Solved

Looking for small firewall device for isolating hosts on LAN

Posted on 2006-10-23
5
583 Views
Last Modified: 2013-11-16
Hi all,

I'm looking for a cost-effective firewall/router/switch solution to enable us to isolate specific LAN hosts or small subnets from the rest of our LAN. The idea being to provide third-parties access to those hosts but prevent them from potentially attacking other hosts on our network.

We already have a solution for providing the remote access but just need to isolate the hosts/small subnets.

The ideal device would have 4 or 5 ethernet ports and allow us to set fairly simple rules between hosts on those ports and our LAN, along the lines of...

From : Secure Access Device     To: Isolated Servers           Service : PCAnywhere ? MS Terminal ? Citrix ? HTTP ?
From : Isolated Server - Port 1   To: LAN                            Service : FTP
From : Isolated Server - Port 2   To: LAN                            Service: SMTP

Additionally the device might do some simple static routing.

There are plenty device out there that can do this but they also tend to do a lot more besides so the cost can often become quite prohibitive. The above is all we really need this box to do. We were hoping to find something in the £400/$750 range. Equally we also prefer to avoid buying small SOHO type devices for every single host/subnet we want to isolate.

Is there such a box out there? Any help would be greatly appreciated.

TIA.
0
Comment
Question by:rj-smith
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 4

Expert Comment

by:Jeb911
ID: 17789516
Netgear FVS318  The best device to do what you need...

Or this one... http://www.netgear.com/Products/VPNandSSL/WiredVPNFirewallRouters/FR114P.aspx

-JEB
0
 
LVL 6

Expert Comment

by:nexissteve
ID: 17790294
Or you could use open source.

http://m0n0.ch/wall/

All you need is the hardware.

Cheers

S
0
 
LVL 6

Author Comment

by:rj-smith
ID: 17801616
Thanks for your responses guys.

Jeb911: Have you used these NetGear products for a similar scenario? It does look like these firewalls would achieve our basic objectives but is there any control over traffic between the LAN ports? Ideally we'd like to set rules there or at the very least isolate each LAN port so that devices on the LAN ports can communicate with each other.

Nexissteve: We had thought about the open source route but would prefer not to go down that road at this point.
0
 
LVL 15

Accepted Solution

by:
Jeff Perkins earned 75 total points
ID: 17827147
Try Sonic Wall TZ170, it is setup to accept more than one subnet and gives you all the control you need. I've got a couple of networks I maintain setup with these.
0
 
LVL 4

Expert Comment

by:Jeb911
ID: 19506907
Please clean up this article...

-JEB
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question