[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

Recommend a good Firewall

Can you recommend a good Firewall with VPN for an office or about 80 people.
0
galtee25
Asked:
galtee25
  • 4
  • 2
  • 2
  • +2
1 Solution
 
grbladesCommented:
Hi galtee25,

Cisco PIX506E
Watchguard

I would recomend the PIX as you will get plenty of help here on how to configure it.
0
 
galtee25Author Commented:
Thanks grblades,
What kind of price range is it?
Will this handle growth to 100 users and is this easy to configure?
Does it come with VPN client access or is this extra?
0
 
grbladesCommented:
The 506E is about 360 UK Pounds so probably around $500-600. It is unlimited clients and supports up to 25 concurrent VPN sessions.
It comes with the VPN client.

You can see the spec of the different models here:-
http://www.s2s.ltd.uk/browse.cgi?database=cisco&get=Cisco+Secure+PIX+Firewall+Chassis

It is fairly easy to configure as it has a web interface. Most people use the command line interface though.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
stockcowboyCommented:
Don't buy a cisco - the ONLY way to go would be a #1 - Fortinet or #2 a netscreen

The fortinet is the best price/performance of any firewall out there by far.

mike lynn
http://www.websitemailer.com – Have any website emailed to you whenever you want
0
 
grbladesCommented:
What is so good about the fortinet?

Price and performance is not everything. You also need to consider support, availablility of other people (user groups etc...) who can help with particular configurations and its interoptiblity with other equipment. This is where you get the benefit of Cisco although you do pay more for it.
0
 
stockcowboyCommented:
The cost is cheaper, and functionality blows the cisco out of the water.  I'd suggest you read about them on the net.   - http://www.fortinet.com/

And its not like I've never used a Pix either - that was my first firewall 5 years ago.  Then I changed to a netscreen  - which was easier to use and would handle more bandwith then the pix - which i needed gigabit.  Then when I heard that the founder of netscreen left and started fortigate - I checked those out - similar devices - but alot cheaper, faster, and more features.

IPSEC is standard - so it will work with any other existing VPNs - the only real interoptiblity of the cisco is with other cisco gear.


mike lynn
http://www.websitemailer.com – Have any website emailed to you whenever you want
0
 
grbladesCommented:
Your last comment reads as if you are saying that the PIX only works with other Cisco equipment. Just to clarify that it works with any standard IPSEC VPN and there are configurations examples available on how to configure it to talk to other firewalls.
0
 
lrmooreCommented:
Lots of opinions out there, that's for sure. I am also a fan of the Cisco PIX, but I undersand that it is not the product for everyone. What you really need to consider are your requirements, your skill sets, you staffing (and their skills), your budget, and the level of security that you want to provide.

The PIX is certainly fully standards based and will work with most any IPSEC based VPN device - Linksys, Netscreen, Windows2000/XP, ISA, Watchguard, Checkpoint, and many others. There are plenty of detailed configuration examples for each of these on Cisco's web site, and plenty of support right here in this forum.

Our company has also evaluated the Fortinet. We currently use Netscreen and are looking for a replacement. We've found the Fortinet interface and the configuration confusing at best, and difficult to get all the concurrent features enabled and maintained. Adding in-line anti-virus and content filtering makes it a multi-purpose box, but do you want/need these features? Do you want a single point of failure for your network for all of those functions?

There are plenty of alternatives out there, including Microsoft ISA and several Linux-based firewalls.

Adtran Netvanta 2000 series is a very cost-effective firewall solution.
If you want a great box, take a look into the new NetVanta 1224R product with T1 DSU, router, stateful packet inspection firewall, and full layer-3 24-port 10/100 switch combined in one box. VPN support is an add-on feature (add hardware acceleration card), for a very competitive price.

Watchguard firewalls have been regarded as rock-solid products with great tech support.

You might even look at something like the Symanted all-in-one appliance, or the SNAP appliance
Symantec:
http://www.symantec.com/smallbiz/gtw/
SNAP:
http://www.clearpathnet.com/snap/default.asp

0
 
cnewgaardCommented:
For my money (or the company I'm selling it to I should say) the PIX is the firewall to go with.  Keep in mind that my main level of expertise and some of my certifications are in the Cisco area so I'm probably a little biased.  As many of the people here have said you can get a great amount of support from others on configuring the PIX since it is a very common firewall.  

Here's some data on the 506e

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps4336/

Also grblades is off a little on the pricing.  The 506e goes for around $1000 here in the US.  Definitely look at different products and decide what is best based upon your level of expertise and the needs of your company.
0
 
galtee25Author Commented:
I contacted out IT supplier and they said that the CISCO PIX506E is suitable for around 20 users and that we should be looking at the NetScreen 25 to allow us to scale to 100 users.
Oh decisions, decisions.
Thanks for all your help.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now