[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 392
  • Last Modified:

Need help picking a hardware firewall to put my two servers behind at a colocation site

I am in the processing of installing two new servers (Dell PowerEdge 1850s, Windows Server 2003) into a colocation site.  All of our customers access our system through our website and there may be up to 50 at any one time.  My partner and I need to be able to VPN in and we will also use remote desktop to manage the servers.  Part of our site is a secure site (SSL) and we also have an FTP site.  One server is our webserver and the other is a SQL Server that the webserver pulls data from.

We do not have any highly sensitive data on these two servers (not credit card numbers or anything like that).

The device must be no taller than 1U (1.75") and would preferably be rack mountable but that is not a requirement.

I need a firewall, router, switch, NAT . . . device to put these two servers behind.  Our budget is a maximum of $1,000.

What are your suggestions?

Thanks,

Todd
0
Todd_Anderson
Asked:
Todd_Anderson
  • 4
  • 4
  • 2
  • +1
1 Solution
 
Keith AlabasterCommented:
Ideal units would be the pix 515 or an ASA unit but even these are above your budget. You'll likely have to make do with some of the better soho type units.



0
 
Todd_AndersonAuthor Commented:
I had pretty much come to that conclusion.  Anyone have a suggestions (make and model is what I am looking for) based on what we are trying to do?  Since I posted this question I talked to SonicWall and have been looking at the TZ170.  What do you think of SonicWall?

Todd
0
 
Keith AlabasterCommented:
Excellent unit. I have heard some good reviews. Although many people have logged calls on EE regarding them, this is no different to Cisco, ISA, Juniper Netscreens etc. My understanding is that they do exactly 'what is says on the tin' and you cannot really ask more than that of anything. I do not believe they are blisteringly fast so when you say you could have up to 50 people on at anytime this may be a factor you will have to play by ear. Naturally, if they are all accessing online applications with heavy transfers, you may find you need to uplift this hardware to a more commercial device. Sonic has a good name in the market though.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
jabiiiCommented:
FW's to look at. The 2 most likely for you to choose would probably be Juniper or Cisco. Both can handle everything you need, and Im not sure about the cisco price, but I know the Juniper 5 series is under 1k

Juniper 5 series. H/W/L= 1/8.25/5 Inches
inches
Firstly Juniper NetScreen FW's. They are my first choice always.
https://www.juniper.net/products/integrated/

Alot of people use the Cisco PIX so you are sure to find help if you need it.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a00800b0d85.html
Part of choosing your FW, is what kind of support you will be utilizing, whether it be the vendor, or coming here. Your familiarity with the product, cost, performance, etc etc. All of it needs weighed in on your decision.  That's why when people post here asking for a FW. the First thing most expert's respond with, ok, what is your price range, what architecture are you going to be implementing it with, bandwidth etc etc.

Here is a checklist, granted it's from Juniper so might be slighted, but will help you compare FW's for you.
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf

Here's some 3rd party studies of FW's.
http://www.cs.nmt.edu/~cs491_02/IA/firewall%20performance_files/0312rev.htm

2006 Products of the year
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1160468_tax299825,00.html?track=NL-20&ad=543466&adg=299807

2005
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1041739,00.html

You can also search here there are plenty of other threads like this one, choosing FW's and VPN's. comparing Cisco/Juniper/Sidewinder etc.
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21704713.html
0
 
Todd_AndersonAuthor Commented:
Anyone else have any suggestions or comments?
0
 
Todd_AndersonAuthor Commented:
jabiii,

I posted my request for further comments just before your post came through.  I'll take a look at your info now.

Thanks,

Todd
0
 
prueconsultingCommented:
The sonicwall product is a good product havent had any issues with them other than the normal noted ones that people point out but for 2 clients behind it you wont encounter any issues

Cisco PIX and ASA are great product lines and pretty much set and forget as far as putting them in place and letting them run. Its not uncommon to have Pix firewalls with uptimes in the years.
0
 
Todd_AndersonAuthor Commented:
Thanks everyone.  I have it narrowed down to three units.  Which one would you vote for?

  SonicWall TZ 170
  Cisco PIX 501
  Juniper NetScreen 5GT

Thanks,

Todd
0
 
Keith AlabasterCommented:
Over to you I think Jabiii :)
0
 
jabiiiCommented:
Juniper 1st
Cisco close second,

I don't have any Knowledge of the Sonicwall, but just glancing at it's spec sheet it would probably do good to.

They will all do what you ask, it really comes down to the three P's for me. Preference and Performance and Product support ::)

Tx for da points, *splits some w/Keith*

If you had oodles of money you could look at Sidewinder or the SSG/500 series from Juniper ..00..

0
 
Keith AlabasterCommented:
Cheers Jabiii. I caught them and put them in my bank <grin>
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now