Solved

Yet another Firewall/VPN question...

Posted on 2004-09-28
6
680 Views
Last Modified: 2013-11-16
Ok I have been reading on here for days and think I have a pretty good idea of what I am looking for and need.  To start, I am looking to implement a VPN solution for a Small Busisness with < 30 users.  We have 5 sales people located in 2 different states and will also have at any given time 2-3 users working from remote locations (but not "site-to-site" branch locations).  We shouldn't have more than 20 concurrent vpn connections but it is possible we will have more than 10 so the Pix 501 is out.  I have been looking at the Pix 506e and have talked to Cisco Pre-Sales and that was their suggestion.  

Now to what we need this for...We want our remote users and mobile sales force to have access to our accounting files, sales databases, virus scan management software, etc, all which is located on 2 different "servers".  We are also looking into implementing an Exchange Server.  We are not worried about a "remote desktop" feel to it (we will use XP's built in remote desktop if needed), we just need our mobile/remote users access to the inside of our network and the files which reside there.  

Now after having said that here is my question....is the 506e what I need?  I have read a great deal about Watchgaurd, Netscreen, etc.  Our budget is around $1000.  What is the benefit of one over the other?  What "integrated" services does the 506e offer that the others do not?  

Please give me your suggestions or ask me if you need more information.  Thanks to all in advance.

0
Comment
Question by:r270ba
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 12174887
My opinioin, the 506e is a perfect fit for your needs. Security is rock solid, the VPN capabilites are simple to setup, the client is simple to deploy, you have plenty of horsepower. What you don't get is any method of content filtering, url filtering or in-line anti-virus, or WAN link failover capability.

Compared to the features of the Fortinet Fortigate line, the PIX seems rather limited.
http://www.fortinet.com/products/telesoho.html

The Watchguard Firebox is another one that offers a few more features:
http://www.watchguard.com/products/

Bottom line - go with the features that make you comfortable, at the pricepoint that makes you comfortable, and the skills that you already possess. If you're Cisco all the way, then full steam ahead to the PIX. If not, then you have options to look at before making a final decision.

You might want to look at something like this Linksys that is now owned by Cisco as a compromise. Way under budget at arouond $350, it will do just what you want:
http://www.linksys.com/products/product.asp?prid=589&scid=29


0
 

Author Comment

by:r270ba
ID: 12175528
lrmoore I was hoping you would pick this up (from all the other posts I have read by you) :)....the links were great!!!  Couple more questions for you.  By content filtering do you mean packet shapping?  What is the url filtering and in-line antivirus?  Also, I think for WAN link failover capability you need to seperate data lines coming in...am I correct or wrong?  I also cannot seem to find on Cisco any where whether or not the 506e has a DMZ port...do you know if it does?  

Finally for which ever solution I choose how do I hook up from the router to the firewall?  I think I need a cross over cable....is this correct?  I want to eventually implement a DMZ with a web server and possibly Exchange Server.  Should the Exchange Server be on a DMZ or inside the firewall?  If you want I can add these questions to a new post for more points for you.  

Thanks for your help!!!!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12175702
>By content filtering do you mean packet shapping?
No, I mean scanning the data stream for content, like porn coming through email before it ever gets to the user desktop

>What is the url filtering and in-line antivirus?  
URL filtering means restricting user access to specific URL's, web site categories (i.e. porn, shopping, sports, etc). In-line AV means scanning the data stream for virus signatures before it ever gets to the user desktop.

>Also, I think for WAN link failover capability you need to seperate data lines coming in...am I correct or wrong?
Absolutely correct. Say you start off with a DSL line, and then you decide to add another DSL line, or perhaps a cable link for backup/failover/load sharing. The PIX won't help you out in this case, but some of the other products will.

>whether or not the 506e has a DMZ port
Nope. Only two ports -inside and outside. However, it does VLAN's on the inside if you have another Cisco switch that does VLAN's and trunking which can give you several "virtual" interfaces that you can use for DMZ's

>how do I hook up from the router to the firewall?  
Normally a crossover, but that depends on the exact router/broadband modem.

>I want to eventually implement a DMZ with a web server and possibly Exchange Server.
Web server, yes - Exchange server, no.
The Exchange and all the internal users are too dependent on the domain/Active Directory to try to make it work through the firewall. Just keep Exchange on the inside and forward SMTP through port 25 only.


0
Ransomware - Can it be prevented?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

 

Author Comment

by:r270ba
ID: 12175741
man you are the best!!!  i have been looking around at this firebox and i think i like the looks of it pretty well.  It seems to me that the Firebox has more "integrated" options.  I also like how buying licenses upgrade the product w/out having to buy hardware.  From what I have posted above do you think the Firebox X500 w/ upgraded VPN Mobile Users License will work for me?  I promise this is the last question then I will open up another case so I can give you more points!
0
 

Author Comment

by:r270ba
ID: 12175745
Oh and by the way...I just signed up here and this place is awesome!!!  The best place I have found on the net!!!!
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12175807
Watchguard products are rock solid, and their support is pretty good. I, too, like the upgrade path that they provide. I think you'll be happy with the x500 and it should serve you well for several years to come..

Glad you found us, and really glad you like it!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Firewall Analyzer Reporting Software 4 62
penetration testing -- metasploit / etc ? 2 72
Logging pfSense on Kiwi 4 83
ipsec tunnel comme not up 10 130
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

731 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question