• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Buying a Firewall

I need help buying 2 hardware firewalls for my 2 offices. I have 4 servers running for now. Any suggestions would be awesome. Cheaper the better :)

My first office consits of the following

Database server
File Server/DC
Web Server
Time Clock Server

I am having a few people use VPN
I have a few people use Remote Desktop as well
I have a Netopia 4622 VPN router
I have a Netgear 48 Port Gigbyte Swith

------------------------------------------------------------------

My second office consits of the following
File Server/DC

Barricade Broadband Router SMC7008ABR (NO VPN)
24 port Netgear Gigabyte Switch

Thanks for the help


0
hcl1
Asked:
hcl1
  • 10
  • 9
  • 6
  • +1
8 Solutions
 
jabiiiCommented:
Read through this. for help making your decision.
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1093527,00.html?track=NL-422&ad=548051USCA

Reference this post.
http://www.experts-exchange.com/Security/Firewalls/Q_21811815.html

Link to them.
http://www.juniper.net/products/integrated/


I highly recommend Juniper Netscreen FW/VPN's.

I've got quite a few of them fielded, a few Cisco's, and even a few old Alcatels. I'd take the Juniper everytime.
0
 
hcl1Author Commented:
I looked at the Juniper FW but really cant find any prices for them.

Would the following work for my second office? How do these connect? Would i plug it into the switch or T1 Router? Would this even work with a T1 line?
Linksys EtherFast Cable/DSL Firewall Router with 4 Port Switch/VPN Endpoint

My first office is the more important one but i would still like to stay around $500 or less.


Thanks again
0
 
jabiiiCommented:
the NS 5GT has a couple modles. one of the 5GT modles has DSL built in. so you can plug it straight in. They also have 4 ports on the trusted side, you can plug directly in there, or plug the switch in, whichever fits your needs.

Data Sheet for the GT
https://www.juniper.net/products/integrated/dsheet/110034.pdf

main office.
T1 speed=1.544Mbps
NS5GT FW performance = 75Mbps.

Prices varry on where you get it from. I think a lot of people here have found the Pix 501 and NS to range between 400-600.
But here's one link I just googled. http://www.nscreensales.com/
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
hcl1Author Commented:
How about a FireBox SOHO 6 Firewall - 10 User License? I am confused on what the 10 User License is though. Does that mean that only 10 people could be on the network at one time? I have 25 computers on the local network and then it least 15-20 at any given time coming in to my web server. I also need 1-5 VPN connections at any given time.

Thanks
0
 
jabiiiCommented:
I can only speak for the NS, but a 10 user license means you have 10 people authenticate to the box. You can have as many as you want behind it that don't authenticate.
0
 
Dushan De SilvaTechnology ArchitectCommented:
You can go to www.cisco.com and search for a reseller for the product. One of the famous would be www.cdw.com, give a search there as 'PIX 501'.

Make sure you are evaluating the license needs. For a couple more bucks, you can get unlimited.
0
 
Dushan De SilvaTechnology ArchitectCommented:
0
 
wingateslCommented:
Before purchasing a user restricted device take a look at the Cisco 800 Series routers, They do all of the firewall, vpn, routing, etc. you would ever need
http://www.cisco.com/en/US/products/hw/routers/ps380/index.html
0
 
hcl1Author Commented:
Well after all this information i am still undecided. Money is the big issue here. I am looking for one around $500 dollars that will do give me unlimited users and let me have it least 5 VPN users but i cant find one for that price. I guess i am asking to much. Guess i will keep looking.

Thanks
0
 
wingateslCommented:
0
 
hcl1Author Commented:
Thats an awesome price but i have a couple questions on it.

1. You said above to check these out before i go with a user restriction device so i take it this has unlimited users? I can have as many people as i want coming in and out?

2. It doesnt say how many VPN licenses it comes with or if i can buy any and how much.

3. Where exactly would i place this Firewall. I have a 4622 VPN T1 router which hooks right into my 48 port Gigabit Smart Switch. Would i just plug it right into my Switch? I have never had a firewall before obviously.

4. Will this work with a T1 line.. I noticed on some firewalls they only allow so much bandwidth. I would hate to loose any of my T1 speed.

Thanks again man

0
 
wingateslCommented:
1,2,4 = unlimited
 
3. That netopia router has a CSU installed in it. this means that it needs to be placed in a bridged mode to work
0
 
hcl1Author Commented:
Wow... Thats pretty cheap for everything being unlimited compared to all the other routers that charge you for these licenses. Is there any catch to this Firewall? Just seems to good to be true type of thing...

Would this do anything to the netopia router being placed in a bridged mode? I would have to get a hold of earthlink because they manage the router.

Thanks for all this info it is very much appreciated.
0
 
wingateslCommented:
Just tell earthink you want to handle NAT inside your organization ( you want a public ip). There is no catch, Cisco targeted the small business with the product.
0
 
hcl1Author Commented:
Oh no that sucks... I remember when i got the T1 line they didnt configure NAT on the router and they had to redo a bunch of stuff. They told me that they almost had to order a whole new line with new IP address. Would there be any way i could just use the NAT on the router instead? This might be a big hassle. Any other suggestions?
0
 
wingateslCommented:
The problem with the nat remaining on the router is the amount of control you have over the line. Technically you can get the VPNs etc. to work, but the hassle would be less if you didn't have to deal with them.
0
 
jabiiiCommented:
The GT above.
0
 
hcl1Author Commented:
I just noticed that this was a router just like the Netopia router i have. Does an actual firewall do the same thing? Would i have to put my router in bridged mode for any firewall? I am just looking for anyway i can get around having to mess with the netopia router because earthlink can be a hassle to work with sometimes.

Thanks
0
 
wingateslCommented:
you still have the same issue no matter what firewall you install. If nat is being provided by earthlink you are going to sacrifice VPN efficiency, and all control of your NAT. If they give you a hard time about the NAT and configuration, you can always look at a used cisco 1700 with a T1 WIC. If it is just moving MX recods and such it would be well worth it to do so
0
 
wingateslCommented:
I was typing a response to a question you had not asked yet. you would have to deal with it no matter wich firewall you choose
Shawn
0
 
hcl1Author Commented:
I am going to email earthlink and ask them what all i would have to go through with taking the NAT off of the Netopia router.
0
 
hcl1Author Commented:
Ok this is what they told me...

Turning NAT off will not effect the WAN side but your LAN ip addresses will change to public ips. To turn it off just send in an email request to this email address.

I am not sure what they mean by the LAN IP address will change to public IPs. Are they talking about my Private LAN IP address? The ones everybody is using now 192.168.1.1-254.
0
 
wingateslCommented:
They mean that your firewall will now provide the 192.168.1.0 addresses and the outside interface will use your public IP

Before:


(Internet)-----------------(Netopia)---------------(switch)
                           ^public address         ^Private

After:
(Internet)-------(Netopia)--------------(Firewall)-------(Switch)
                                       ^Public                     ^Private
0
 
hcl1Author Commented:
So would my LAN Ip address change? Not my Private LAN IP addresses but the ones that our like 65.50.80.159(Example)... I have about 8 of these now setup to where they point to 8 of my Private LAN IP addresses. Mainly for PcAnywhere, Remote Desktop, Secuity Camera's, Etc...

Would i turn off the VPN on the router also?

You said the outside interface of the firewall will use my public IP address. Do you mean one of the 13 Public LAN IP address that earthlink provided me? I just choose one of them to put on there?
0
 
wingateslCommented:
it is a little more complicated than that. we really have to take a look at all nat statements and move foreward from there.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

  • 10
  • 9
  • 6
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now