[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Which way should I go?

Posted on 2003-11-02
4
Medium Priority
?
370 Views
Last Modified: 2013-11-16
My question concerns firewalls, looking for opinions here.
My company needs to implement a firewall solution, i am torn between buying a new appliance (firewal) or adding something to the spare cisco 2600 series router.
Was looking for a cisco solution either way we go.
Anybody have any experience (good or bad) either way?
I also need to implement a vpn soltion into this, does this mean I need a firewall appliance? Does anyone know of a good solution from cisco in the $5k to $10k range?
Thanks.
0
Comment
Question by:qbert123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 2

Accepted Solution

by:
sh00t3r earned 700 total points
ID: 9666962
The PIX offers exactly what your looking for as well as VPN. Althought the price varies.

Have you researched other possibilities? Is your preference of a cisco appliance just because you want to streamline your hardware?

Either way I would suggest looking at other options. Symantec has the veliciraptor and the SGS. Priced around 5-10k with full VPN. Checkpoint is also a great product. The symantec SGS offers Anti-Virus scanning, content filtering, and IDS (intrusion detection) among many other things. The PIX doesn't offer av, content filtering, or IDS, although there are options for configuring the PIX like an IDS system.

You'll want to make sure you get an application level firewall. Which means it's going to scan down the packet layer all the way to the application layer of the OSI model. Basically it's better security. Most of the corporate FW's are app level. I'd also recommend to get a hardware based firewall vs software. Enhanced security and failover.

How many end users?
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 300 total points
ID: 9667196
Posted in your other related Q:
http://www.experts-exchange.com/Hardware/Routers/Q_20785490.html

I don't think I've ever disagreed with sh00t3r, but the PIX certainly does have built in IDS capabilities, not "like" an IDS system.

The PIX does have an awsome VPN capability built right in. Be sure to order the 3DES license (an extra $35 to handle export control costs) and you'll get up to 512bit AES encryption. The clien is the easiest to configure that I have ever seen.

If you want content filtering, anti-virus, or other features, then I would suggest the new Symantec gateway appliances as sh00t3r mentioned.

For a $10k budget, you can get a very nice multi-layer defense strategy going.


0
 

Author Comment

by:qbert123
ID: 9667203
My reasoning behind cisco equipment is simply throughput, but yes I like the idea of keeping all my hardware from the same manufacturer (for compatability sake) .There are 50+ end users not including the 4 VPN connections.Also something that I had failed to mention, there are 2 separate routers with two separate wan connections coming in, and I need to wire both ethernet ports through the firewall, Is this going to be an issue? Do they make such a beast as to allow for this?

Thanks in advance
 
0
 
LVL 2

Expert Comment

by:sh00t3r
ID: 9670454
Well if there's anyone on this board I would agree with it would be Irmoore. I was under the assumption that the PIX IDS solution was more or less a limited IDS system. Glad I know now!

In regards to the two WAN connections. Most advanced corp firewalls have numerous NIC's that you can specify as WAN or LAN. If the two WAN connections are actually two seperate ISP's you'll have to use some type of load balancing hardware. Something like radware or BigIP F5 boxes. Otherwise you'll just plug the two WAN's into the two NIC's you specified as WAN connections. Hope this helps!

Sh00t3r


0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question