Solved

Which way should I go?

Posted on 2003-11-02
4
361 Views
Last Modified: 2013-11-16
My question concerns firewalls, looking for opinions here.
My company needs to implement a firewall solution, i am torn between buying a new appliance (firewal) or adding something to the spare cisco 2600 series router.
Was looking for a cisco solution either way we go.
Anybody have any experience (good or bad) either way?
I also need to implement a vpn soltion into this, does this mean I need a firewall appliance? Does anyone know of a good solution from cisco in the $5k to $10k range?
Thanks.
0
Comment
Question by:qbert123
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
sh00t3r earned 175 total points
ID: 9666962
The PIX offers exactly what your looking for as well as VPN. Althought the price varies.

Have you researched other possibilities? Is your preference of a cisco appliance just because you want to streamline your hardware?

Either way I would suggest looking at other options. Symantec has the veliciraptor and the SGS. Priced around 5-10k with full VPN. Checkpoint is also a great product. The symantec SGS offers Anti-Virus scanning, content filtering, and IDS (intrusion detection) among many other things. The PIX doesn't offer av, content filtering, or IDS, although there are options for configuring the PIX like an IDS system.

You'll want to make sure you get an application level firewall. Which means it's going to scan down the packet layer all the way to the application layer of the OSI model. Basically it's better security. Most of the corporate FW's are app level. I'd also recommend to get a hardware based firewall vs software. Enhanced security and failover.

How many end users?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 75 total points
ID: 9667196
Posted in your other related Q:
http://www.experts-exchange.com/Hardware/Routers/Q_20785490.html

I don't think I've ever disagreed with sh00t3r, but the PIX certainly does have built in IDS capabilities, not "like" an IDS system.

The PIX does have an awsome VPN capability built right in. Be sure to order the 3DES license (an extra $35 to handle export control costs) and you'll get up to 512bit AES encryption. The clien is the easiest to configure that I have ever seen.

If you want content filtering, anti-virus, or other features, then I would suggest the new Symantec gateway appliances as sh00t3r mentioned.

For a $10k budget, you can get a very nice multi-layer defense strategy going.


0
 

Author Comment

by:qbert123
ID: 9667203
My reasoning behind cisco equipment is simply throughput, but yes I like the idea of keeping all my hardware from the same manufacturer (for compatability sake) .There are 50+ end users not including the 4 VPN connections.Also something that I had failed to mention, there are 2 separate routers with two separate wan connections coming in, and I need to wire both ethernet ports through the firewall, Is this going to be an issue? Do they make such a beast as to allow for this?

Thanks in advance
 
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9670454
Well if there's anyone on this board I would agree with it would be Irmoore. I was under the assumption that the PIX IDS solution was more or less a limited IDS system. Glad I know now!

In regards to the two WAN connections. Most advanced corp firewalls have numerous NIC's that you can specify as WAN or LAN. If the two WAN connections are actually two seperate ISP's you'll have to use some type of load balancing hardware. Something like radware or BigIP F5 boxes. Otherwise you'll just plug the two WAN's into the two NIC's you specified as WAN connections. Hope this helps!

Sh00t3r


0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now