Which Firewall??? Software/Hardware???

I have a hard question for me...

We are putting up several servers one for ftp/sftp, one for Bugzilla, a CRM also host for website and two others.. these are going to be running Linux and Windows Server...

What Hardware device should I use?
WHat software should I use?

What is better??

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cisco PIX is the way to go in my opinion for a smaller office environment and works fine for 3 to 6 servers and around 25 users. The PIX firewall also runs around $500 so it's affordable too!

Firebox units work fairly well too... http://www.watchguard.com

Software firewalls would work better if you were using a dedicated machine as your firewall.... but a hardware one would probably be a hell of a lot better.
Lets analyze a little more, this will help you decide :

1). What kind of internet line will you use, T/1, T/3, DSxx, OCxx ??, this will determine the needed throughput for your WAN/LAN interfaces
2). Do you need VPN, IDS/IPS functionality, etc.
3). Do you need Failover, Loadbalancing, etc of your firewall
4). How many concurrent sessions do you expect through the firewall?

People who say "oooohh!!! get a pix!" really need to get re-trained, the Pix is now reaching end of life and will be replaced by the Cisco Adaptive Security Appliance (ASA 5500 series), the pricing is the same for the lower models (comparible with the 501's and 506's).

Without knowing more about your requirements I could say go with an
ASA, Sonicwall SOHO or Pro Series, Checkpoint NG Series, Watchguard Firebox, Smoothwall, hell you could even just use IPTables on an OpenBSD box.

It all depends on your specific needs and your budget.

- SaP -
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

I'd recommend getting a Cisco PIX 515 Firewall  as a hardware one
Get ISA 2004 as software firewall.
Which suits you?  anyone. depends on your budget.
sporenzaAuthor Commented:
1) we have T1
2) no VPN needed
3) no failover etc needed
4) I would say no more than 20 a time

what do you think...

Great product, easy to setup, web interface to administer, great and easy to use support and the licensing model allows you to expand the featureset easily if you decide you need a VPN or more clients, etc.

- SaP -
Security+, Server+, Network+, A+, I-Net+
I've always had good luck with Cisco PIX.

Sonicwall is okay but make sure the build you buy allows for a Proxy ID, otherwise you'll have a hell of a time establishing tunnels between dissimilar firewall vendors.

Perhaps more detail on exactly what you require of your firewall might be helpful.
There is no need to establish tunnels as he states above he needs no VPN's.

- SaP -
ahhh - missed that little nugget.

Well I'd still say that Cisco PIX has more of the lion share of the market right now.  Plus I've had better results with the Cisco TAC than when I call Sonicwall support.

Basically it will all boil down to a Ford vs. Chevy debate.  You just have to pick the one that agrees with you.  Had a boss one time that went with PIX for no other reason than the color scheme... haha
I'll agree with that to some extent, but lets put this into perspective :

-- Installing Sonicwall :
Plug in Cables and power on
Open Web browser to

-- Installing Pix 501 :
Plug in Cables and power on
Access Pix via Hyperterminal Console
Upload PDM
Issue several commands to generate cert, configure PDM locations, etc.
Open web browsser to PDM

Also, the PDM is intuitive... IF... you know Cisco terminology and are used to using the command line, this is like auto trans vs. manual for someone who knows how to drive, but if you don't know how to drive to begin with its no easier. I stand by the Sonicwall interface as taking 10 min to setup a firewall, the PDM would take someone who's never used it 30-60 minutes minimum. Especially since internet access will be down due to the firewall install so asking google for help may not be available.

- SaP -
I have a problem with any firewall that takes virtually no setup to get started.

Here we go with the debate.

in any event, my vote is PIX and obviously SAP votes Sonicwall.  Who's right?  Better ask Mr. Owl.  (Saturday Morning Cartoons Reference)
I'll bite, how does a "complicated" firewall automatically make it better?.

If Cisco thought making it complicated to setup a firewall they would never have published PDM, so that makes the "complicated is better" argument moot. Even Cisco thinks easier is better, if not we'd be using the command line for everything still.

It's not a matter of who's right, its a matter of analyzing the factors and making a decision, it's not mine to make, I'm just presenting the facts relating to the various options. The sonicwall is easy to setup, cheap and well supported. The pix is more difficult to setup, cheap and well supported. That said I figure an admin of a small network would be better office with an easy to setup appliance as opposed to one requiring more effort and possibly specialized training to setup.

Just to make sure we all know where I stand, my enterprise is deployed with only Pix's, but my environment is an enterprise, not a SMB.

- SaP -

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.