?
Solved

Which way should I go?

Posted on 2003-11-02
4
Medium Priority
?
369 Views
Last Modified: 2013-11-16
My question concerns firewalls, looking for opinions here.
My company needs to implement a firewall solution, i am torn between buying a new appliance (firewal) or adding something to the spare cisco 2600 series router.
Was looking for a cisco solution either way we go.
Anybody have any experience (good or bad) either way?
I also need to implement a vpn soltion into this, does this mean I need a firewall appliance? Does anyone know of a good solution from cisco in the $5k to $10k range?
Thanks.
0
Comment
Question by:qbert123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
sh00t3r earned 700 total points
ID: 9666962
The PIX offers exactly what your looking for as well as VPN. Althought the price varies.

Have you researched other possibilities? Is your preference of a cisco appliance just because you want to streamline your hardware?

Either way I would suggest looking at other options. Symantec has the veliciraptor and the SGS. Priced around 5-10k with full VPN. Checkpoint is also a great product. The symantec SGS offers Anti-Virus scanning, content filtering, and IDS (intrusion detection) among many other things. The PIX doesn't offer av, content filtering, or IDS, although there are options for configuring the PIX like an IDS system.

You'll want to make sure you get an application level firewall. Which means it's going to scan down the packet layer all the way to the application layer of the OSI model. Basically it's better security. Most of the corporate FW's are app level. I'd also recommend to get a hardware based firewall vs software. Enhanced security and failover.

How many end users?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 9667196
Posted in your other related Q:
http://www.experts-exchange.com/Hardware/Routers/Q_20785490.html

I don't think I've ever disagreed with sh00t3r, but the PIX certainly does have built in IDS capabilities, not "like" an IDS system.

The PIX does have an awsome VPN capability built right in. Be sure to order the 3DES license (an extra $35 to handle export control costs) and you'll get up to 512bit AES encryption. The clien is the easiest to configure that I have ever seen.

If you want content filtering, anti-virus, or other features, then I would suggest the new Symantec gateway appliances as sh00t3r mentioned.

For a $10k budget, you can get a very nice multi-layer defense strategy going.


0
 

Author Comment

by:qbert123
ID: 9667203
My reasoning behind cisco equipment is simply throughput, but yes I like the idea of keeping all my hardware from the same manufacturer (for compatability sake) .There are 50+ end users not including the 4 VPN connections.Also something that I had failed to mention, there are 2 separate routers with two separate wan connections coming in, and I need to wire both ethernet ports through the firewall, Is this going to be an issue? Do they make such a beast as to allow for this?

Thanks in advance
 
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9670454
Well if there's anyone on this board I would agree with it would be Irmoore. I was under the assumption that the PIX IDS solution was more or less a limited IDS system. Glad I know now!

In regards to the two WAN connections. Most advanced corp firewalls have numerous NIC's that you can specify as WAN or LAN. If the two WAN connections are actually two seperate ISP's you'll have to use some type of load balancing hardware. Something like radware or BigIP F5 boxes. Otherwise you'll just plug the two WAN's into the two NIC's you specified as WAN connections. Hope this helps!

Sh00t3r


0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month14 days, 16 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question