Solved

Which way should I go?

Posted on 2003-11-02
4
366 Views
Last Modified: 2013-11-16
My question concerns firewalls, looking for opinions here.
My company needs to implement a firewall solution, i am torn between buying a new appliance (firewal) or adding something to the spare cisco 2600 series router.
Was looking for a cisco solution either way we go.
Anybody have any experience (good or bad) either way?
I also need to implement a vpn soltion into this, does this mean I need a firewall appliance? Does anyone know of a good solution from cisco in the $5k to $10k range?
Thanks.
0
Comment
Question by:qbert123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
sh00t3r earned 175 total points
ID: 9666962
The PIX offers exactly what your looking for as well as VPN. Althought the price varies.

Have you researched other possibilities? Is your preference of a cisco appliance just because you want to streamline your hardware?

Either way I would suggest looking at other options. Symantec has the veliciraptor and the SGS. Priced around 5-10k with full VPN. Checkpoint is also a great product. The symantec SGS offers Anti-Virus scanning, content filtering, and IDS (intrusion detection) among many other things. The PIX doesn't offer av, content filtering, or IDS, although there are options for configuring the PIX like an IDS system.

You'll want to make sure you get an application level firewall. Which means it's going to scan down the packet layer all the way to the application layer of the OSI model. Basically it's better security. Most of the corporate FW's are app level. I'd also recommend to get a hardware based firewall vs software. Enhanced security and failover.

How many end users?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 75 total points
ID: 9667196
Posted in your other related Q:
http://www.experts-exchange.com/Hardware/Routers/Q_20785490.html

I don't think I've ever disagreed with sh00t3r, but the PIX certainly does have built in IDS capabilities, not "like" an IDS system.

The PIX does have an awsome VPN capability built right in. Be sure to order the 3DES license (an extra $35 to handle export control costs) and you'll get up to 512bit AES encryption. The clien is the easiest to configure that I have ever seen.

If you want content filtering, anti-virus, or other features, then I would suggest the new Symantec gateway appliances as sh00t3r mentioned.

For a $10k budget, you can get a very nice multi-layer defense strategy going.


0
 

Author Comment

by:qbert123
ID: 9667203
My reasoning behind cisco equipment is simply throughput, but yes I like the idea of keeping all my hardware from the same manufacturer (for compatability sake) .There are 50+ end users not including the 4 VPN connections.Also something that I had failed to mention, there are 2 separate routers with two separate wan connections coming in, and I need to wire both ethernet ports through the firewall, Is this going to be an issue? Do they make such a beast as to allow for this?

Thanks in advance
 
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9670454
Well if there's anyone on this board I would agree with it would be Irmoore. I was under the assumption that the PIX IDS solution was more or less a limited IDS system. Glad I know now!

In regards to the two WAN connections. Most advanced corp firewalls have numerous NIC's that you can specify as WAN or LAN. If the two WAN connections are actually two seperate ISP's you'll have to use some type of load balancing hardware. Something like radware or BigIP F5 boxes. Otherwise you'll just plug the two WAN's into the two NIC's you specified as WAN connections. Hope this helps!

Sh00t3r


0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question