darkmagneto
asked on
Small Business firewall
My company is going to a Server/Client setup. Before we were a P2P network. I will have a Win2K domain controller/file server and then a Win2K/Exchange2K server. We currently have DSL then it goes into a hub and then to the machines. What firewall would any of you recommend. Obviously price is the biggest factor. Should we go with a software firewall or hardware? If hardware, where does it go? Inbetween the DSL and the hub?
Thanks,
Dark
Thanks,
Dark
There are 2 things to consider, cost, and ease of implementation/support.
Depending on the assets on your network (and assuming that your Exchange server is for internal and external email) would could install anything from a cheap Linksys router, up to something more robust like a SonicWall or FireBox. These are likely to be a little more expensive than a software solution, but require almost zero maintenance, and are very simple to install.
Regarding a software firewall, if you have the ability to install and configure a Linux server, you'll get a LOT of bang for your buck there. Obviously the installation and support costs will be somewhat higher, but your initial capital investiment will be lower.
My personal recommendation for a robust, reliable small office firewall would be a Watchguard FireBox SOHO 6 or 6tc firewall. They're great little boxes, come from a mature firewall manufacturer, and are reasonably inexpensive.
Shawn
Shawn Preston, CISSP
Founder, SecureThinking
www.securethinking.net
"Where Information Security Evolves"
Depending on the assets on your network (and assuming that your Exchange server is for internal and external email) would could install anything from a cheap Linksys router, up to something more robust like a SonicWall or FireBox. These are likely to be a little more expensive than a software solution, but require almost zero maintenance, and are very simple to install.
Regarding a software firewall, if you have the ability to install and configure a Linux server, you'll get a LOT of bang for your buck there. Obviously the installation and support costs will be somewhat higher, but your initial capital investiment will be lower.
My personal recommendation for a robust, reliable small office firewall would be a Watchguard FireBox SOHO 6 or 6tc firewall. They're great little boxes, come from a mature firewall manufacturer, and are reasonably inexpensive.
Shawn
Shawn Preston, CISSP
Founder, SecureThinking
www.securethinking.net
"Where Information Security Evolves"
I've heard really good things about the D-Link DFL300: http://www.dlink.com/products/broadband/dfl300/
I'm also very partial to Cisco PIX. 501 or 506e are small office boxes. Even the small box has the same capabilities as the big ones. Differences include speed and performance:
http://www.cisco.com/go/pix
I'm also very partial to Cisco PIX. 501 or 506e are small office boxes. Even the small box has the same capabilities as the big ones. Differences include speed and performance:
http://www.cisco.com/go/pix
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have good experiences with the PIX line.
There is a new model out for SOHO. Cheap, about the size of an external modem. -But still good stuff.
There is a new model out for SOHO. Cheap, about the size of an external modem. -But still good stuff.
ASKER
I see the Cisco PIX 501. That is right in our price range. This unit is ok to put between our DSL Modem/Router and our Hub? Also, does the PIX 501 have a interface on it so I can take a look at some log information? Basically my boss would like to see what internet sites employee's are going to and I would like to see what ports are being attacked and such.
Thanks,
Dark
Thanks,
Dark
I would also opt for a Firebox SOHO 6 t/c. It supports IPSec VPN (up to 6 people), has a decent DHCP server, syslog logging (you can get all sorts of syslog services for NT/2000). It also has a web blocker option for limiting access to questionable sites, etc...
They're not that expensive either
They're not that expensive either
As I heard from our Distributor, the Soho 6 will be soon a so called END-OF-LIFE Product.
Can someone verify this ?
I would opt for a Fortinet Fortigate 50.
These Boxes have an integrated AV-Scanner(Mail,http,VPN) & IDS, and have also an easy-to-use GUI...
Can someone verify this ?
I would opt for a Fortinet Fortigate 50.
These Boxes have an integrated AV-Scanner(Mail,http,VPN) & IDS, and have also an easy-to-use GUI...
darkmagneto,
To answer your latest questions, yes, the PIX has a java-based GUI that provides you with logging information, and many other charts and graphs that you can get either in real-time or historical.
To answer your latest questions, yes, the PIX has a java-based GUI that provides you with logging information, and many other charts and graphs that you can get either in real-time or historical.
To annoy a little bit lrmoore, that java interface is a nightmare, it always messes up my nice CLI configuration :) (but ALL my PIX experiences were nice, which is somwthing I can't say about most of the other nice and cheap SOHO products I've touched)
But I have a (stupid) question: why doesn't anyone go for a linux firewall solution ? A well configured linux firewall is at least as secure as a SOHO product, it's a lot more flexible and powerfull and can be easily upgraded. And security holes get fixed fast (which is usually not the case with a small SOHO product)
But I have a (stupid) question: why doesn't anyone go for a linux firewall solution ? A well configured linux firewall is at least as secure as a SOHO product, it's a lot more flexible and powerfull and can be easily upgraded. And security holes get fixed fast (which is usually not the case with a small SOHO product)
ASKER
My boss has decided on the Cisco PIX line. Thanks for all of your help! This board is just great!
Glad to help out!
The Snapgear would sit between the DSL modem and the hub.