Recommend a Firewall Appliance

Posted on 2003-02-18
Medium Priority
Last Modified: 2013-11-16
I'm looking into procuring a firewall appliance and would like some outside input..  our setup is as follows:

4 webservers on a T1, running NT/2000, hosting about 100 sites, mostly lighter traffic.  We'd like these in a DMZ for ease of management.

two mail servers.

several fileservers, both NT and novell

about 10 workstations/users, with capacity to grow.  we've had as many 15 and would like to grow beyond that.

I'm currently leaning toward the sonicwall pro 100.  price is a serious consideration (imagine, a small business with cash flow problems).

I'm looking for any and all suggestions.

thanks in advance.
Question by:squonk23
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +5

Accepted Solution

freddymiltner earned 150 total points
ID: 7980279
Hi Bill,
I recommend the use of a Watchguard Firebox 700 appliance.
We have several pleased customers with it, and there are some nice builtin Layer-7 Rulesets.

Pricing is roughly 2500 EUR
Detailed information:

LVL 13

Expert Comment

ID: 7980427

By layer 7 ruleset - do you mean application proxies?

I would second the Firebox.  The only experience I've had of the Sonicwall wasn't particularly pleasant.

The Watchguard has the following very useful features:

HTTP Proxy - including Web Blocker (URL content filtering)
SMTP Proxy - attachment/attachment string blocking, domain masquerading and relay blocking
Powerful VPN capabilities, including PPTP and IPSec with Domain and Active Directory authentication (very handy)
trusted, optional and external interfaces
FTP and telnet proxies

Plus they're relatively painless to setup and install and have a very good set of management applications.  I would try and push for a 1000 though - they're much more powerful.
LVL 14

Expert Comment

ID: 7981550
Also look at the Netscreens. Their proxy capabilities aren't that strong, but they're very easy to manage and are very well priced. They also do a slew of other things really well (high throughput, good IPsec VPN, etc.)
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.


Expert Comment

ID: 7985584
Look at the SonicWall Pro 100. It gives you comprehensive security and a flexible management interface. I have configured in excess of 100 Sonicwalls without any problems.  For a small business you get the best bang for your buck.
LVL 79

Expert Comment

ID: 7986993
I'm partial to Cisco PIX.



Author Comment

ID: 7988880
Does anyone know if the watchguard firebox 700 has DMZ support?  Their website doesn't mention it.

The cisco pix 501 doesn't support DMZ and the 515E is a bit pricey, given our current cash crunch.  the 515R is more reasonable, but I don't know in what way it is restricted.

The netscreen 25 might serve our purposes just fine.  We will not be using a proxy server.  Any one else have positive/negative experiences with these?
LVL 79

Expert Comment

ID: 7989633
The Pix 515-R restricted license does not support failover, more than 3 interfaces, or more than 10,000 simultaneous connections.
The 515E-DMZ Restricted Bundle list price is $3695. Expect around 25-30% discount from that for street price.

I've heard good reports about Netscreen. As a matter of fact that is our Corporate standard supporting a global network with T3 Internet connection.
LVL 13

Expert Comment

ID: 7992298
The 700 does support a DMZ.  Basically, there's no different between the software capabilities of the 700,1000,2500 and 4500 - the top of the range features hardware 3DES acceleration, but all four models support the same basic functionality.

Expert Comment

ID: 8002748
if you have the funding i would wait for the new sidewinder firewall coming out from Secure Computing, the speed of layer 4 with layer 7, only problem is price, but Sidewinder are one of the best, if anybody says other wise they shouldnt be working in firewall administration field.  Second, the problem with them right now is speed and monitoring etc, and with the new Sidewinder G force whatever the hell they call it comes out it will fix those problems, check it out

Author Comment

ID: 8009970
The Sidewinder is out o' our range ($5000+).

I'll probably get hammered for this as I don't see any reference to this appliance in any serious firewall discussions, but I have to ask.  Should I consider the 3COM OfficeConnect + DMZ?  It seems to be the cheapest offering (~$1100) for an appliance with DMZ.

LVL 79

Expert Comment

ID: 8111426
You're right, you won't see any serious discussion about the 3Com being a firewall.

Have you considered the Cisco PIX? It is still the best bang for the buck, IMHO.

Expert Comment

ID: 8125751
If everyone's having a go - Netscreen - they rock - we have an ISP client who haven't bounced theirs since we installed them - over 8 months!

Really smart features - no proxies though.

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses
Course of the Month14 days, 20 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question