rbunn
asked on
Firewall recommendation
I am looking into getting a new Firewall.
the 2 that I have been recommended are Watchgaurd firebox and CELESTIX MSA2020 ISA 2004 (Microsoft ISA Server Appliance)
Does anybody have any good reasons why I should choose one over the other?
thanks
the 2 that I have been recommended are Watchgaurd firebox and CELESTIX MSA2020 ISA 2004 (Microsoft ISA Server Appliance)
Does anybody have any good reasons why I should choose one over the other?
thanks
ASKER
Well,
The main purpose of getting this firewall is to give us some sort of failover device should our primary firewall go down.
The firebox would be configured basically the same way our current firewall is configured, and would live on the shelf until needed.
The ISA server would be configured to work as a web caching deivce and be put in place to utilize the features it offers.
Should the main firewall go down I would have an image to flash onto the ISA appliance that would be basically the same as our current firewall.
i know that the best way to do this would probably be to get another firewall like the one we have and configure them as a cluster or H/L. This method would be 2-3 times more expensive then going with either of the 2 methods that I am looking at though.
The main purpose of getting this firewall is to give us some sort of failover device should our primary firewall go down.
The firebox would be configured basically the same way our current firewall is configured, and would live on the shelf until needed.
The ISA server would be configured to work as a web caching deivce and be put in place to utilize the features it offers.
Should the main firewall go down I would have an image to flash onto the ISA appliance that would be basically the same as our current firewall.
i know that the best way to do this would probably be to get another firewall like the one we have and configure them as a cluster or H/L. This method would be 2-3 times more expensive then going with either of the 2 methods that I am looking at though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Two words...
Firewall NOD32
Dazm,
Yea that would be great but just one problem. Eset does not create firewalls, they only create the antivirus program NOD32.
Rbunn,
Both firewalls are good, but it comes down to price and knowledge. From what I’ve seen the Watchguard Firebox is more readily available and cheaper than the CELESTIX MSA2020 ISA 2004. However, the Watchguard Firebox Error logs are a bit difficult to read unless you can read Unix system logs. Besides that, the Watchguard Firebox is easy to use. The CELESTIX MSA2020 ISA 2004’s web management is not so good, and its fairly easy to use. They both have plenty of Ethernet ports. As a result, I would recommend Watchguard Firebox over the CELESTIX MSA2020 ISA 2004.
Thanks,
Freshprince27
Yea that would be great but just one problem. Eset does not create firewalls, they only create the antivirus program NOD32.
Rbunn,
Both firewalls are good, but it comes down to price and knowledge. From what I’ve seen the Watchguard Firebox is more readily available and cheaper than the CELESTIX MSA2020 ISA 2004. However, the Watchguard Firebox Error logs are a bit difficult to read unless you can read Unix system logs. Besides that, the Watchguard Firebox is easy to use. The CELESTIX MSA2020 ISA 2004’s web management is not so good, and its fairly easy to use. They both have plenty of Ethernet ports. As a result, I would recommend Watchguard Firebox over the CELESTIX MSA2020 ISA 2004.
Thanks,
Freshprince27
I don't know about that...
But i have Symantec Norton Internet Security 2006
and i have NOD32 which workslike Antivirus and Firewall
and even block more attacks than Internet Security 2006
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You also may want to try Kaspersky Anti-Hacker Firewall.
it block more things than any other firewall on the market : )
Hi rbunn
I would second the vote for using the same kit for failover that you already have in production - this will ensure you face no issues with different configs, unsupported features etc should you need to fail over. The need for different skillsets / knowledge of more than one firewall will also be removed.
To save costs you could replicate your existing config onto an identical cold standby rather than configuring them as an HA pair.
If you must go with the above options from what you have said the ISA solution will offer you better value as you will be able to make use of it's proxying / web caching features in the mean time. Having had some experience with watchguard appliances previously that option is likely to be slightly easier to configure than the ISA solution.
cheers
Kevin
I would second the vote for using the same kit for failover that you already have in production - this will ensure you face no issues with different configs, unsupported features etc should you need to fail over. The need for different skillsets / knowledge of more than one firewall will also be removed.
To save costs you could replicate your existing config onto an identical cold standby rather than configuring them as an HA pair.
If you must go with the above options from what you have said the ISA solution will offer you better value as you will be able to make use of it's proxying / web caching features in the mean time. Having had some experience with watchguard appliances previously that option is likely to be slightly easier to configure than the ISA solution.
cheers
Kevin
Netveda is the firewall you want..
This is not for your average user..this is a really nice professional verison for free...
This is not for your average user..this is a really nice professional verison for free...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I still say that if you are using brand B firewall to backup your brand A firewall you are doing nothing but asking for trouble.
How many people here would recommend using Linux as a backup to your Windows Domain Controllers and file servers because it is less expensive to have Linux boxes sitting there doing nothing when compared to setting up Window's clusters? It would be a nightmare to try and get a Linux envorment setup and keep in sync with a Windows AD and file server world and it a whole new skill set to learn.
It may seem less expensive until the day your production firewall falls over and it takes a day, or a week, or a month, to get it replaced and you find out that there are 100 changes you need to make to get the backup firewall to take over, and there are functions that your old firewall did that the backup does not do and now you have lost the ability for work to be done.
How many people here would recommend using Linux as a backup to your Windows Domain Controllers and file servers because it is less expensive to have Linux boxes sitting there doing nothing when compared to setting up Window's clusters? It would be a nightmare to try and get a Linux envorment setup and keep in sync with a Windows AD and file server world and it a whole new skill set to learn.
It may seem less expensive until the day your production firewall falls over and it takes a day, or a week, or a month, to get it replaced and you find out that there are 100 changes you need to make to get the backup firewall to take over, and there are functions that your old firewall did that the backup does not do and now you have lost the ability for work to be done.
please introduce your particular situation and requirements at first. thanks.