asked on

New Firewall

Hi,

I'm in the process of lining up a new firewall for our company. Our company is around 25 people in size and we have 5 of our 12 servers which are published on the Internet.

What is a suitable well respected highly rated hardware firewall for a company of our size ? I was looking at something like a Checkpoint small office FW.......

What kind of features should I be looking for, AV scanning, Intrusion detection, dynamic packet filtering ?

stevendunne

ASKER

How do these two rate ?

McAfee Secure-1
Checkpoint Safe@Office

Yan_west

I would go with a Cisco PIX 506e or pix 515e, you cannot go wrong with cisco technology. This baby is perfect for making vpn tunnels too.. Have a look at all the features. if you want more then 2 interfaces, I would go with the 515e, and add up other interface via a card.. so you can have your External/internal/Dmz/other interface on the firewall.

506e
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b13.html
515e
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html

Yan_west

Check point products are also excellent. you would go with the 225 Model? the only problem is that the # of possible remote vpn connection is kindda limited, while it'S unlimited with the cisco product (the 515e). It's the same for the pix 506e (25)

stevendunne

ASKER

We would only need 5 - 10 VPN connections at max.

How about the McAfee secure-1 box ? I like the idea that this includes AV scanning etc Does the Cisco box provide this ?

Les Moore

I also like the PIX. I'm not sold on mulitpurpose boxes, but here is a good comparison and report card on multiple different all-in-ones
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art914,00.html

Yan_west

Hmm, I don't know, i wouldnt use mcafee to secure my network... I had problem with their software firewall messing up some of my client's computer.. Deal with a corporation that has exclusive expertise in security/firewalls.

batmon34

Go with CheckPoint, Nokia CheckPoint (much easier to setup), Cisco PIX, NetScreen (ASIC based), or even MS-ISA 2004. Cool thing about ISA is that it does FW now and also does application layer filtering which othe FW can't...

stevendunne

ASKER

It looks as though I'll go for the Checkpoint safe@office 225 or 225u. I'll also look at adding in the extra security subscriptions like AV scanning & content filtering. Does anyone know if these are affective ?

tonyhowarth

Don't the PIX 501, while it's the little baby compared to some of the others above, if your not running large pipes it just might fit your bill.

It has the same software on as the 506 and 515 and at a fraction of the price you can have a spare one sat next to the live for less than 1 506?

Tony

stevendunne

ASKER

Any more news on the Checkpoint safe@office 225 or 225u, in terms of it capabilities of anti virus scanning with the extra subscriptions ?

Do anyone know how much memory the safe@office units have ?

stevendunne

ASKER

Help ?

batmon34

I use Nokia CheckPoint with AI and Smart Defense. Tell you to true, If you wanna take care your antiruses or content filterings, you should use another box to do it. How much they quoted you for the subscriptions? Symantec anti-virus does a better job. You can get Symantec Enterprise and it will take care your Exchange server, SMTP gateway, desktop PC, servers, etc... just compare the price and it how it goes.

stevendunne

ASKER

How about the Sonicwall TZ170 box ?

ASKER CERTIFIED SOLUTION

batmon34

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial