• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 371
  • Last Modified:

Need a Firewall Info

I currently have a office tha has about 20 users.  We need some type of firewall solution that will be able to hold up to about 75 users in this office.  Also, the firewall needs to be able to setup Site-to-Site VPNs.  I don't want to spen a lot of money (ie Cisco) but I need something that will be able to last us.  If would like to add a little firewall for a remote site that would be nice too, but we are not looking into getting another office until a couple of months.
0
afs757
Asked:
afs757
  • 6
  • 5
  • 3
  • +2
2 Solutions
 
rsivanandanCommented:
Actually have looked into Cisco's PIX firewall 501 ? It costs you around ~600 dollars for 10 users. If you want to go for unrestricted mode, it will still only be below 1000 dollars.

Take a look, don't like it then leave it; Just wanted to bring in if you haven't noticed it yet.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/ps2031/index.html

Retailer link;

http://www.cdw.com/shop/products/default.aspx?EDC=340638

You can see in the above link that unrestricted license can be bought for 689 dollars and also take a look at the feature set.  

Cheers,
Rajesh
0
 
afs757Author Commented:
Can this firewall do content filtering?
0
 
rsivanandanCommented:
If you mean in the true sense like looking into the payload of every packet -> NO. PIX doesn't do that but it does application inspection though.

Cheers,
Rajesh
0
Rewarding opportunities for women in IT

Across the nation, technology jobs are vacant because there aren’t enough qualified professionals to fill them. With a degree from WGU, you can get the credentials it takes to become an in-demand IT professional. Plus, WGU’s IT programs include industry certifications.

 
afs757Author Commented:
So it cannot tell basically if a site is a porn site or not.
0
 
rsivanandanCommented:
That kind of feature is not available in any firewall product I guess. That is why there are big industry players like WebSense, SurfControl, N2H2 etc. PIX supports integration with these.

Cheers,
Rajesh
0
 
afs757Author Commented:
On the SonicWall stuff and the Watchguard stuff has content filtering I just don't know which one is the best choice
0
 
Keith AlabasterCommented:
PIX can do content filtering but uses links to other services such as Surfcontrol etc. ISA server is another good product that is one of the best firewalls on the market, is a full blown proxy server, an application-layer gatewayd AND handles site-to-site VPN's.

ISA at your main office, a PIX501 at your remote, this may just meet your needs.
0
 
afs757Author Commented:
But isn't ISA expensive
0
 
rsivanandanCommented:
ISA is expensive I believe but Keith knows better about it so I'll let him comment on it. Product wise, even WatchBox comes with inbuilt features from 'SurfControl'. Industry firewalls (Hardware based) are known to be better for the companies. Keith would agree to it.

With some insights (limited), ISA and PIX can do a lot of things similarly and the advantage with PIX being it is hardware based. Also I believe Sonicwall is good but haven't had any experience with it.

If you look at Juniper's Netscreen products it allows you to have multiple outgoing interfaces from the firewall and the *only* thing I don't like about PIX is that you can't have multiple interfaces in it.

Cheers,
Rajesh
0
 
r_naren22atyahooCommented:
http://www.experts-exchange.com/Security/Firewalls/Q_21878837.html
Rajesh, will you look at this post, Sorry to chase you like this

Thanks
Naren
0
 
rsivanandanCommented:
Naren,

  I haven't had the opportunity to work with 7.0 but in general I would suggest you don't go for the EDs. I'll tell you the reason, if something breaks and you call up the first thing they would want you to do is to go back to General Release and then take the case to the respective team. The PDM/ASDM team is in India and obviously you'll have the delay :-)

  Lrmoore and Giltr seems to have answered almost all the queries you had there I believe. Sorry I couldn't give any inputs man.

Cheers,
Rajesh
0
 
Keith AlabasterCommented:
Afs, no, ISA is not cheap and if this is more than you want to spend, thats fine; we can look at alternatives.
0
 
prueconsultingCommented:
You can always go the Open source routes using something like IpCop or similar.
0
 
afs757Author Commented:
Ok if I just needed a firewall (all the routing would be done by the server) for the main office.  This firewall needs to be able to support a branch office when applicable.  The amount of the users now at the office is 25 but will be up to 50 by the end of the year.And price is a bit of an issuse.  I would like it to have content filtering.  Also, would you explain the diagram of where it should go.  Thanks
0
 
afs757Author Commented:
Thanks guys.  I have chosen to go with ISA server.  I am getting another computer with Server 2003 and putting just ISA server 2004 on it.  It will sit between the Internet Connection snd the internal switch.  If any suggestions with a different setup I would appreciate it.  If I need to open another question I can.
0
 
Keith AlabasterCommented:
Sounds good to me :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now