Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 573
  • Last Modified:

Need a VPN capable Firewall/Router

Okay, here goes (first time posting a question)

I need to purchase a Firewall/Router that will allow multiple concurrent VPN connections from different locations.  I have employees that travel and need access to the Office LAN.  As of now I have a Netgear FVS318 ProSafe Firewall/Router, but it only supports 8 IPSEC connections.  I want to put the new Firewall/Router "behind" the FVS318 (supports 100 IPSEC connections) to create a sort of DMZ and forward all VPN connections to the new Firewall/Router.

My questions are:

 - What are some recommendations for the new Firewall/Router that I need?  I have looked into Netgear FVL328, and my boss loves it because it is cheap, but I'm not sure how well it will perform or how easy it is to setup/use.  I've also looked briefly at a CISCO PIX 501, but the price tag is a little high and I've heard that CISCO products are tough to configure and use.

- As far as VPN protocols, I hear that IPSEC is very secure but difficult to setup and use, while PPTP is less secure but easier to use.  Any advice on which protocol to use would be helpful.  Do the security benefits of IPSEC over PPTP out weigh the ease of use benefits of PPTP?

- What else should I look for in a new Firewall/Router?  My company is not very big, but we are growing rapidly.  Do some solutions scale better than others.

Thanks In advance.
0
naj2576
Asked:
naj2576
  • 2
1 Solution
 
lrmooreCommented:
As for the PIX, the 501 only supports 10 simultaneous VPN connections, but it is easy to setup and configure. New GUI wizards makes it easy. The 506e would be more adequate for your needs and scales much higher.

IPSEC is much more secure, and very easy to configure as long as you use an easy client. Cisco VPN client (used with PIX) is extremely easy to setup and client config can be pushed with a pre-configured ini file for clients.

I would seriously consider replacing the FVS318 with something with more horsepower. If you already have some expertise with its little brother and the clients, that has value in itself. I've just never had good luck with Netgear products (I think I'm alergic to Nortel - <8-} )

You might want to consider capability to provided redundant WAN links sometime in the future. Some words of advice:
- With the prices as low as they are, get what you need now with some wiggle room. Don't spend much on extra features that you might need a year or two from now. A year or two from now when you need that function, the products will have evolved and prices lower enough that it may save money to wait.
- Spend money relative to what you are protecting. If you can go to jail for compromising a client's personal information, then spend appropriately and wisely. If the worst that can happen does not cost you anything, then spend accordingly.

Here are some low-end firewall products that you can look into:
My personal recommendation would be the PIX506e
Second on the list would be the Linksys RV082

Linksys RV082:
http://www.linksys.com/products/product.asp?prid=589&scid=29

Fortinet:
http://www.fortinet.com/products/telesoho.html

Adtran Netvanta
https://www.adtran.com/adtranpx/Rooms/DisplayPages/LayoutInitial?Product=com.webridge.entity.Entity%5BOID%5B27100B71B4B3E44D84DCAE487414CD69%5D%5D&Container=com.webridge.entity.Entity%5BOID%5B54C70AA0A26ED711A78500D0B72032D8%5D%5D&ProductCategory=com.webridge.entity.Entity%5BOID%5BCB5C5CB7C4419B4AA04F9CE1AEDD8CE7%5D%5D

Netscreen
http://www.juniper.net/products/integrated/dsheet/ds_5gt_xt.pdf

Watchguard Firebox
http://www.watchguard.com/products/

PIX 501
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html

D-LINK w/DMZ port
http://www.dlink.com/products/?pid=66

Symantec:
http://www.symantec.com/smallbiz/gtw/

SNAP:
http://www.clearpathnet.com/snap/default.asp

0
 
Tim HolmanCommented:
I would also recommend upgrading your existing box - it will be a lot easier to support in the long run.
Is there a bigger Netgear box you can upgrade to ?
0
 
naj2576Author Commented:
Irmoore,

Thank you for all the helpful advice.  I've convinced my boss to up my budget a little so that I can get a firewall with a little more horsepower behind it, but I still have to keep things under $1K.

I was almost ready to go with the PIX 506e after looking at it, but now another person I've talked to is pushing SonicWall's TZ170 or PRO 2040.  He believes they are far easier to maintain(for someone not familiar with Cisco IOS) and are more scalable than the PIX.  

Any thoughts on these firewalls or SonicWall in general?
0
 
lrmooreCommented:
According to SonicWall's own product chart, the TZ170 is targeted for 10 VPN connections, the 2040 at 50. In that case, I'd have to recommend the 2040.
http://www.sonicwall.com/products/vpnapp.html

However, I've tried several times to find documentation on Sonicwall's web site and it is very difficult to find anything other than the quick setup guides. Get into the documentation for the actual SonicOS, and I've found it quite overwhelming...
I'll take the PIX any day...

You'll have to make your own decision based on your own comfort level and skill sets..
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now