[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Buying a Firewall

Posted on 2006-04-26
28
Medium Priority
?
419 Views
Last Modified: 2013-11-16
I need help buying 2 hardware firewalls for my 2 offices. I have 4 servers running for now. Any suggestions would be awesome. Cheaper the better :)

My first office consits of the following

Database server
File Server/DC
Web Server
Time Clock Server

I am having a few people use VPN
I have a few people use Remote Desktop as well
I have a Netopia 4622 VPN router
I have a Netgear 48 Port Gigbyte Swith

------------------------------------------------------------------

My second office consits of the following
File Server/DC

Barricade Broadband Router SMC7008ABR (NO VPN)
24 port Netgear Gigabyte Switch

Thanks for the help


0
Comment
Question by:hcl1
  • 10
  • 9
  • 6
  • +1
27 Comments
 
LVL 9

Accepted Solution

by:
jabiii earned 1000 total points
ID: 16548790
Read through this. for help making your decision.
http://searchsecurity.techtarget.com/generic/0,295582,sid14_gci1093527,00.html?track=NL-422&ad=548051USCA

Reference this post.
http://www.experts-exchange.com/Security/Firewalls/Q_21811815.html

Link to them.
http://www.juniper.net/products/integrated/


I highly recommend Juniper Netscreen FW/VPN's.

I've got quite a few of them fielded, a few Cisco's, and even a few old Alcatels. I'd take the Juniper everytime.
0
 

Author Comment

by:hcl1
ID: 16552981
I looked at the Juniper FW but really cant find any prices for them.

Would the following work for my second office? How do these connect? Would i plug it into the switch or T1 Router? Would this even work with a T1 line?
Linksys EtherFast Cable/DSL Firewall Router with 4 Port Switch/VPN Endpoint

My first office is the more important one but i would still like to stay around $500 or less.


Thanks again
0
 
LVL 9

Assisted Solution

by:jabiii
jabiii earned 1000 total points
ID: 16553085
the NS 5GT has a couple modles. one of the 5GT modles has DSL built in. so you can plug it straight in. They also have 4 ports on the trusted side, you can plug directly in there, or plug the switch in, whichever fits your needs.

Data Sheet for the GT
https://www.juniper.net/products/integrated/dsheet/110034.pdf

main office.
T1 speed=1.544Mbps
NS5GT FW performance = 75Mbps.

Prices varry on where you get it from. I think a lot of people here have found the Pix 501 and NS to range between 400-600.
But here's one link I just googled. http://www.nscreensales.com/
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 9

Expert Comment

by:jabiii
ID: 16553161
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16553188
0
 

Author Comment

by:hcl1
ID: 16580215
How about a FireBox SOHO 6 Firewall - 10 User License? I am confused on what the 10 User License is though. Does that mean that only 10 people could be on the network at one time? I have 25 computers on the local network and then it least 15-20 at any given time coming in to my web server. I also need 1-5 VPN connections at any given time.

Thanks
0
 
LVL 9

Assisted Solution

by:jabiii
jabiii earned 1000 total points
ID: 16580300
I can only speak for the NS, but a 10 user license means you have 10 people authenticate to the box. You can have as many as you want behind it that don't authenticate.
0
 
LVL 17

Expert Comment

by:Dushan De Silva
ID: 16581153
You can go to www.cisco.com and search for a reseller for the product. One of the famous would be www.cdw.com, give a search there as 'PIX 501'.

Make sure you are evaluating the license needs. For a couple more bucks, you can get unlimited.
0
 
LVL 17

Assisted Solution

by:Dushan De Silva
Dushan De Silva earned 200 total points
ID: 16581167
0
 
LVL 15

Assisted Solution

by:wingatesl
wingatesl earned 800 total points
ID: 16582621
Before purchasing a user restricted device take a look at the Cisco 800 Series routers, They do all of the firewall, vpn, routing, etc. you would ever need
http://www.cisco.com/en/US/products/hw/routers/ps380/index.html
0
 

Author Comment

by:hcl1
ID: 16606227
Well after all this information i am still undecided. Money is the big issue here. I am looking for one around $500 dollars that will do give me unlimited users and let me have it least 5 VPN users but i cant find one for that price. I guess i am asking to much. Guess i will keep looking.

Thanks
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16606510
0
 

Author Comment

by:hcl1
ID: 16606664
Thats an awesome price but i have a couple questions on it.

