• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Manageable netwok security suggestions.

Greetings Security Experts;

I am in great need of some advice.  We are looking for a product(s) that will do a number of things:

1) Bridge - needs to be transparent as to not have to change all the ips on the computers behind it, also needs to have good throughput.

2)  Firewalling - needs to do deep packet inspection, it needs to protect agains DoS and other malicious attacks, and automatically update itself.

3) QoS - we need to be able to setup a specfic service to use a certain percentage of our bandwidth and also prioritize one service over the other (Web over FTP etc).

Any extra reporting or management interfaces would be nice as well.

The main goal here is to have a device that we can put in place on/in front of the network and protect us from all harm and us not have to worry about it.

Thanks.
0
seanostephens
Asked:
seanostephens
  • 10
  • 8
1 Solution
 
lrmooreCommented:
Cisco PIX 515e ver 7.0(1)
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet0900aecd80225ae1.html

- Deep inspection firewall services
- L2 transparent firewall
- Q0S

Web management interface, real-time reporting
0
 
seanostephensAuthor Commented:
Would you recommend it?
0
 
lrmooreCommented:
Absolutely! Without hesitation.
I've installed literally hundreds of PIX firewalls and they are all rock-solid. The new features of ver 7.0 are awesome.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
seanostephensAuthor Commented:
Hmmmm...

I'm a little (new), but would you recommend a specific model, it's pretty confusing? Also, I've looked everywhere for an example of the Web GUI, with no luck - any idea where I can see it?

CISCO PIX 515E FAILOVER INTERNET FIREWALL/VPN SECURITY APPLIANCE GATEWAY BUNDLE
( Manufacturer No.: PIX-515E-FO-BUN ) $ 2929

CISCO PIX 515E INTERNET FIREWALL/VPN SECURITY APPLIANCE (CHASSIS, FAILOVER SW, 6 FE PORTS, VAC)
( Manufacturer No.: PIX-515E-FO-FE-BUN ) $ 3395

CISCO PIX 515E INTERNET FIREWALL/VPN SECURITY APPLIANCE GATEWAY UNRESTRICTED SOFTWARE BUNDLE
( Manufacturer No.: PIX-515E-R-BUN ) $ 3419

CISCO PIX 515E INTERNET FIREWALL/VPN SECURITY APPLIANCE RESTRICTED SOFTWARE DMZ VPN BUNDLE
( Manufacturer No.: PIX-515E-R-DMZ-BUN )
 $ 3608
0
 
lrmooreCommented:
You're looking for PIX 515E-UR-FE-BUN
The "R" model does not have enough memory to run the new 7.0 code
The "UR" model does. You need 128Mb minimum

PIX 515E-UR-FE Bundle (Chas,Unrestricted SW,128MB,6 FE,VAC+) (Cisco part #: PIX-515E-UR-FE-BUN)      $7,495.00

For examples of the Web GUI
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_70/70_515qk.htm
0
 
seanostephensAuthor Commented:

Ouch, that's steep for my budget. Is that the only one that can do that? I'm gonna choke on anything above $4000ish...
0
 
lrmooreCommented:
Unfortunately, yes. There is one model lower, at only $200 less. This is "list" price. "Street" price should be around 30% less or better. Expect around $4500 street price..
If you have MCI/ATT contracts or connections to a Cisco Gold partner, you can get it for around $3500-$3800

0
 
seanostephensAuthor Commented:

I guess I should start a new question;

"Do you know a Cisco Gold Partner"?

:)
0
 
seanostephensAuthor Commented:

Hmmm...

I'm interested on how you would compare the PIX against these two together based on your knowledge;

http://www.netequalizer.com/nda.htm (QOS, NE1000) Approx $1500USD
http://www.sonicwall.com/products/pro2040.html (Sonicwall 2040) Approx $2500

About $4000 - "Street"...
0
 
lrmooreCommented:
The netequalizer is nothing but a linux box designed specifically for bandwidth control. It provides no better solution than any generic Linux firewall out there, but adds NTOP, which is also free. Looks like someone put together a bunch of freeware together in one appliance.

The Sonicwall is a pretty solid product with good support. I have no direct experience with the product, but many of the experts here like them.

0
 
seanostephensAuthor Commented:
Sorry, I guess what I am asking is will these 2 products accomplish the same thing as the PIX?
0
 
lrmooreCommented:
I don't know that the Sonicwall can be a "drop in" device. Other than that, it may be a good solution for you to combine the two devices.
0
 
seanostephensAuthor Commented:

Yah, my research shows that the following can work as drop-ins, and seem to be pretty good enterprise firewall solutions, and all about the same price. But I am still a little leary as to which one is best;

Watchguard Firebox 500
Sonicwall 2040
Netscreen 5GT

0
 
seanostephensAuthor Commented:

Funny, Irmoore - I see you in past posts talking about the Netscreen - which is WAY cheaper than the PIX and seems like it might offer what we need - why did you not suggest it in this case?
0
 
lrmooreCommented:
I've only mentioned Netscreen in a generic list of potential firewall vendors.
Since they were bought out by Juniper Networks, our corporate guys have been looking for a replacement that is *not* Netscreen. Looking at PIX, Sonicwall, and Symantec...
I've only real hands-on with PIX and can state unequivically that it will suit all your needs. Not so sure about the others.
I've heard that the Watchguard is easy to setup and manage, and their support is top notch.
0
 
seanostephensAuthor Commented:
I bought a netscreen. Still haven't got it to work yet, though.
0
 
lrmooreCommented:
>Still haven't got it to work yet
Can I say "I told you so!" ??
0
 
seanostephensAuthor Commented:
:)

It does look pretty. Lots of blinking lights.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 10
  • 8
Tackle projects and never again get stuck behind a technical roadblock.
Join Now