[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 149
  • Last Modified:

Firewall

A NETGEAR FVS328 ProSafe VPN Firewall has been suggested for our firewall on our network.  Is this a good one or is there a better one we should use.
0
cagleb
Asked:
cagleb
1 Solution
 
rshooper76Commented:
I personally perfer to use a Cisco PIX.  Just make sure that you can contral the traffic that comes into the firewall and goes out.  You also should have the ability to store the logs on a device other than the firewall, ie a syslog server.
0
 
lrmooreCommented:
It would not be prudent to blindly suggest any one firewall over another. It all depends on your requirements, your budget, your skill level, etc.
Personally, I would never deploy any Netgear product in a production environment where I was concerned with uptime, security, reliability or support.
I'm a big fan of the Cisco PIX, but it is not always the right solution for every occasion.

Have a look at some of these. I would not hesitate to use any of these products that fit my budget and my requirements. If you're looking at something higher-end, we can make recommendations there, too, but these fit in the same category as the FVS328

-----------------------------------------
Low-end commercial-grade firewall appliances
-----------------------------------------

Good solid product that does a lot. The Linksys QuickVPN client is cool.
Linksys RV082:
http://www.linksys.com/products/product.asp?prid=589&scid=29

Lots of awards in the press for being a multi-function product, but I don't like all my eggs in one basket and I've heard that they are a real bear to get configured and maintain
Fortinet:
http://www.fortinet.com/products/telesoho.html

Lots of good press and experts here at EE like these products:
SonicWall
http://www.sonicwall.com/

Adtran is fairly new in the arena, but the products are solid, and the support is good (if you can live without 24x7 support), plus their corp. HQ is right in my backyard.
Adtran Netvanta
https://www.adtran.com/adtranpx/Rooms/DisplayPages/LayoutInitial?Product=com.webridge.entity.Entity%5BOID%5B27100B71B4B3E44D84DCAE487414CD69%5D%5D&Container=com.webridge.entity.Entity%5BOID%5B54C70AA0A26ED711A78500D0B72032D8%5D%5D&ProductCategory=com.webridge.entity.Entity%5BOID%5BCB5C5CB7C4419B4AA04F9CE1AEDD8CE7%5D%5D

Netscreen has been bought out by Juniper Networks. Our corporate Network guys use Netscreen and are looking for a replacement (NOT a Netscreen)
Netscreen
http://www.juniper.net/products/integrated/dsheet/ds_5gt_xt.pdf

Rock-solid product with good support:
Watchguard Firebox
http://www.watchguard.com/products/

PIX 501 - My favorite. Most reliable and versitile (IMHO)
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html

I would put this product way down in my list unless budget was all I could afford:
D-LINK w/DMZ port
http://www.dlink.com/products/?pid=66

All of Symantec's products are rock solid:
Symantec:
http://www.symantec.com/smallbiz/gtw/

This one I have not personally seen, nor do I have any collegues with first-hand experience:
SNAP:
http://www.clearpathnet.com/snap/default.asp


0
 
Dr-IPCommented:
I am not so sure on SonicWall, especially if it has a heavy load on it. I have an ISP collocated with me that just bought one about a month ago, and he is constantly calling me to reboot it because it stops passing all traffic out of the blue. He’s been on the phone a lot with them, but they don’t seem to be able to get it fixed, so he has ordered a remote power management device so he can reboot it him self remotely, thank god. I myself would yank it out as I’d rather have no firewall than one that goes on the fritz all the time. I don’t know if his experience is the norm, but I find it disconcerting especially since he has a support contract, yet it still is not working at what I would an acceptable level.


0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
td_milesCommented:
>> Netscreen has been bought out by Juniper Networks. Our corporate Network guys use Netscreen and are looking for a replacement (NOT a Netscreen)

lrmoore, Am I reading what you have said correctly, that you (or corporate network guys) are moving away from Netscreen ? Can I ask why ?


Dr-IP, I sometimes see this on a PIX, when the number of open connections causes a low end (501 or 506 usually) to run out of memory. Solution is to either lower the timeouts or (what I tend to do) work out what traffic is causing the open connections and block it (it is often virus/worm activity).

cagleg, sorry to barge in on your question, but it's good for the discussion anyway... ;)

0
 
Dr-IPCommented:
I kind of tend to think the load that guy has on that SonicWall might be too much for it, but from what I have heard no one has a clue as to what is going on, or is willing to tell him, and he says the unit is the one they recommended he use, but for what he spent on it, I could have gotten a used 520, or maybe even a 525 from a reputable dealer with a years warranty, and I know it would handle the load he has without issue. It's what I reconmended he do, but he wanted it to be new, but didn't want to spend that kind of money, and look what it got him.
0
 
lrmooreCommented:
Do you need more information?
Have you resolved this problem?
Can you close this question?
http://www.experts-exchange.com/help.jsp#hs5

Thanks!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now