Link to home
Create AccountLog in
Avatar of sporenza
sporenza

asked on

Which Firewall??? Software/Hardware???

I have a hard question for me...

We are putting up several servers one for ftp/sftp, one for Bugzilla, a CRM also host for website and two others.. these are going to be running Linux and Windows Server...

What Hardware device should I use?
WHat software should I use?

What is better??

THANKS!
Avatar of bthomasian
bthomasian

Cisco PIX is the way to go in my opinion for a smaller office environment and works fine for 3 to 6 servers and around 25 users. The PIX firewall also runs around $500 so it's affordable too!

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html
Avatar of masnrock
Firebox units work fairly well too... http://www.watchguard.com

Software firewalls would work better if you were using a dedicated machine as your firewall.... but a hardware one would probably be a hell of a lot better.
Lets analyze a little more, this will help you decide :

1). What kind of internet line will you use, T/1, T/3, DSxx, OCxx ??, this will determine the needed throughput for your WAN/LAN interfaces
2). Do you need VPN, IDS/IPS functionality, etc.
3). Do you need Failover, Loadbalancing, etc of your firewall
4). How many concurrent sessions do you expect through the firewall?

People who say "oooohh!!! get a pix!" really need to get re-trained, the Pix is now reaching end of life and will be replaced by the Cisco Adaptive Security Appliance (ASA 5500 series), the pricing is the same for the lower models (comparible with the 501's and 506's).

Without knowing more about your requirements I could say go with an
ASA, Sonicwall SOHO or Pro Series, Checkpoint NG Series, Watchguard Firebox, Smoothwall, hell you could even just use IPTables on an OpenBSD box.

It all depends on your specific needs and your budget.

- SaP -
I'd recommend getting a Cisco PIX 515 Firewall  as a hardware one
Get ISA 2004 as software firewall.
Which suits you?  anyone. depends on your budget.
Avatar of sporenza

ASKER

OxSaPxO
1) we have T1
2) no VPN needed
3) no failover etc needed
4) I would say no more than 20 a time

what do you think...
http://www.sonicwall.com/products/tz170.html

Great product, easy to setup, web interface to administer, great and easy to use support and the licensing model allows you to expand the featureset easily if you decide you need a VPN or more clients, etc.

- SaP -
CISSP, CCNA, CCDA, MCSE, CCA, CNA
Security+, Server+, Network+, A+, I-Net+
 
I've always had good luck with Cisco PIX.

Sonicwall is okay but make sure the build you buy allows for a Proxy ID, otherwise you'll have a hell of a time establishing tunnels between dissimilar firewall vendors.

Perhaps more detail on exactly what you require of your firewall might be helpful.
There is no need to establish tunnels as he states above he needs no VPN's.

- SaP -
ahhh - missed that little nugget.

Well I'd still say that Cisco PIX has more of the lion share of the market right now.  Plus I've had better results with the Cisco TAC than when I call Sonicwall support.

Basically it will all boil down to a Ford vs. Chevy debate.  You just have to pick the one that agrees with you.  Had a boss one time that went with PIX for no other reason than the color scheme... haha
I'll agree with that to some extent, but lets put this into perspective :

-- Installing Sonicwall :
Plug in Cables and power on
Open Web browser to 192.168.168.168
Viola

-- Installing Pix 501 :
Plug in Cables and power on
Access Pix via Hyperterminal Console
Upload PDM
Issue several commands to generate cert, configure PDM locations, etc.
Open web browsser to PDM
Viola

Also, the PDM is intuitive... IF... you know Cisco terminology and are used to using the command line, this is like auto trans vs. manual for someone who knows how to drive, but if you don't know how to drive to begin with its no easier. I stand by the Sonicwall interface as taking 10 min to setup a firewall, the PDM would take someone who's never used it 30-60 minutes minimum. Especially since internet access will be down due to the firewall install so asking google for help may not be available.

- SaP -
I have a problem with any firewall that takes virtually no setup to get started.

Here we go with the debate.

in any event, my vote is PIX and obviously SAP votes Sonicwall.  Who's right?  Better ask Mr. Owl.  (Saturday Morning Cartoons Reference)
ASKER CERTIFIED SOLUTION
Avatar of 0xSaPx0
0xSaPx0

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer