I am trying to recommend a firewall solution for a small to medium business (SMO), where I recently replaced the IT consultant. The prganization currently uses Proxy Server 2.0 with Zone Alarm as its Internet firewall. It has a WAN with two additional locations, about 100 users, and four servers. Its Web presence is hosted elsewhere by an ISP. I feel that Proxy-Zone Alarm does not make for a sufficient enterprise firewall and seek an appropriate solution. I have considered:
CheckPoint (too expensive for this)
Cicso PIX 506
GNATBox (good, but not as robust or established as Cisco)
Microsoft ISA
Border Manager (we are mostly W2K AD)
I feel comfortable about the PIX and have implemented it before. It provides a good firewall, allows forVPN, and is a price-effective stand-alone. Some have recommended ISA, including a TechRepublic columnist, as a similarly priced alternative. However, while the products themselves are similarly priced, ISA requires the purchase of server hardware and a W2K Server license. I believe that I can implement user-level Internet access authentication with the PIX using IAS on another W2K server as RADIUS, although I am uncertain about the nature of this.
My questions are:
1. Am I right that the current Proxy-ZA “firewall” solution is a poor one? (The server is also a DC, DNS, DHCP, the lone Exchange server, file server, print server, and Master server for Inoculate virus updates.)
2. Is there any way that ISA provides more options for meeting my needs than the PIX 506 does, and does it justify the additional expense?
3. Any idea what I can do through RADIUS-W2K IAS? Can I allow Internet access based on Windows group membership?
4. Am I missing anything?
Thank you in advance to anyonewho has a chance to respond to this lengthy inquiry. I am jsut looking for some verification (or rejection) of my ideas.
