Outgrew BEFSX41's - what's next?

Posted on 2005-04-05
Last Modified: 2010-03-18
We have 3 Linksys BEFSX41 firewall routers that sit between our LAN and the Internet.  We have 3 static IP addresses.  The WAN side of each router is configured with one.  The LAN sides of each router are attached to 3 separate subnets.  We have a hetrogenous network of approximately 20 boxes - Lintel, Wintel, and AIX RS6000s running many of the standard services as well as a number of oddball services that eat up a number of ports..  I'm looking for an turnkey replacement for this hodgepodge of a routing/forwarding subsystem.  The system must support (in order of priority):

1) DMZ
2) Firewalling
3) DoS protection
4) 8 or more ports *each*of*which* can belong to a separate subnet if desired
5) NAT
6) LAN/LAN, LAN/WAN, WAN/LAN and WAN/WAN routing
7) Cannot be a "build-your-own Linux" box gleaned from a web page at
8) VPN
9) Configurable packet drop/reject/forwarding is a plus

I'm seeking a short list of at least three (3) recommended "boxes" costing no more than $25/port.  The first responder to list (3) recommendations that can meet #1-7 will be awarded 125 points.  Please provide a short statement that backs up your recommendations.


Question by:cgi-bin
    LVL 38

    Expert Comment


      You are asking about the firewall/VPN solution. SonicWall or Juniper Netscreen VPN box might be what you are looking for.
    SonicWall might be cheaper.

      Only request (4) that you need to pay more if you want the 8 layer-3 switch ports on the firewall box.
    The rest are all met by the VPN box.


    Author Comment

    Thanks Wesley.  I looked at the 1260 which seemed to have most of what I need but it seems to be quite a bit more than $25/port.  By the time I load up with antivirus, and optional WAN port, it's looking like around $1500-2000.  And then there's the support and maintenance...  The Netscreen -5GT and -5HSC, are actually less pricey, but are user-based and don't seem to support #4.

    LVL 38

    Accepted Solution

    For firewall/VPN box, most of models come with 4 swtich ports only.
    For #4, you are asking for either a router or a layer 3 switch, which is expensive.
    You can separate Firewall/VPN with layer 3 switch to different boxes so you can have more choice.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    This video discusses moving either the default database or any database to a new volume.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now