Buying a Firewall

I need help buying 2 hardware firewalls for my 2 offices. I have 4 servers running for now. Any suggestions would be awesome. Cheaper the better :)

My first office consits of the following

Database server
File Server/DC
Web Server
Time Clock Server

I am having a few people use VPN
I have a few people use Remote Desktop as well
I have a Netopia 4622 VPN router
I have a Netgear 48 Port Gigbyte Swith

------------------------------------------------------------------

My second office consits of the following
File Server/DC

Barricade Broadband Router SMC7008ABR (NO VPN)
24 port Netgear Gigabyte Switch

Thanks for the help


hcl1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jabiiiCommented:
Read through this. for help making your decision.
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1093527,00.html?track=NL-422&ad=548051USCA

Reference this post.
http://www.experts-exchange.com/Security/Firewalls/Q_21811815.html

Link to them.
http://www.juniper.net/products/integrated/


I highly recommend Juniper Netscreen FW/VPN's.

I've got quite a few of them fielded, a few Cisco's, and even a few old Alcatels. I'd take the Juniper everytime.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
hcl1Author Commented:
I looked at the Juniper FW but really cant find any prices for them.

Would the following work for my second office? How do these connect? Would i plug it into the switch or T1 Router? Would this even work with a T1 line?
Linksys EtherFast Cable/DSL Firewall Router with 4 Port Switch/VPN Endpoint

My first office is the more important one but i would still like to stay around $500 or less.


Thanks again
jabiiiCommented:
the NS 5GT has a couple modles. one of the 5GT modles has DSL built in. so you can plug it straight in. They also have 4 ports on the trusted side, you can plug directly in there, or plug the switch in, whichever fits your needs.

Data Sheet for the GT
https://www.juniper.net/products/integrated/dsheet/110034.pdf

main office.
T1 speed=1.544Mbps
NS5GT FW performance = 75Mbps.

Prices varry on where you get it from. I think a lot of people here have found the Pix 501 and NS to range between 400-600.
But here's one link I just googled. http://www.nscreensales.com/
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

hcl1Author Commented:
How about a FireBox SOHO 6 Firewall - 10 User License? I am confused on what the 10 User License is though. Does that mean that only 10 people could be on the network at one time? I have 25 computers on the local network and then it least 15-20 at any given time coming in to my web server. I also need 1-5 VPN connections at any given time.

Thanks
jabiiiCommented:
I can only speak for the NS, but a 10 user license means you have 10 people authenticate to the box. You can have as many as you want behind it that don't authenticate.
Dushan De SilvaTechnology ArchitectCommented:
You can go to www.cisco.com and search for a reseller for the product. One of the famous would be www.cdw.com, give a search there as 'PIX 501'.

Make sure you are evaluating the license needs. For a couple more bucks, you can get unlimited.
Dushan De SilvaTechnology ArchitectCommented:
wingateslCommented:
Before purchasing a user restricted device take a look at the Cisco 800 Series routers, They do all of the firewall, vpn, routing, etc. you would ever need
http://www.cisco.com/en/US/products/hw/routers/ps380/index.html
hcl1Author Commented:
Well after all this information i am still undecided. Money is the big issue here. I am looking for one around $500 dollars that will do give me unlimited users and let me have it least 5 VPN users but i cant find one for that price. I guess i am asking to much. Guess i will keep looking.

Thanks
wingateslCommented:
hcl1Author Commented:
Thats an awesome price but i have a couple questions on it.

1. You said above to check these out before i go with a user restriction device so i take it this has unlimited users? I can have as many people as i want coming in and out?

2. It doesnt say how many VPN licenses it comes with or if i can buy any and how much.

3. Where exactly would i place this Firewall. I have a 4622 VPN T1 router which hooks right into my 48 port Gigabit Smart Switch. Would i just plug it right into my Switch? I have never had a firewall before obviously.

4. Will this work with a T1 line.. I noticed on some firewalls they only allow so much bandwidth. I would hate to loose any of my T1 speed.

Thanks again man

wingateslCommented:
1,2,4 = unlimited
 
3. That netopia router has a CSU installed in it. this means that it needs to be placed in a bridged mode to work
hcl1Author Commented:
Wow... Thats pretty cheap for everything being unlimited compared to all the other routers that charge you for these licenses. Is there any catch to this Firewall? Just seems to good to be true type of thing...

Would this do anything to the netopia router being placed in a bridged mode? I would have to get a hold of earthlink because they manage the router.

Thanks for all this info it is very much appreciated.
wingateslCommented:
Just tell earthink you want to handle NAT inside your organization ( you want a public ip). There is no catch, Cisco targeted the small business with the product.
hcl1Author Commented:
Oh no that sucks... I remember when i got the T1 line they didnt configure NAT on the router and they had to redo a bunch of stuff. They told me that they almost had to order a whole new line with new IP address. Would there be any way i could just use the NAT on the router instead? This might be a big hassle. Any other suggestions?
wingateslCommented:
The problem with the nat remaining on the router is the amount of control you have over the line. Technically you can get the VPNs etc. to work, but the hassle would be less if you didn't have to deal with them.
jabiiiCommented:
The GT above.
hcl1Author Commented:
I just noticed that this was a router just like the Netopia router i have. Does an actual firewall do the same thing? Would i have to put my router in bridged mode for any firewall? I am just looking for anyway i can get around having to mess with the netopia router because earthlink can be a hassle to work with sometimes.

Thanks
wingateslCommented:
you still have the same issue no matter what firewall you install. If nat is being provided by earthlink you are going to sacrifice VPN efficiency, and all control of your NAT. If they give you a hard time about the NAT and configuration, you can always look at a used cisco 1700 with a T1 WIC. If it is just moving MX recods and such it would be well worth it to do so
wingateslCommented:
I was typing a response to a question you had not asked yet. you would have to deal with it no matter wich firewall you choose
Shawn
hcl1Author Commented:
I am going to email earthlink and ask them what all i would have to go through with taking the NAT off of the Netopia router.
hcl1Author Commented:
Ok this is what they told me...

Turning NAT off will not effect the WAN side but your LAN ip addresses will change to public ips. To turn it off just send in an email request to this email address.

I am not sure what they mean by the LAN IP address will change to public IPs. Are they talking about my Private LAN IP address? The ones everybody is using now 192.168.1.1-254.
wingateslCommented:
They mean that your firewall will now provide the 192.168.1.0 addresses and the outside interface will use your public IP

Before:


(Internet)-----------------(Netopia)---------------(switch)
                           ^public address         ^Private

After:
(Internet)-------(Netopia)--------------(Firewall)-------(Switch)
                                       ^Public                     ^Private
hcl1Author Commented:
So would my LAN Ip address change? Not my Private LAN IP addresses but the ones that our like 65.50.80.159(Example)... I have about 8 of these now setup to where they point to 8 of my Private LAN IP addresses. Mainly for PcAnywhere, Remote Desktop, Secuity Camera's, Etc...

Would i turn off the VPN on the router also?

You said the outside interface of the firewall will use my public IP address. Do you mean one of the 13 Public LAN IP address that earthlink provided me? I just choose one of them to put on there?
wingateslCommented:
it is a little more complicated than that. we really have to take a look at all nat statements and move foreward from there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.