?
Solved

Yet another Firewall/VPN question...

Posted on 2004-09-28
6
Medium Priority
?
683 Views
Last Modified: 2013-11-16
Ok I have been reading on here for days and think I have a pretty good idea of what I am looking for and need.  To start, I am looking to implement a VPN solution for a Small Busisness with < 30 users.  We have 5 sales people located in 2 different states and will also have at any given time 2-3 users working from remote locations (but not "site-to-site" branch locations).  We shouldn't have more than 20 concurrent vpn connections but it is possible we will have more than 10 so the Pix 501 is out.  I have been looking at the Pix 506e and have talked to Cisco Pre-Sales and that was their suggestion.  

Now to what we need this for...We want our remote users and mobile sales force to have access to our accounting files, sales databases, virus scan management software, etc, all which is located on 2 different "servers".  We are also looking into implementing an Exchange Server.  We are not worried about a "remote desktop" feel to it (we will use XP's built in remote desktop if needed), we just need our mobile/remote users access to the inside of our network and the files which reside there.  

Now after having said that here is my question....is the 506e what I need?  I have read a great deal about Watchgaurd, Netscreen, etc.  Our budget is around $1000.  What is the benefit of one over the other?  What "integrated" services does the 506e offer that the others do not?  

Please give me your suggestions or ask me if you need more information.  Thanks to all in advance.

0
Comment
Question by:r270ba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12174887
My opinioin, the 506e is a perfect fit for your needs. Security is rock solid, the VPN capabilites are simple to setup, the client is simple to deploy, you have plenty of horsepower. What you don't get is any method of content filtering, url filtering or in-line anti-virus, or WAN link failover capability.

Compared to the features of the Fortinet Fortigate line, the PIX seems rather limited.
http://www.fortinet.com/products/telesoho.html

The Watchguard Firebox is another one that offers a few more features:
http://www.watchguard.com/products/

Bottom line - go with the features that make you comfortable, at the pricepoint that makes you comfortable, and the skills that you already possess. If you're Cisco all the way, then full steam ahead to the PIX. If not, then you have options to look at before making a final decision.

You might want to look at something like this Linksys that is now owned by Cisco as a compromise. Way under budget at arouond $350, it will do just what you want:
http://www.linksys.com/products/product.asp?prid=589&scid=29


0
 

Author Comment

by:r270ba
ID: 12175528
lrmoore I was hoping you would pick this up (from all the other posts I have read by you) :)....the links were great!!!  Couple more questions for you.  By content filtering do you mean packet shapping?  What is the url filtering and in-line antivirus?  Also, I think for WAN link failover capability you need to seperate data lines coming in...am I correct or wrong?  I also cannot seem to find on Cisco any where whether or not the 506e has a DMZ port...do you know if it does?  

Finally for which ever solution I choose how do I hook up from the router to the firewall?  I think I need a cross over cable....is this correct?  I want to eventually implement a DMZ with a web server and possibly Exchange Server.  Should the Exchange Server be on a DMZ or inside the firewall?  If you want I can add these questions to a new post for more points for you.  

Thanks for your help!!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12175702
>By content filtering do you mean packet shapping?
No, I mean scanning the data stream for content, like porn coming through email before it ever gets to the user desktop

>What is the url filtering and in-line antivirus?  
URL filtering means restricting user access to specific URL's, web site categories (i.e. porn, shopping, sports, etc). In-line AV means scanning the data stream for virus signatures before it ever gets to the user desktop.

>Also, I think for WAN link failover capability you need to seperate data lines coming in...am I correct or wrong?
Absolutely correct. Say you start off with a DSL line, and then you decide to add another DSL line, or perhaps a cable link for backup/failover/load sharing. The PIX won't help you out in this case, but some of the other products will.

>whether or not the 506e has a DMZ port
Nope. Only two ports -inside and outside. However, it does VLAN's on the inside if you have another Cisco switch that does VLAN's and trunking which can give you several "virtual" interfaces that you can use for DMZ's

>how do I hook up from the router to the firewall?  
Normally a crossover, but that depends on the exact router/broadband modem.

>I want to eventually implement a DMZ with a web server and possibly Exchange Server.
Web server, yes - Exchange server, no.
The Exchange and all the internal users are too dependent on the domain/Active Directory to try to make it work through the firewall. Just keep Exchange on the inside and forward SMTP through port 25 only.


0
Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

 

Author Comment

by:r270ba
ID: 12175741
man you are the best!!!  i have been looking around at this firebox and i think i like the looks of it pretty well.  It seems to me that the Firebox has more "integrated" options.  I also like how buying licenses upgrade the product w/out having to buy hardware.  From what I have posted above do you think the Firebox X500 w/ upgraded VPN Mobile Users License will work for me?  I promise this is the last question then I will open up another case so I can give you more points!
0
 

Author Comment

by:r270ba
ID: 12175745
Oh and by the way...I just signed up here and this place is awesome!!!  The best place I have found on the net!!!!
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 12175807
Watchguard products are rock solid, and their support is pretty good. I, too, like the upgrade path that they provide. I think you'll be happy with the x500 and it should serve you well for several years to come..

Glad you found us, and really glad you like it!
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question