Solved

New Firewall

Posted on 2004-08-13
14
245 Views
Last Modified: 2013-11-16
Hi,

I'm in the process of lining up a new firewall for our company.  Our company is around 25 people in size and we have 5 of our 12 servers which are published on the Internet.

What is a suitable well respected highly rated hardware firewall for a company of our size ?  I was looking at something like a Checkpoint small office FW.......

What kind of features should I be looking for, AV scanning, Intrusion detection, dynamic packet filtering ?
0
Comment
Question by:stevendunne
  • 6
  • 3
  • 3
  • +2
14 Comments
 

Author Comment

by:stevendunne
Comment Utility
How do these two rate ?

McAfee Secure-1
Checkpoint Safe@Office
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
I would go with a Cisco PIX 506e or pix 515e, you cannot go wrong with cisco technology. This baby is perfect for making vpn tunnels too.. Have a look at all the features. if you want more then 2 interfaces, I would go with the 515e, and add up other interface via a card.. so you can have your External/internal/Dmz/other interface on the firewall.

506e
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b13.html
515e
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b15.html
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Check point products are also excellent. you would go with the 225 Model? the only problem is that the # of possible remote vpn connection is kindda limited, while it'S unlimited with the cisco product (the 515e). It's the same for the pix 506e (25)
0
 

Author Comment

by:stevendunne
Comment Utility
We would only need 5 - 10 VPN connections at max.

How about the McAfee secure-1 box ?  I like the idea that this includes AV scanning etc  Does the Cisco box provide this ?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
I also like the PIX. I'm not sold on mulitpurpose boxes, but here is a good comparison and report card on multiple different all-in-ones
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss446_art914,00.html



0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Hmm, I don't know, i wouldnt use mcafee to secure my network... I had problem with their software firewall messing up some of my client's computer.. Deal with a corporation that has exclusive expertise in security/firewalls.
0
 
LVL 4

Expert Comment

by:batmon34
Comment Utility
Go with CheckPoint, Nokia CheckPoint (much easier to setup), Cisco PIX, NetScreen (ASIC based), or even MS-ISA 2004.  Cool thing about ISA is that it does FW now and also does application layer filtering which othe FW can't...

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:stevendunne
Comment Utility
It looks as though I'll go for the Checkpoint safe@office 225 or 225u.  I'll also look at adding in the extra security subscriptions like AV scanning & content filtering.  Does anyone know if these are affective ?
0
 
LVL 2

Expert Comment

by:tonyhowarth
Comment Utility
Don't the PIX 501, while it's the little baby compared to some of the others above, if your not running large pipes it just might fit your bill.

It has the same software on as the 506 and 515 and at a fraction of the price you can have a spare one sat next to the live for less than 1 506?

Tony
0
 

Author Comment

by:stevendunne
Comment Utility
Any more news on the Checkpoint safe@office 225 or 225u, in terms of it capabilities of anti virus scanning with the extra subscriptions ?

Do anyone know how much memory the safe@office units have ?
0
 

Author Comment

by:stevendunne
Comment Utility
Help ?
0
 
LVL 4

Expert Comment

by:batmon34
Comment Utility
I use Nokia CheckPoint with AI and Smart Defense.  Tell you to true, If you wanna take care your antiruses or content filterings, you should use another box to do it.  How much they quoted you for the subscriptions?  Symantec anti-virus does a better job.  You can get Symantec Enterprise and it will take care your Exchange server, SMTP gateway, desktop PC, servers, etc...  just compare the price and it how it goes.
0
 

Author Comment

by:stevendunne
Comment Utility
How about the Sonicwall TZ170 box ?
0
 
LVL 4

Accepted Solution

by:
batmon34 earned 300 total points
Comment Utility
Sonic is using checkpoint too, isn't it?  If you want something small & cheap, take a look at NetScreen and compare a bit.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now