1. You said above to check these out before i go with a user restriction device so i take it this has unlimited users? I can have as many people as i want coming in and out?

2. It doesnt say how many VPN licenses it comes with or if i can buy any and how much.

3. Where exactly would i place this Firewall. I have a 4622 VPN T1 router which hooks right into my 48 port Gigabit Smart Switch. Would i just plug it right into my Switch? I have never had a firewall before obviously.

4. Will this work with a T1 line.. I noticed on some firewalls they only allow so much bandwidth. I would hate to loose any of my T1 speed.

Thanks again man

0
 
LVL 15

Assisted Solution

by:wingatesl
wingatesl earned 800 total points
ID: 16606723
1,2,4 = unlimited
 
3. That netopia router has a CSU installed in it. this means that it needs to be placed in a bridged mode to work
0
 

Author Comment

by:hcl1
ID: 16606933
Wow... Thats pretty cheap for everything being unlimited compared to all the other routers that charge you for these licenses. Is there any catch to this Firewall? Just seems to good to be true type of thing...

Would this do anything to the netopia router being placed in a bridged mode? I would have to get a hold of earthlink because they manage the router.

Thanks for all this info it is very much appreciated.
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16607073
Just tell earthink you want to handle NAT inside your organization ( you want a public ip). There is no catch, Cisco targeted the small business with the product.
0
 

Author Comment

by:hcl1
ID: 16607188
Oh no that sucks... I remember when i got the T1 line they didnt configure NAT on the router and they had to redo a bunch of stuff. They told me that they almost had to order a whole new line with new IP address. Would there be any way i could just use the NAT on the router instead? This might be a big hassle. Any other suggestions?
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16607209
The problem with the nat remaining on the router is the amount of control you have over the line. Technically you can get the VPNs etc. to work, but the hassle would be less if you didn't have to deal with them.
0
 
LVL 9

Expert Comment

by:jabiii
ID: 16607306
The GT above.
0
 

Author Comment

by:hcl1
ID: 16607340
I just noticed that this was a router just like the Netopia router i have. Does an actual firewall do the same thing? Would i have to put my router in bridged mode for any firewall? I am just looking for anyway i can get around having to mess with the netopia router because earthlink can be a hassle to work with sometimes.

Thanks
0
 
LVL 15

Assisted Solution

by:wingatesl
wingatesl earned 800 total points
ID: 16607345
you still have the same issue no matter what firewall you install. If nat is being provided by earthlink you are going to sacrifice VPN efficiency, and all control of your NAT. If they give you a hard time about the NAT and configuration, you can always look at a used cisco 1700 with a T1 WIC. If it is just moving MX recods and such it would be well worth it to do so
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16607353
I was typing a response to a question you had not asked yet. you would have to deal with it no matter wich firewall you choose
Shawn
0
 

Author Comment

by:hcl1
ID: 16607396
I am going to email earthlink and ask them what all i would have to go through with taking the NAT off of the Netopia router.
0
 

Author Comment

by:hcl1
ID: 16607639
Ok this is what they told me...

Turning NAT off will not effect the WAN side but your LAN ip addresses will change to public ips. To turn it off just send in an email request to this email address.

I am not sure what they mean by the LAN IP address will change to public IPs. Are they talking about my Private LAN IP address? The ones everybody is using now 192.168.1.1-254.
0
 
LVL 15

Assisted Solution

by:wingatesl
wingatesl earned 800 total points
ID: 16607682
They mean that your firewall will now provide the 192.168.1.0 addresses and the outside interface will use your public IP

Before:


(Internet)-----------------(Netopia)---------------(switch)
                           ^public address         ^Private

After:
(Internet)-------(Netopia)--------------(Firewall)-------(Switch)
                                       ^Public                     ^Private
0
 

Author Comment

by:hcl1
ID: 16608540
So would my LAN Ip address change? Not my Private LAN IP addresses but the ones that our like 65.50.80.159(Example)... I have about 8 of these now setup to where they point to 8 of my Private LAN IP addresses. Mainly for PcAnywhere, Remote Desktop, Secuity Camera's, Etc...

Would i turn off the VPN on the router also?

You said the outside interface of the firewall will use my public IP address. Do you mean one of the 13 Public LAN IP address that earthlink provided me? I just choose one of them to put on there?
0
 
LVL 15

Expert Comment

by:wingatesl
ID: 16609862
it is a little more complicated than that. we really have to take a look at all nat statements and move foreward from there.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question