Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 433
  • Last Modified:

Recommend a Firewall Appliance

I'm looking into procuring a firewall appliance and would like some outside input..  our setup is as follows:

4 webservers on a T1, running NT/2000, hosting about 100 sites, mostly lighter traffic.  We'd like these in a DMZ for ease of management.

two mail servers.

several fileservers, both NT and novell

about 10 workstations/users, with capacity to grow.  we've had as many 15 and would like to grow beyond that.

I'm currently leaning toward the sonicwall pro 100.  price is a serious consideration (imagine, a small business with cash flow problems).

I'm looking for any and all suggestions.

thanks in advance.
Bill
0
squonk23
Asked:
squonk23
  • 3
  • 2
  • 2
  • +5
1 Solution
 
freddymiltnerCommented:
Hi Bill,
I recommend the use of a Watchguard Firebox 700 appliance.
We have several pleased customers with it, and there are some nice builtin Layer-7 Rulesets.

Pricing is roughly 2500 EUR
Detailed information:
http://www.watchguard.com/products/fbcompare.asp

cheers,
freddy
0
 
hstilesCommented:
freddymiltner,

By layer 7 ruleset - do you mean application proxies?

I would second the Firebox.  The only experience I've had of the Sonicwall wasn't particularly pleasant.

The Watchguard has the following very useful features:

HTTP Proxy - including Web Blocker (URL content filtering)
SMTP Proxy - attachment/attachment string blocking, domain masquerading and relay blocking
Powerful VPN capabilities, including PPTP and IPSec with Domain and Active Directory authentication (very handy)
trusted, optional and external interfaces
FTP and telnet proxies

Plus they're relatively painless to setup and install and have a very good set of management applications.  I would try and push for a 1000 though - they're much more powerful.
0
 
chris_calabreseCommented:
Also look at the Netscreens. Their proxy capabilities aren't that strong, but they're very easy to manage and are very well priced. They also do a slew of other things really well (high throughput, good IPsec VPN, etc.)
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
itiadminCommented:
Look at the SonicWall Pro 100. It gives you comprehensive security and a flexible management interface. I have configured in excess of 100 Sonicwalls without any problems.  For a small business you get the best bang for your buck.
0
 
lrmooreCommented:
I'm partial to Cisco PIX.

http:\\www.cisco.com\go\pix

0
 
squonk23Author Commented:
Does anyone know if the watchguard firebox 700 has DMZ support?  Their website doesn't mention it.

The cisco pix 501 doesn't support DMZ and the 515E is a bit pricey, given our current cash crunch.  the 515R is more reasonable, but I don't know in what way it is restricted.

The netscreen 25 might serve our purposes just fine.  We will not be using a proxy server.  Any one else have positive/negative experiences with these?
0
 
lrmooreCommented:
The Pix 515-R restricted license does not support failover, more than 3 interfaces, or more than 10,000 simultaneous connections.
The 515E-DMZ Restricted Bundle list price is $3695. Expect around 25-30% discount from that for street price.

I've heard good reports about Netscreen. As a matter of fact that is our Corporate standard supporting a global network with T3 Internet connection.
0
 
hstilesCommented:
The 700 does support a DMZ.  Basically, there's no different between the software capabilities of the 700,1000,2500 and 4500 - the top of the range features hardware 3DES acceleration, but all four models support the same basic functionality.
0
 
bcastaldoCommented:
if you have the funding i would wait for the new sidewinder firewall coming out from Secure Computing, the speed of layer 4 with layer 7, only problem is price, but Sidewinder are one of the best, if anybody says other wise they shouldnt be working in firewall administration field.  Second, the problem with them right now is speed and monitoring etc, and with the new Sidewinder G force whatever the hell they call it comes out it will fix those problems, check it out
0
 
squonk23Author Commented:
The Sidewinder is out o' our range ($5000+).

I'll probably get hammered for this as I don't see any reference to this appliance in any serious firewall discussions, but I have to ask.  Should I consider the 3COM OfficeConnect + DMZ?  It seems to be the cheapest offering (~$1100) for an appliance with DMZ.

0
 
lrmooreCommented:
You're right, you won't see any serious discussion about the 3Com being a firewall.

Have you considered the Cisco PIX? It is still the best bang for the buck, IMHO.
0
 
ferg-oCommented:
If everyone's having a go - Netscreen - they rock - we have an ISP client who haven't bounced theirs since we installed them - over 8 months!

Really smart features - no proxies though.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now