[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Yet another Firewall/VPN question...

Posted on 2004-09-28
6
Medium Priority
?
684 Views
Last Modified: 2013-11-16
Ok I have been reading on here for days and think I have a pretty good idea of what I am looking for and need.  To start, I am looking to implement a VPN solution for a Small Busisness with < 30 users.  We have 5 sales people located in 2 different states and will also have at any given time 2-3 users working from remote locations (but not "site-to-site" branch locations).  We shouldn't have more than 20 concurrent vpn connections but it is possible we will have more than 10 so the Pix 501 is out.  I have been looking at the Pix 506e and have talked to Cisco Pre-Sales and that was their suggestion.  

Now to what we need this for...We want our remote users and mobile sales force to have access to our accounting files, sales databases, virus scan management software, etc, all which is located on 2 different "servers".  We are also looking into implementing an Exchange Server.  We are not worried about a "remote desktop" feel to it (we will use XP's built in remote desktop if needed), we just need our mobile/remote users access to the inside of our network and the files which reside there.  

Now after having said that here is my question....is the 506e what I need?  I have read a great deal about Watchgaurd, Netscreen, etc.  Our budget is around $1000.  What is the benefit of one over the other?  What "integrated" services does the 506e offer that the others do not?  

Please give me your suggestions or ask me if you need more information.  Thanks to all in advance.

0
Comment
Question by:r270ba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12174887
My opinioin, the 506e is a perfect fit for your needs. Security is rock solid, the VPN capabilites are simple to setup, the client is simple to deploy, you have plenty of horsepower. What you don't get is any method of content filtering, url filtering or in-line anti-virus, or WAN link failover capability.

Compared to the features of the Fortinet Fortigate line, the PIX seems rather limited.
http://www.fortinet.com/products/telesoho.html

The Watchguard Firebox is another one that offers a few more features:
http://www.watchguard.com/products/

Bottom line - go with the features that make you comfortable, at the pricepoint that makes you comfortable, and the skills that you already possess. If you're Cisco all the way, then full steam ahead to the PIX. If not, then you have options to look at before making a final decision.

You might want to look at something like this Linksys that is now owned by Cisco as a compromise. Way under budget at arouond $350, it will do just what you want:
http://www.linksys.com/products/product.asp?prid=589&scid=29


0
 

Author Comment

by:r270ba
ID: 12175528
lrmoore I was hoping you would pick this up (from all the other posts I have read by you) :)....the links were great!!!  Couple more questions for you.  By content filtering do you mean packet shapping?  What is the url filtering and in-line antivirus?  Also, I think for WAN link failover capability you need to seperate data lines coming in...am I correct or wrong?  I also cannot seem to find on Cisco any where whether or not the 506e has a DMZ port...do you know if it does?  

Finally for which ever solution I choose how do I hook up from the router to the firewall?  I think I need a cross over cable....is this correct?  I want to eventually implement a DMZ with a web server and possibly Exchange Server.  Should the Exchange Server be on a DMZ or inside the firewall?  If you want I can add these questions to a new post for more points for you.  

Thanks for your help!!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12175702
>By content filtering do you mean packet shapping?
No, I mean scanning the data stream for content, like porn coming through email before it ever gets to the user desktop

>What is the url filtering and in-line antivirus?  
URL filtering means restricting user access to specific URL's, web site categories (i.e. porn, shopping, sports, etc). In-line AV means scanning the data stream for virus signatures before it ever gets to the user desktop.

>Also, I think for WAN link failover capability you need to seperate data lines coming in...am I correct or wrong?
Absolutely correct. Say you start off with a DSL line, and then you decide to add another DSL line, or perhaps a cable link for backup/failover/load sharing. The PIX won't help you out in this case, but some of the other products will.

>whether or not the 506e has a DMZ port
Nope. Only two ports -inside and outside. However, it does VLAN's on the inside if you have another Cisco switch that does VLAN's and trunking which can give you several "virtual" interfaces that you can use for DMZ's

>how do I hook up from the router to the firewall?  
Normally a crossover, but that depends on the exact router/broadband modem.

>I want to eventually implement a DMZ with a web server and possibly Exchange Server.
Web server, yes - Exchange server, no.
The Exchange and all the internal users are too dependent on the domain/Active Directory to try to make it work through the firewall. Just keep Exchange on the inside and forward SMTP through port 25 only.


0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:r270ba
ID: 12175741
man you are the best!!!  i have been looking around at this firebox and i think i like the looks of it pretty well.  It seems to me that the Firebox has more "integrated" options.  I also like how buying licenses upgrade the product w/out having to buy hardware.  From what I have posted above do you think the Firebox X500 w/ upgraded VPN Mobile Users License will work for me?  I promise this is the last question then I will open up another case so I can give you more points!
0
 

Author Comment

by:r270ba
ID: 12175745
Oh and by the way...I just signed up here and this place is awesome!!!  The best place I have found on the net!!!!
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 12175807
Watchguard products are rock solid, and their support is pretty good. I, too, like the upgrade path that they provide. I think you'll be happy with the x500 and it should serve you well for several years to come..

Glad you found us, and really glad you like it!
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question