Firewall and anti-virus software for coperate company

I'm looking into upgrading our software. We're rather well behind the times in preventing hacking and having a good backup. I'm just looking for some software that would be good for a company our size. We have approx. 80PCs all XP Pro Workstations. We don't have any VPN yet, but am looking to getting one. Also we have a Point to Point network between here and another small health center we own, that has about 5 PCs on that network. I'm just looking for what is optimial for our company. I was thinking about a hardware firewall, but if a software firewall is just as effective i can settle with that. The only hardware firewall we have now is built into our cisco routers.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
For that many users hardware is the way to go. You do have a free alternitive if you can use Linux, it makes a great firewall with iptables. But  Pix 505e or something from cisco would also be good. There are also free AV's like Clam-Av, yet my recommendation is ultimatly McAfee. I like version 8.0i for workstations.
Linux is easy to setup, just select minimum for the software install, and allow it to partition the drives for you. You don't need anything very modern to have a good firewall (the pix for example is running a 333mhz proc at best) So perhaps a 500mhz or better, with 256meg or better. Then you need at least 2 nic's and your almost done.
Here is a brief guide on iptable setup:

Clam-Av (the windows version is down the page)
Vendors are now doing firewall/AV in one appliance. As per richrumble, there are many with variations on the same theme, they should also be able to do your vpn stuff as well.

check out the following, they will have entry level devices for small office/branch office;

Also checkout McAfee, Symmantec, as well becuase they are also now doing firewall/AV appliances.

there are a few others, just search google.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
We use a custom linux os called Clark Connect.  If you're looking for a cheap/fast solution that easy to setup it's great!  We are running it on a P3 866 / 512mb ram (up 311 days, 17:28) with around 30-50 users behind it.

For more information please check out
Introducing the "443 Security Simplified" Podcast

This new podcast puts you inside the minds of leading white-hat hackers and security researchers. Hosts Marc Laliberte and Corey Nachreiner turn complex security concepts into easily understood and actionable insights on the latest cyber security headlines and trends.

Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
I have used PIX, Sonicwall, Watchguard, and Symantec and my recommendation goes to Watchguard.  I am so impressed by them that I just changed out all the Symantec appliances in the City I work for with Watchguard.

If you want to keep it cheap, put a Firebox X Edge X-50 unit at the main HQ and a X-5 unit at the remote site.  The X-50 with 1 year of maintenance is about $1000 and the X-5 with 1 year of maintenance is about $450.

These have all the built in IPSec VPN Tunnels to connect with each other and come with some mobile user VPN connections.  You can always buy more if you need them.

If you want more Umph at the main site, substitute the X-50 for say an X700.  This is capable of much more expansion and you can purchase Spam Screen, Gateway AntiVirus, etc for it and customize your rules to lock down exactly what you want.

For AntiVirus on the network, Symantec Corporate AntiVirus.  It is easy to setup and use and you can control and monitor everything from the server.
If you are looking to upgrade/change, then this is your opportunity to significantly influence the corporate IT policy. All companies should have one, but very few companies have the ability to enforce a policy/check on useage effectively etc.

If you want an effective monitor/control of this type of useage, then I highly recommend Astaro (Free fro personal use, and well worth playing with - loads of add ons) :

I would use the built in firewall for XP Sp2 (save some $) and buy Norton Corp addition 9.0 with the correct # of licenses. You will save $ in the long run instead of buying separated NAV for each machine.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.