?
Solved

Firewall recommendations

Posted on 2005-04-11
4
Medium Priority
?
286 Views
Last Modified: 2013-11-16
I need to put a firewall on one of our routers, and need to find a decent review of the major brands.  Am somewhat familiar with Netscreen, am also looking at Sonicwall and PIX.  Should I get URL filtering as an optional service or use a 3rd party vendor?  Same with email/spam filtering, etc.  We have about 100 users on site, with about 60 needing a remote VPN connection, and one office with a tunnel VPN connection, about 30 users.

Thanks

0
Comment
Question by:maharlika
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 600 total points
ID: 13758041

Good article on choosing the best firewall for you:
http://www.sans.org/rr/whitepapers/firewalls/951.php

Good solid product that does a lot. The Linksys QuickVPN client is cool.
Linksys RV082:
http://www.linksys.com/products/product.asp?prid=589&scid=29

Lots of awards in the press for being a multi-function product, but I don't like all my eggs in one basket and I've heard that they are a real bear to get configured and maintain
Fortinet:
http://www.fortinet.com/news/pr/2004/pr102504.html
http://www.fortinet.com/products/telesoho.html

Lots of good press and experts here at EE like these products:
SonicWall
http://www.sonicwall.com/

Adtran is fairly new in the arena, but the products are solid, and the support is good (if you can live without 24x7 support)
Adtran Netvanta
https://www.adtran.com/adtranpx/Rooms/DisplayPages/LayoutInitial?Product=com.webridge.entity.Entity%5BOID%5B27100B71B4B3E44D84DCAE487414CD69%5D%5D&Container=com.webridge.entity.Entity%5BOID%5B54C70AA0A26ED711A78500D0B72032D8%5D%5D&ProductCategory=com.webridge.entity.Entity%5BOID%5BCB5C5CB7C4419B4AA04F9CE1AEDD8CE7%5D%5D

Netscreen has been bought out by Juniper Networks. Our corporate Network guys use Netscreen and are looking for a replacement (NOT a Netscreen)
Netscreen, but I have clients that swear by them...
http://www.juniper.net/products/glance/nscn_5.html

Rock-solid product with good support:
Watchguard Firebox
http://www.watchguard.com/products/

Cisco PIX 515e for you - My favorite. Most reliable and versitile (IMHO)
http://www.cisco.com/go/pix

All of Symantec's products are rock solid, and they combine URL filtering and AV.
Symantec:
http://www.symantec.com/smallbiz/gtw/

This one I have not personally seen, nor do I have any collegues with first-hand experience:
SNAP:
http://www.clearpathnet.com/snap/default.asp
0
 
LVL 3

Author Comment

by:maharlika
ID: 13764175
That's very helpful.  Do you know if there are any benchmark comparisons of the major brands (Sonicwall, Pix, Netscreen, etc.) where they do side-by-side comparisons?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 13764955
Best I can tell you is that side-by-side comparisons are typically done by marketing folks, to show how much better their product is than the competition. I really would not put much weight into any of them.
What I would do is keep up on the threats/vulnerabilities -
http://www.eweek.com/category2/0,1738,1595546,00.asp

Understand my own comfort level with different products. Some web-based GUI's are not as simple/friendly as they should be. Some command line products are actually much easier to get around in once you get used to it.

Understand my own requirements. My network of 100 users has a single T1. That T1 is the bottleneck. I don't think there is a firewall on the market that can't handle 1.5Mb throughput. Any "performance" metrics comparisons at this stage are of little or no use to you.

I have 30 VPN users. Are there hidden client costs for any of the products? Are the clients difficult to deploy/maintain/configure? What level of encryption do I need?

Do I need access-control/URL filtering? Do we have a company policy that has teeth that I need to enforce/monitor for compliance?

Do I need inline Antivirus, or does my mail server handle most of that?

Do I have time/staff to read the logs, audit compliance, etc?

If I get something with lots of bells and whistles, how much of that capability will I realistically use?


0
 
LVL 3

Author Comment

by:maharlika
ID: 13776906
Irmoore:
thanks for the good suggestions
0

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Suggested Courses
Course of the Month8 days, 16 hours left to enroll

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question