asked on

Hardware firewall - how to buy?

I am looking to buy a firewall, but I have no clue how to choose one. I do not want a software firewall since I plan to have a server. I want a hardware firewall immediatly following by DSL connection so everything is blocked accept what I want. My needs are basic: I do not want VPN, and I do not plan to have VPN ever. I just want a hardware firewall to block everything accept port 80 (for a website on my server), port 1494 (I believe that is the port for a Citrix client - like www.gotomypc.com). Maybe even allow FTP for authorized users only, but that is all. Spam blocking and virus scan a plus, but I already run A-V on my machines, and I never accept e-mails with attachments - period. I am not firewall savy, so please take that into concideration. I have already looked at the Cisco and Watchguard websites, but they all seem like overkill for what I need.

Any suggestions would be helpful. Basically looking to lock down everything comming in accept for what I want to allow while still having a web server (no e-commerse) - and of course still be able to surf the net.

Thanks

Les Moore

Take a look at some of these firewall appliances. Any one of them would suit you well. I particularly like the Cisco PIX 501, and the Linksys RV082.
-----------------------------------------
Low-end firewall appliances
-----------------------------------------

Linksys RV082:
http://www.linksys.com/products/product.asp?prid=589&scid=29

Fortinet:
http://www.fortinet.com/products/telesoho.html

Adtran Netvanta
https://www.adtran.com/adtranpx/Rooms/DisplayPages/LayoutInitial?Product=com.webridge.entity.Entity%5BOID%5B27100B71B4B3E44D84DCAE487414CD69%5D%5D&Container=com.webridge.entity.Entity%5BOID%5B54C70AA0A26ED711A78500D0B72032D8%5D%5D&ProductCategory=com.webridge.entity.Entity%5BOID%5BCB5C5CB7C4419B4AA04F9CE1AEDD8CE7%5D%5D

Netscreen
http://www.juniper.net/products/integrated/dsheet/ds_5gt_xt.pdf

Watchguard Firebox
http://www.watchguard.com/products/

PIX 501
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html

D-LINK w/DMZ port
http://www.dlink.com/products/?pid=66

On the other hand, you might be just as well served with a basic broadband router. Most all of them include stateful packet inspection firewall and let you forward specific ports. Some even help enforce AV use. I personally use Linksys WRV54G because I need the VPN functions and the wireless. $50 will get you something like this: http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=433
Just saw an add that would get you a D-Link for $9.99 (after instant savings, plus mail in rebates)
http://www.dlink.com/products/?sec=0&pid=62

sofsoldier

ASKER

You did sme research - I appreciate it. Is there any reason why Netgear or Symantec was not a part of your list?

Also, the lower end Linksys, Netgear, D-Link all have the packet filtering and DOS protection, and feature some basic VPN and IpSec; what would be the difference between these and say the Cisco Pix 500, or teh Watchguard series?

Forgeting VPN, is AV imbedded in the firewall a good thing to have even though AV is running on all the machines on the network? And is there a dfifference is quality in the SPI or DOS protection between the low cost models and the more expensive ones?

Thanks again,

ASKER CERTIFIED SOLUTION

Les Moore

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

sofsoldier

ASKER

The Cisco sounds great. Also, since I do have wireless as well, I did find the Watchguard SOHO 6 wireless very interesting.

I will eventually have two websites, and I actually did not think about the NAT capabilities of some of the other products.

Thank you,