General discussion

  • Creator
    Topic
  • #2255028

    Hardware firewall, which one ?

    Locked

    by marco7683-info ·

    Hardware firewall for 85 users ?
    Hello everybody,

    i would like to setup an hardware firewall in my company.

    At this time we have.

    One server running as file server and firewall
    with:
    – Windows server 2003 R2 enterprise edition.

    – Isa 2006 enterprise edition running as a gateway firewall.

    – GFI web monitor real time antivirus scanning. (We block all the mp3, exe, msn, and scan all the remaning content with kaspersky and bitdefender).

    – Kaspersky fileserver and workstation for each computer manage by Kaspersky administration kit.

    All the incoming traffic is scanned by Isa 2006.
    We also block all the msn messenger traffic.

    To improve the safety i would like to setup a such firewall:
    D-link DFL-M510
    http://www.dlink.com/products/?sec=2&pid=455 or Symantec? Gateway Security 300 Series
    http://www.symantec.com/region/hk/product/gtw/

    Could you give me your advices concerning such devices.

    Thanks for your answers.

    Pierre

All Comments

  • Author
    Replies
    • #2539887

      BUILD IT AND THEY’LL WRECK IT

      by balthor ·

      In reply to Hardware firewall, which one ?

      The defense against computer virus is costing the Earth a lot of money!My advice would be to contact your computer manufacturer.Par for the course would be that these computer manufacturers never even heard of virus—

    • #2539876

      Use a Proxy Server

      by ncrick ·

      In reply to Hardware firewall, which one ?

      any hardware firewall that is cheap along with proxy server is best choice.

      • #2539821

        Other options

        by joecuba ·

        In reply to Use a Proxy Server

        I haven’t used these two products but Barracuda makes an award winning product.

        I don’t like out sourced services so I’m not proposing the following products in their current forms. But Cisco recently purchased Iron Port and I’ve seen commercials for the hardware so they may be selling a hardware product now as opposed to a service.

        Another company in the same space is Postini, but I don’t know if they’re selling a hardware product yet. They may have been acquired by McAfee (Network Associates) and if so I’m sure NA will sell the product. My friends swear by Postini’s service.

    • #2539256

      Look at Watchguard

      by szander ·

      In reply to Hardware firewall, which one ?

      We have a 60 user network plus offsite offices. While not on the low end of pricing, Watchguard makes a number of excellent products and with their add-on web blocking will give you the added protection of blocking things like messenger.

      • #2764555

        Watchguard – Watch Out

        by sbrion ·

        In reply to Look at Watchguard

        Watchguard is good…but beware they will discontinue support on your box every couple of years! Makes it real expensive and annoying! Nothing like feeling ripped off to make you move to another product.

    • #2539051

      Another Option

      by scriptdummy ·

      In reply to Hardware firewall, which one ?

      I have worked with the Watchguard products and agree that they make a good product. I’ve also worked with the Cisco discontinued PIX and replacement ASA products but believe that they would be too expensive for your needs except that you could shift a lot of the content filtering to the ASA box.
      However I think another option that I would look into are the Linksys RV Series VPN Routers. They come with dual WAN ports that can be used to load balance, an Advanced SPI firewall, and can be used to VPN remote users OR HW – HW VPN Tunnels to remote offices.
      The RV042 4-port VPN Router can be had for less than $200 and the 8-port is in the mid to upper $300 range.
      I had a customer using one in an office with 75 people.

    • #2518938

      Avoid Consumer

      by razz2 ·

      In reply to Hardware firewall, which one ?

      I disagree with the Linksys idea. I have deployed the RV
      Servies for small business customers but if your are on ISA
      06 and 2003 Enterprise then I will assume you can afford
      an entry level business class firewall. These <$200 boxes are based on consumer needs with poor logging and limited if any Webblocker type support. Also, VPN performance can increase greatly with a good VPN hardware device. Watchguard, Sonic wall, and Cisco are all fine products. I like watchguards myself but it is mostly personal choice and product models available in your price point. I like the Watchguard Core series with offboard management but the edge with an internal web based management works great too and the wireless offer guest services blocking wireless LAN from the Trusted LAN. Good Luck, razz

    • #2525222

      Look at Nokia IPSO

      by glennkopf ·

      In reply to Hardware firewall, which one ?

      I have been an IT Security Manager and Engineer for many years and if you are looking for a solid perimeter security appliance for protecting yout IT assets, adding business value to your organization’s mission and mitigating inherent risks, then look at the Nokia IPSO appliances. A little more expensive, but well worth it in terms of manageabilitiy and reliabilitiy with low TCO.

      • #2525184

        Sonicwall’s

        by newbeeadmin ·

        In reply to Look at Nokia IPSO

        Sonicwall have good products we use it pretty much for every remote office. Only problem will be price for Unlimited node TZ 170 with 24 X 7 support will cost you close to 1K easily but they do some extra options that you can buy like IDS, enforece anti-virus, Content filtering, email filter and more. Now i am sure there are few other vendors out there but this is what we use so thought mentioning it.

    • #2530759

      Hardware firewall, which one ?

      by smaharajan ·

      In reply to Hardware firewall, which one ?

      Hi

      WatchGuard X series will be the best Hardware firewall compare to others like Sonicwall, Checkpoint, Cisco PIX because it has
      1. real time traffic monitoring.
      2. Java based System management tool will provide easy to deploy policy and configuration of Firewall.
      3. It has 8 port for using of DMZ, multplie Internet connection etc..

      • #2530685

        Firebox

        by chris_muncy ·

        In reply to Hardware firewall, which one ?

        I also recommend the Watchguard firewalls. I just purchased a Firebox x750e ( http://www.watchguard.com/products/x750e.asp ) with the Unified Threat Management package ( http://www.watchguard.com/products/UTM-bundle_core.asp ).
        For the hardware and 1 year of the subscription service for spam and virus and support, it came in at $3800.00 delivered from Dell.

        I first looked at a PIX setup, but they are at end-of-lofe. I looked at an ASA solution but lots of $$$$. I also looked at Barracuda, but you would need 3 boxes to do what the firebox does with the same throughput.

        I’m very happy with it.

    • #2764546

      If all you want is firewall services

      by dumphrey ·

      In reply to Hardware firewall, which one ?

      and you plan on keeping everything else in place, a solid whitebox 1u server with pfsense installed is a good option. Fast, reliable, and stable. Lack of vendor support may be a problem for you though.

      Other then that, I also prefer the Watchguard line now that the PIX is EoL.

Viewing 7 reply threads