Solved

Best firewall for site-to-site VPN, NAT, with 25 user LAN?

Posted on 2006-07-07
6
344 Views
Last Modified: 2013-11-16
I am looking for any suggestions on the best firewall that has the ability to do site-to-site VPN's, NAT to at least 2 or 3 devices, and 25 users on the LAN?  Also with the site-to-site does the site that is connecting usually have to have the same type of device?  I have never setup a site-to-site VPN before only client to site.  Watchguard is our preference because that is what my boss prefers but I have worked with Netgear, Cisco PIX, Sonicwall, and Watchguard in the past.  Any suggestions would be helpful.  Thanks.

Mitch
0
Comment
Question by:mcseipsc97
  • 2
6 Comments
 
LVL 19

Accepted Solution

by:
nodisco earned 250 total points
ID: 17059816
Hey Mitch

Its a question that appears quite a lot :
http://www.experts-exchange.com/Security/Firewalls/Q_20399700.html

http://www.experts-exchange.com/Security/Q_20317199.html

All of what you are requesting to achieve is possible with any of the above firewalls.  I would go with Cisco because support for their devices/configuration is so widely available.  Smartnet support is excellent and even if you choose not to buy long term support, there is a wealth of config help on Ciscos site and EE for e.g.

How to configure a PIX for site to site IPSec tunnel:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094761.shtml

hope this helps
0
 
LVL 13

Assisted Solution

by:hstiles
hstiles earned 250 total points
ID: 17073985
If you've used Watchguard in the past and are happy with it, then stick with it.

Site to site VPN is very straightforward with Watchguard hardware.  I have found it simple enough to set up SOHO - SOHO, Edge to Core, Core to Core, Edge to Edge, etc...

Do you require additional functionality such as UTM (Gateway AV, web blocker, spam blocker).  If so, then you would want to look at the X series of device, starting with the X700 or 550e (1 BOVPN tunnel but can upgrade to 10).  If yo requirements are pretty basic and you just need the devices for site to site VPN don't want all the extra security features, then a pair of Edges will serve you well enough.
0
 

Author Comment

by:mcseipsc97
ID: 17075381
No we don't require anything fancy.  Just need a secure connection to another site at all times.  So Watchguard Edge would give us those capabilities?
0
 
LVL 13

Expert Comment

by:hstiles
ID: 17081092
Yes.  The only other question would be throughput.  You'd need to check the Watchguard site to ensure that the throughput of each edge device will be sufficient for your link speed.  I'd be surprised if it wasn't though.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Block unwanted websites & monitor visited 8 90
Microsoft Advanced Firewall Isolation 6 78
Videos Blocked on espn.com 7 282
Need assistance with Windows Firewall rules 6 83
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in theā€¦
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question