Firewall recommendations

Posted on 2005-04-11
Last Modified: 2013-11-16
I need to put a firewall on one of our routers, and need to find a decent review of the major brands.  Am somewhat familiar with Netscreen, am also looking at Sonicwall and PIX.  Should I get URL filtering as an optional service or use a 3rd party vendor?  Same with email/spam filtering, etc.  We have about 100 users on site, with about 60 needing a remote VPN connection, and one office with a tunnel VPN connection, about 30 users.


Question by:maharlika
    LVL 79

    Accepted Solution


    Good article on choosing the best firewall for you:

    Good solid product that does a lot. The Linksys QuickVPN client is cool.
    Linksys RV082:

    Lots of awards in the press for being a multi-function product, but I don't like all my eggs in one basket and I've heard that they are a real bear to get configured and maintain

    Lots of good press and experts here at EE like these products:

    Adtran is fairly new in the arena, but the products are solid, and the support is good (if you can live without 24x7 support)
    Adtran Netvanta

    Netscreen has been bought out by Juniper Networks. Our corporate Network guys use Netscreen and are looking for a replacement (NOT a Netscreen)
    Netscreen, but I have clients that swear by them...

    Rock-solid product with good support:
    Watchguard Firebox

    Cisco PIX 515e for you - My favorite. Most reliable and versitile (IMHO)

    All of Symantec's products are rock solid, and they combine URL filtering and AV.

    This one I have not personally seen, nor do I have any collegues with first-hand experience:
    LVL 3

    Author Comment

    That's very helpful.  Do you know if there are any benchmark comparisons of the major brands (Sonicwall, Pix, Netscreen, etc.) where they do side-by-side comparisons?
    LVL 79

    Expert Comment

    Best I can tell you is that side-by-side comparisons are typically done by marketing folks, to show how much better their product is than the competition. I really would not put much weight into any of them.
    What I would do is keep up on the threats/vulnerabilities -,1738,1595546,00.asp

    Understand my own comfort level with different products. Some web-based GUI's are not as simple/friendly as they should be. Some command line products are actually much easier to get around in once you get used to it.

    Understand my own requirements. My network of 100 users has a single T1. That T1 is the bottleneck. I don't think there is a firewall on the market that can't handle 1.5Mb throughput. Any "performance" metrics comparisons at this stage are of little or no use to you.

    I have 30 VPN users. Are there hidden client costs for any of the products? Are the clients difficult to deploy/maintain/configure? What level of encryption do I need?

    Do I need access-control/URL filtering? Do we have a company policy that has teeth that I need to enforce/monitor for compliance?

    Do I need inline Antivirus, or does my mail server handle most of that?

    Do I have time/staff to read the logs, audit compliance, etc?

    If I get something with lots of bells and whistles, how much of that capability will I realistically use?

    LVL 3

    Author Comment

    thanks for the good suggestions

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
    This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now