest for either the WAN or intranet. I could use the sonciwall for the intranet firewall and purchase a WAN firewall. Budget is $400.00 or less. No need to VPN solution or content filtering as we already have them in place. Should i get another Sonicwall? I might be able to get an older PIX 501. But i have concerns as it is very old.

Thanks for your input.
Kevin
  • +
    0 Votes
    HAL 9000 Moderator

    And install ISA that comes with it that would be your best available solution.

    Col

    +
    0 Votes
    pc21geek

    We are running windows 2003 STD edition for the webserver. Should we just put ISA on there instead? Or add a firewall/router?

    +
    0 Votes
    CG IT

    if you don't have SBS premium but have Windows server 2003 standard you put ISA server on a seperate box with 2 NICs one WAN which connects directly to your ISP and one LAN

    +
    0 Votes
    HAL 9000 Moderator

    Any Windows Server Product is the wrong thing to have on the dangerous side of a DMZ but if you are going to have one there it should be the SBS R2 Premium Version that is acting as a router to the internal LAN. Ideally you should have a Linux/Unix Box doing this job but as many people are uncomfortable with using anything by Windows I didn't recommend this and as you didn't say how heavily the Web Server was going to be used I stuck with the cheaper version of 2003 that comes with better features to do what you required.

    If you already have the Web Server Setup using something different I don't know of any Router that you could buy for your Budgeted Price that's actually worth having. What I was suggesting was to forget about the router for this unit and build it into the Box as part of the Web Server Price where you should have the budget for the necessary items required.

    Col

    +
    0 Votes
    CG IT

    if you only have 1 public IP address and it's a DSL connection.

    If it was me and I had a budget of $400.00 and a single DSL line, I'd go with the Cisco 800 series routers.

    +
    0 Votes
    CG IT

    try the 800 series or if you want to spend the $$ 1800 series routers. These will do WAN many to one NAT.

    +
    0 Votes
    Scott DiOrio

    I would recommend getting a Netscreen 5GT101, Juniper is the manufacturer you may be able to pick one up used for around $400.00. New runs around $700.00.

    Thanks

    Scott

    +
    0 Votes
    SWells

    Does your version NOT have a DMZ port? If not you could always forward a port to the web server? What is the web server serving?

    Is the web server likely to be available to the general public? How much traffic do you think it will use etc? These questions will determine what sort of performance you need from the router and what sort of setup you will require.

  • +
    0 Votes
    HAL 9000 Moderator

    And install ISA that comes with it that would be your best available solution.

    Col

    +
    0 Votes
    pc21geek

    We are running windows 2003 STD edition for the webserver. Should we just put ISA on there instead? Or add a firewall/router?

    +
    0 Votes
    CG IT

    if you don't have SBS premium but have Windows server 2003 standard you put ISA server on a seperate box with 2 NICs one WAN which connects directly to your ISP and one LAN

    +
    0 Votes
    HAL 9000 Moderator

    Any Windows Server Product is the wrong thing to have on the dangerous side of a DMZ but if you are going to have one there it should be the SBS R2 Premium Version that is acting as a router to the internal LAN. Ideally you should have a Linux/Unix Box doing this job but as many people are uncomfortable with using anything by Windows I didn't recommend this and as you didn't say how heavily the Web Server was going to be used I stuck with the cheaper version of 2003 that comes with better features to do what you required.

    If you already have the Web Server Setup using something different I don't know of any Router that you could buy for your Budgeted Price that's actually worth having. What I was suggesting was to forget about the router for this unit and build it into the Box as part of the Web Server Price where you should have the budget for the necessary items required.

    Col

    +
    0 Votes
    CG IT

    if you only have 1 public IP address and it's a DSL connection.

    If it was me and I had a budget of $400.00 and a single DSL line, I'd go with the Cisco 800 series routers.

    +
    0 Votes
    CG IT

    try the 800 series or if you want to spend the $$ 1800 series routers. These will do WAN many to one NAT.

    +
    0 Votes
    Scott DiOrio

    I would recommend getting a Netscreen 5GT101, Juniper is the manufacturer you may be able to pick one up used for around $400.00. New runs around $700.00.

    Thanks

    Scott

    +
    0 Votes
    SWells

    Does your version NOT have a DMZ port? If not you could always forward a port to the web server? What is the web server serving?

    Is the web server likely to be available to the general public? How much traffic do you think it will use etc? These questions will determine what sort of performance you need from the router and what sort of setup you will require.