• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 387
  • Last Modified:

Small Business firewall

My company is going to a Server/Client setup.  Before we were a P2P network.  I will have a Win2K domain controller/file server and then a Win2K/Exchange2K server.  We currently have DSL then it goes into a hub and then to the machines.  What firewall would any of you recommend.  Obviously price is the biggest factor.  Should we go with a software firewall or hardware?  If hardware, where does it go?  Inbetween the DSL and the hub?

Thanks,
Dark
0
darkmagneto
Asked:
darkmagneto
1 Solution
 
alsuttonCommented:
Personally I'd recommend looking at the SnapGear firewalls (http://www.snapgear.com/). They reasonably priced and will do NAT, port forwarding, and will handle  PPTP VPN traffic should you want your users to work from home.

The Snapgear would sit between the DSL modem and the hub.
0
 
sprestonCommented:
There are 2 things to consider, cost, and ease of implementation/support.

Depending on the assets on your network (and assuming that your Exchange server is for internal and external email) would could install anything from a cheap Linksys router, up to something more robust like a SonicWall or FireBox.  These are likely to be a little more expensive than a software solution, but require almost zero maintenance, and are very simple to install.

Regarding a software firewall, if you have the ability to install and configure a Linux server, you'll get a LOT of bang for your buck there.  Obviously the installation and support costs will be somewhat higher, but your initial capital investiment will be lower.

My personal recommendation for a robust, reliable small office firewall would be a Watchguard FireBox SOHO 6 or 6tc firewall.  They're great little boxes, come from a mature firewall manufacturer, and are reasonably inexpensive.

Shawn

Shawn Preston, CISSP
Founder, SecureThinking
www.securethinking.net

"Where Information Security Evolves"
0
 
lrmooreCommented:
I've heard really good things about the D-Link DFL300: http://www.dlink.com/products/broadband/dfl300/

I'm also very partial to Cisco PIX. 501 or 506e are small office boxes. Even the small box has the same capabilities as the big ones. Differences include speed and performance:
http://www.cisco.com/go/pix
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
lrmooreCommented:
I've heard really good things about the D-Link DFL300: http://www.dlink.com/products/broadband/dfl300/

I'm also very partial to Cisco PIX. 501 or 506e are small office boxes. Even the small box has the same capabilities as the big ones. Differences include speed and performance:
http://www.cisco.com/go/pix

Either one would go same place as the snapgear:

DSL modem -->firewall-->hub
0
 
cbruce8Commented:
I have good experiences with the PIX line.
There is a new model out for SOHO. Cheap, about the size of an external modem. -But still good stuff.
0
 
darkmagnetoAuthor Commented:
I see the Cisco PIX 501.  That is right in our price range.  This unit is ok to put between our DSL Modem/Router and our Hub?  Also, does the PIX 501 have a interface on it so I can take a look at some log information?  Basically my boss would like to see what internet sites employee's are going to and I would like to see what ports are being attacked and such.

Thanks,
Dark
0
 
hstilesCommented:
I would also opt for a Firebox SOHO 6 t/c.  It supports IPSec VPN (up to 6 people), has a decent DHCP server, syslog logging (you can get all sorts of syslog services for NT/2000).  It also has a web blocker option for limiting access to questionable sites, etc...

They're not that expensive either
0
 
freddymiltnerCommented:
As I heard from our Distributor, the Soho 6 will be soon a so called END-OF-LIFE Product.

Can someone verify this ?

I would opt for a Fortinet Fortigate 50.
These Boxes have an integrated AV-Scanner(Mail,http,VPN) & IDS, and have also an easy-to-use GUI...
0
 
lrmooreCommented:
darkmagneto,
To answer your latest questions, yes, the PIX has a java-based GUI that provides you with logging information, and many other charts and graphs that you can get either in real-time or historical.
0
 
mbarbosCommented:
To annoy a little bit lrmoore, that java interface is a nightmare, it always messes up my nice CLI configuration :) (but ALL my PIX experiences were nice, which is somwthing I can't say about most of the other nice and cheap SOHO products I've touched)

But I have a (stupid) question: why doesn't anyone go for a linux firewall solution ? A well configured linux firewall is at least as secure as a SOHO product, it's a lot more flexible and powerfull and can be easily upgraded. And security holes get fixed fast (which is usually not the case with a small SOHO product)
0
 
darkmagnetoAuthor Commented:
My boss has decided on the Cisco PIX line.  Thanks for all of your help!  This board is just great!
0
 
lrmooreCommented:
Glad to help out!
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now