We help IT Professionals succeed at work.

Which Firewall??? Software/Hardware???

Medium Priority
Last Modified: 2010-03-19
I have a hard question for me...

We are putting up several servers one for ftp/sftp, one for Bugzilla, a CRM also host for website and two others.. these are going to be running Linux and Windows Server...

What Hardware device should I use?
WHat software should I use?

What is better??

Watch Question

Cisco PIX is the way to go in my opinion for a smaller office environment and works fine for 3 to 6 servers and around 25 users. The PIX firewall also runs around $500 so it's affordable too!

Distinguished Expert 2019

Firebox units work fairly well too... http://www.watchguard.com

Software firewalls would work better if you were using a dedicated machine as your firewall.... but a hardware one would probably be a hell of a lot better.

Lets analyze a little more, this will help you decide :

1). What kind of internet line will you use, T/1, T/3, DSxx, OCxx ??, this will determine the needed throughput for your WAN/LAN interfaces
2). Do you need VPN, IDS/IPS functionality, etc.
3). Do you need Failover, Loadbalancing, etc of your firewall
4). How many concurrent sessions do you expect through the firewall?

People who say "oooohh!!! get a pix!" really need to get re-trained, the Pix is now reaching end of life and will be replaced by the Cisco Adaptive Security Appliance (ASA 5500 series), the pricing is the same for the lower models (comparible with the 501's and 506's).

Without knowing more about your requirements I could say go with an
ASA, Sonicwall SOHO or Pro Series, Checkpoint NG Series, Watchguard Firebox, Smoothwall, hell you could even just use IPTables on an OpenBSD box.

It all depends on your specific needs and your budget.

- SaP -

I'd recommend getting a Cisco PIX 515 Firewall  as a hardware one
Get ISA 2004 as software firewall.
Which suits you?  anyone. depends on your budget.


1) we have T1
2) no VPN needed
3) no failover etc needed
4) I would say no more than 20 a time

what do you think...


Great product, easy to setup, web interface to administer, great and easy to use support and the licensing model allows you to expand the featureset easily if you decide you need a VPN or more clients, etc.

- SaP -
Security+, Server+, Network+, A+, I-Net+

I've always had good luck with Cisco PIX.

Sonicwall is okay but make sure the build you buy allows for a Proxy ID, otherwise you'll have a hell of a time establishing tunnels between dissimilar firewall vendors.

Perhaps more detail on exactly what you require of your firewall might be helpful.

There is no need to establish tunnels as he states above he needs no VPN's.

- SaP -

ahhh - missed that little nugget.

Well I'd still say that Cisco PIX has more of the lion share of the market right now.  Plus I've had better results with the Cisco TAC than when I call Sonicwall support.

Basically it will all boil down to a Ford vs. Chevy debate.  You just have to pick the one that agrees with you.  Had a boss one time that went with PIX for no other reason than the color scheme... haha

I'll agree with that to some extent, but lets put this into perspective :

-- Installing Sonicwall :
Plug in Cables and power on
Open Web browser to

-- Installing Pix 501 :
Plug in Cables and power on
Access Pix via Hyperterminal Console
Upload PDM
Issue several commands to generate cert, configure PDM locations, etc.
Open web browsser to PDM

Also, the PDM is intuitive... IF... you know Cisco terminology and are used to using the command line, this is like auto trans vs. manual for someone who knows how to drive, but if you don't know how to drive to begin with its no easier. I stand by the Sonicwall interface as taking 10 min to setup a firewall, the PDM would take someone who's never used it 30-60 minutes minimum. Especially since internet access will be down due to the firewall install so asking google for help may not be available.

- SaP -

I have a problem with any firewall that takes virtually no setup to get started.

Here we go with the debate.

in any event, my vote is PIX and obviously SAP votes Sonicwall.  Who's right?  Better ask Mr. Owl.  (Saturday Morning Cartoons Reference)
I'll bite, how does a "complicated" firewall automatically make it better?.

If Cisco thought making it complicated to setup a firewall they would never have published PDM, so that makes the "complicated is better" argument moot. Even Cisco thinks easier is better, if not we'd be using the command line for everything still.

It's not a matter of who's right, its a matter of analyzing the factors and making a decision, it's not mine to make, I'm just presenting the facts relating to the various options. The sonicwall is easy to setup, cheap and well supported. The pix is more difficult to setup, cheap and well supported. That said I figure an admin of a small network would be better office with an easy to setup appliance as opposed to one requiring more effort and possibly specialized training to setup.

Just to make sure we all know where I stand, my enterprise is deployed with only Pix's, but my environment is an enterprise, not a SMB.

- SaP -

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.