?
Solved

Small Business firewall

Posted on 2003-02-20
12
Medium Priority
?
383 Views
Last Modified: 2013-11-16
My company is going to a Server/Client setup.  Before we were a P2P network.  I will have a Win2K domain controller/file server and then a Win2K/Exchange2K server.  We currently have DSL then it goes into a hub and then to the machines.  What firewall would any of you recommend.  Obviously price is the biggest factor.  Should we go with a software firewall or hardware?  If hardware, where does it go?  Inbetween the DSL and the hub?

Thanks,
Dark
0
Comment
Question by:darkmagneto
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 

Expert Comment

by:alsutton
ID: 7988756
Personally I'd recommend looking at the SnapGear firewalls (http://www.snapgear.com/). They reasonably priced and will do NAT, port forwarding, and will handle  PPTP VPN traffic should you want your users to work from home.

The Snapgear would sit between the DSL modem and the hub.
0
 
LVL 1

Expert Comment

by:spreston
ID: 7989122
There are 2 things to consider, cost, and ease of implementation/support.

Depending on the assets on your network (and assuming that your Exchange server is for internal and external email) would could install anything from a cheap Linksys router, up to something more robust like a SonicWall or FireBox.  These are likely to be a little more expensive than a software solution, but require almost zero maintenance, and are very simple to install.

Regarding a software firewall, if you have the ability to install and configure a Linux server, you'll get a LOT of bang for your buck there.  Obviously the installation and support costs will be somewhat higher, but your initial capital investiment will be lower.

My personal recommendation for a robust, reliable small office firewall would be a Watchguard FireBox SOHO 6 or 6tc firewall.  They're great little boxes, come from a mature firewall manufacturer, and are reasonably inexpensive.

Shawn

Shawn Preston, CISSP
Founder, SecureThinking
www.securethinking.net

"Where Information Security Evolves"
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7989416
I've heard really good things about the D-Link DFL300: http://www.dlink.com/products/broadband/dfl300/

I'm also very partial to Cisco PIX. 501 or 506e are small office boxes. Even the small box has the same capabilities as the big ones. Differences include speed and performance:
http://www.cisco.com/go/pix
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 79

Accepted Solution

by:
lrmoore earned 100 total points
ID: 7989423
I've heard really good things about the D-Link DFL300: http://www.dlink.com/products/broadband/dfl300/

I'm also very partial to Cisco PIX. 501 or 506e are small office boxes. Even the small box has the same capabilities as the big ones. Differences include speed and performance:
http://www.cisco.com/go/pix

Either one would go same place as the snapgear:

DSL modem -->firewall-->hub
0
 

Expert Comment

by:cbruce8
ID: 7989516
I have good experiences with the PIX line.
There is a new model out for SOHO. Cheap, about the size of an external modem. -But still good stuff.
0
 

Author Comment

by:darkmagneto
ID: 7989898
I see the Cisco PIX 501.  That is right in our price range.  This unit is ok to put between our DSL Modem/Router and our Hub?  Also, does the PIX 501 have a interface on it so I can take a look at some log information?  Basically my boss would like to see what internet sites employee's are going to and I would like to see what ports are being attacked and such.

Thanks,
Dark
0
 
LVL 13

Expert Comment

by:hstiles
ID: 7993023
I would also opt for a Firebox SOHO 6 t/c.  It supports IPSec VPN (up to 6 people), has a decent DHCP server, syslog logging (you can get all sorts of syslog services for NT/2000).  It also has a web blocker option for limiting access to questionable sites, etc...

They're not that expensive either
0
 

Expert Comment

by:freddymiltner
ID: 7993947
As I heard from our Distributor, the Soho 6 will be soon a so called END-OF-LIFE Product.

Can someone verify this ?

I would opt for a Fortinet Fortigate 50.
These Boxes have an integrated AV-Scanner(Mail,http,VPN) & IDS, and have also an easy-to-use GUI...
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 7995933
darkmagneto,
To answer your latest questions, yes, the PIX has a java-based GUI that provides you with logging information, and many other charts and graphs that you can get either in real-time or historical.
0
 
LVL 6

Expert Comment

by:mbarbos
ID: 7996555
To annoy a little bit lrmoore, that java interface is a nightmare, it always messes up my nice CLI configuration :) (but ALL my PIX experiences were nice, which is somwthing I can't say about most of the other nice and cheap SOHO products I've touched)

But I have a (stupid) question: why doesn't anyone go for a linux firewall solution ? A well configured linux firewall is at least as secure as a SOHO product, it's a lot more flexible and powerfull and can be easily upgraded. And security holes get fixed fast (which is usually not the case with a small SOHO product)
0
 

Author Comment

by:darkmagneto
ID: 8003636
My boss has decided on the Cisco PIX line.  Thanks for all of your help!  This board is just great!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8003676
Glad to help out!
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question