sporenza
asked on
Which Firewall??? Software/Hardware???
I have a hard question for me...
We are putting up several servers one for ftp/sftp, one for Bugzilla, a CRM also host for website and two others.. these are going to be running Linux and Windows Server...
What Hardware device should I use?
WHat software should I use?
What is better??
THANKS!
We are putting up several servers one for ftp/sftp, one for Bugzilla, a CRM also host for website and two others.. these are going to be running Linux and Windows Server...
What Hardware device should I use?
WHat software should I use?
What is better??
THANKS!
Firebox units work fairly well too... http://www.watchguard.com
Software firewalls would work better if you were using a dedicated machine as your firewall.... but a hardware one would probably be a hell of a lot better.
Software firewalls would work better if you were using a dedicated machine as your firewall.... but a hardware one would probably be a hell of a lot better.
Lets analyze a little more, this will help you decide :
1). What kind of internet line will you use, T/1, T/3, DSxx, OCxx ??, this will determine the needed throughput for your WAN/LAN interfaces
2). Do you need VPN, IDS/IPS functionality, etc.
3). Do you need Failover, Loadbalancing, etc of your firewall
4). How many concurrent sessions do you expect through the firewall?
People who say "oooohh!!! get a pix!" really need to get re-trained, the Pix is now reaching end of life and will be replaced by the Cisco Adaptive Security Appliance (ASA 5500 series), the pricing is the same for the lower models (comparible with the 501's and 506's).
Without knowing more about your requirements I could say go with an
ASA, Sonicwall SOHO or Pro Series, Checkpoint NG Series, Watchguard Firebox, Smoothwall, hell you could even just use IPTables on an OpenBSD box.
It all depends on your specific needs and your budget.
- SaP -
1). What kind of internet line will you use, T/1, T/3, DSxx, OCxx ??, this will determine the needed throughput for your WAN/LAN interfaces
2). Do you need VPN, IDS/IPS functionality, etc.
3). Do you need Failover, Loadbalancing, etc of your firewall
4). How many concurrent sessions do you expect through the firewall?
People who say "oooohh!!! get a pix!" really need to get re-trained, the Pix is now reaching end of life and will be replaced by the Cisco Adaptive Security Appliance (ASA 5500 series), the pricing is the same for the lower models (comparible with the 501's and 506's).
Without knowing more about your requirements I could say go with an
ASA, Sonicwall SOHO or Pro Series, Checkpoint NG Series, Watchguard Firebox, Smoothwall, hell you could even just use IPTables on an OpenBSD box.
It all depends on your specific needs and your budget.
- SaP -
I'd recommend getting a Cisco PIX 515 Firewall as a hardware one
Get ISA 2004 as software firewall.
Which suits you? anyone. depends on your budget.
Get ISA 2004 as software firewall.
Which suits you? anyone. depends on your budget.
ASKER
OxSaPxO
1) we have T1
2) no VPN needed
3) no failover etc needed
4) I would say no more than 20 a time
what do you think...
1) we have T1
2) no VPN needed
3) no failover etc needed
4) I would say no more than 20 a time
what do you think...
http://www.sonicwall.com/products/tz170.html
Great product, easy to setup, web interface to administer, great and easy to use support and the licensing model allows you to expand the featureset easily if you decide you need a VPN or more clients, etc.
- SaP -
CISSP, CCNA, CCDA, MCSE, CCA, CNA
Security+, Server+, Network+, A+, I-Net+
Great product, easy to setup, web interface to administer, great and easy to use support and the licensing model allows you to expand the featureset easily if you decide you need a VPN or more clients, etc.
- SaP -
CISSP, CCNA, CCDA, MCSE, CCA, CNA
Security+, Server+, Network+, A+, I-Net+
I've always had good luck with Cisco PIX.
Sonicwall is okay but make sure the build you buy allows for a Proxy ID, otherwise you'll have a hell of a time establishing tunnels between dissimilar firewall vendors.
Perhaps more detail on exactly what you require of your firewall might be helpful.
Sonicwall is okay but make sure the build you buy allows for a Proxy ID, otherwise you'll have a hell of a time establishing tunnels between dissimilar firewall vendors.
Perhaps more detail on exactly what you require of your firewall might be helpful.
There is no need to establish tunnels as he states above he needs no VPN's.
- SaP -
- SaP -
ahhh - missed that little nugget.
Well I'd still say that Cisco PIX has more of the lion share of the market right now. Plus I've had better results with the Cisco TAC than when I call Sonicwall support.
Basically it will all boil down to a Ford vs. Chevy debate. You just have to pick the one that agrees with you. Had a boss one time that went with PIX for no other reason than the color scheme... haha
Well I'd still say that Cisco PIX has more of the lion share of the market right now. Plus I've had better results with the Cisco TAC than when I call Sonicwall support.
Basically it will all boil down to a Ford vs. Chevy debate. You just have to pick the one that agrees with you. Had a boss one time that went with PIX for no other reason than the color scheme... haha
I'll agree with that to some extent, but lets put this into perspective :
-- Installing Sonicwall :
Plug in Cables and power on
Open Web browser to 192.168.168.168
Viola
-- Installing Pix 501 :
Plug in Cables and power on
Access Pix via Hyperterminal Console
Upload PDM
Issue several commands to generate cert, configure PDM locations, etc.
Open web browsser to PDM
Viola
Also, the PDM is intuitive... IF... you know Cisco terminology and are used to using the command line, this is like auto trans vs. manual for someone who knows how to drive, but if you don't know how to drive to begin with its no easier. I stand by the Sonicwall interface as taking 10 min to setup a firewall, the PDM would take someone who's never used it 30-60 minutes minimum. Especially since internet access will be down due to the firewall install so asking google for help may not be available.
- SaP -
-- Installing Sonicwall :
Plug in Cables and power on
Open Web browser to 192.168.168.168
Viola
-- Installing Pix 501 :
Plug in Cables and power on
Access Pix via Hyperterminal Console
Upload PDM
Issue several commands to generate cert, configure PDM locations, etc.
Open web browsser to PDM
Viola
Also, the PDM is intuitive... IF... you know Cisco terminology and are used to using the command line, this is like auto trans vs. manual for someone who knows how to drive, but if you don't know how to drive to begin with its no easier. I stand by the Sonicwall interface as taking 10 min to setup a firewall, the PDM would take someone who's never used it 30-60 minutes minimum. Especially since internet access will be down due to the firewall install so asking google for help may not be available.
- SaP -
I have a problem with any firewall that takes virtually no setup to get started.
Here we go with the debate.
in any event, my vote is PIX and obviously SAP votes Sonicwall. Who's right? Better ask Mr. Owl. (Saturday Morning Cartoons Reference)
Here we go with the debate.
in any event, my vote is PIX and obviously SAP votes Sonicwall. Who's right? Better ask Mr. Owl. (Saturday Morning Cartoons Reference)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html