Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

recommend an AFFORDABLE hardware firewall for co-located web servers (that won't hiccup!)

Posted on 2004-10-04
Last Modified: 2010-04-17
Hi all,
After pulling my hair out (ouch) for 2 months with 2 brands of firewalls, the Zyxell 10 and the SonicWall TZ 170, I have found that neither can handle more than a handful of concurrent connections and both hiccup all too often, severing user sessions and Remote Desktop sessions as well as wreaking other related havoc.
My needs are for a simple firewall that can handle a many-to-many NAT (e.g. a range of about 16 WAN ips mapping to 16 LAN ips).  The rules need to be simply to block all ports except for FTP, HTTP, HTTPS, RDP, and 1433 and be able to block bad IP addresses (or IP blocks).  I don't need VPN at all, nor AV protection nor any of the other bells and whistles that other companies are charging thousands of dollars 4.  I host 10 websites currently at a colocation facility, so I do not need content filtering as no one will have access to the web server(s) except me.
After spending countless days and weeks looking for a simple colocation firewall solution, I am amazed to find that no company is offering such a device (at least no one is offering this).  With the colocation hosting prices at an all time low (some let you put a machine in for as little as $100/mo with 50GB or so of bandwidth), it is like pulling teeth to find a firewall.  Unfortunately, none of the colo facilities in my area have firewalls installed and the ones that do leave all the friggin' ports open!
The affordable solutions ($500-$1000) can't seem to handle any appreciable INCOMING traffic and can hiccup all day long without users complaining.
The "build-your-own" Linux option will cost at least $1500 as I would have to buy a special 1U rackmount case, 1U power supply, mobo, and other low profile stuff just to put it in the rack (I could have a 2U case, but then I will have used up all my rack space) - then you add a week of fighting with drivers, software, and configuration just to make the "cheap" solution work.
Linux is cool if you have time to burn - I don't anymore, just need something that works.
I can't afford the $5000 (burn a hole in your wallet) Cisco option - no offense to Cisco, but I'm not a multi-billion dollar corporation that afford their exhorbitant pricing (licensing too!).

If anyone has had experience with a reasonably-priced hardware firewall in a colocation facility and it actually works without the hiccups (in a NAT arrangement), PLEASE let me know what make/model you are using.  I'm running out of options and can't trust companies.  If you don't have any experience or are just a non-techy salesman, please do not reply to this.


Question by:simplyamazing
  • 2
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 12226014
Cisco PIX 515e, Restricted license (only 10,000 simultaneous connections) = List price $3594, street price ~ $2795
Cisco PIX 506e might be just enough horsepower @ list $1395, street price ~ $900
LVL 13

Expert Comment

ID: 12226600
I hate to say it, but the Linux build your own option is hard to beat. I have seen enough people with limited budgets try to find an alternative, only to end up with it anyhow, but your estimate on how much a 1U server for it will cost is way of the mark. You can build a suitable 1U server for about $600.00. For example, you can get a Supermicro 1U bare bone server, 2.4 GHz P4 processor, and 256 megs of RAM for less than 650 dollars. You don’t need a hard drive since you can run it on one of the distributions that use the CD, and or the floppy drive, but if you want a hard drive and don’t have an old IDE drive sitting around it will cost you about another $50.00 for a grand total of less than $700.00.

Another even less expensive solution would be to use a XPC form factor PC, and put it behind the rest of the servers since they are pretty small at a typical 12”L x 7”H x 7”W. If you go with an AMD processor you could probably build it for about half the price of the 1U. So this might even be a better-fit cost wise if you have the space behind your servers to add an XPC PC.

As for the distributions, here is the link to one I have been playing around with that I like, and it seems to be pretty comprehensive and reasonably documented.


LVL 79

Expert Comment

ID: 12280476
Are you still working on this? Can we be of any more assistance?
Can you close out this question?

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
My laptop is getting both a valid IP address and the broadcast address on this network 8 83
How VPC help preventing STP Loops 4 130
ISP Change 14 63
TL-R470T+ and Cisco ASA 2 21
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question