?
Solved

Best Firwall solution for me?

Posted on 2006-10-25
13
Medium Priority
?
825 Views
Last Modified: 2013-11-16
I am the IT manaer for a medium size company.  We have about 45 computers and 3 servers on our network.  We have a NAT router firwall currently and it is closed to all ports that are not needed inbound.  I have tested this.  The firewall/router is maintained and provided by our ISP.  I recently have had an issue with a computer connecting to an outside ip address and opening 1000+ ports.  Issue explained here http://www.experts-exchange.com/Networking/Q_22036070.html
I would like another hardware firwall that I can controll and limit ourbound ports.  

Could someone suggest an easy firewall/internet appliance that is not too $$ and easy to setup and maintain?
0
Comment
Question by:jamessa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 4

Expert Comment

by:LBACIS
ID: 17807020
What is the budget something around 2000 will get you running a full statefull packet inspection low mainentance appliance and will let you grow as your needs grow.
0
 

Author Comment

by:jamessa
ID: 17807090
I would like less than that, but if that is where they start I will have to go for it.  I would have to put that on next years budget though.
0
 

Accepted Solution

by:
Westez earned 340 total points
ID: 17809211
Take a look at Checkpoints SafeOffice or VPN1 UTM Edge appliances.  I'm not sure of the price, I've heard their under a $1000.  You might try googling for firewall hardware appliances for other products that are out there.
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 
LVL 5

Assisted Solution

by:idyllicsys
idyllicsys earned 332 total points
ID: 17810559
The SonicWall TZ170 Unrestricted with the Complete Security Gateway package sells for about $1100. Or if you can wait a few weeks, they just released the TZ190 for about the same price with a faster processor and a PC Card slot for cellular dial backup.
0
 

Author Comment

by:jamessa
ID: 17811342
Does anyone have experience with checkpoint or sonicwall?
0
 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 332 total points
ID: 17812169
Take a look at Juniper's firewall or Cisco's firewall.

For you NS5gt from Juniper/PIX 501 from Cisco should do.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17812173
And yeah, it will come to you about 800 dollars.

Cheers,
Rajesh
0
 
LVL 8

Assisted Solution

by:nitadmin
nitadmin earned 332 total points
ID: 17826750
Hi jamessa,

For easy and quick configuration and best price I suggest Sonicwall TZO 170 with unlimited users.
If you willing to spend some money then go with Cisco PIX 515. However, there a steep learning curve with regard to configuring this device.

Cheers!
NITADMIN
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 332 total points
ID: 17835144
try smallest cisco pix (PIX 501)

good luck!!!!
0
 
LVL 9

Assisted Solution

by:jabiii
jabiii earned 332 total points
ID: 17850957
Personally I'd recommend the Juniper Netscreen. But the PIX is "swell" too :)

Part of choosing your FW, is what kind of support you will be utilizing, whether it be the vendor, or coming here. Your familiarity with the product, cost, performance, etc etc. All of it needs weighed in on your decision.  That's why when people post here asking for a FW. the First thing most expert's respond with, ok, what is your price range, what architecture are you going to be implementing it with, bandwidth etc etc.

Both have 10 vpn limit. Dimensions and weight are similar. But look at your performance.

CIsco 501 Security Applicance
 firewall throughput,                   60 Mbps
 3DES VPN throughput,               3 Mbps
 Concurrent connections:             7,500 (Cisco wins this one vs the 5series)
Dimensions (H x W x D): 1.0 x 6.25 x 5.5 in. (2.54 x 15.875 x 13.97 cm)
Weight: 0.75 lb (0.34 kg)

NS 5GT
Firewall performance                   75 Mbps
3DES VPN performance                20 Mbps
Deep Inspection (DI) performance 75 Mbps
Concurrent sessions                    2000
New sessions/second                  2000
Dimensions (H/W/L) 1/8.25/5 inches
1.5 lbs

C 501
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html

NS 5
https://www.juniper.net/products/integrated/dsheet/110034.pdf



Here is a checklist, granted it's from Juniper so might be slighted, but will help you compare FW's for you.
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf

Here's some 3rd party studies of FW's.
http://www.cs.nmt.edu/~cs491_02/IA/firewall%20performance_files/0312rev.htm

2006 Products of the year
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1160468_tax299825,00.html?track=NL-20&ad=543466&adg=299807

2005
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1041739,00.html

You can also search here there are plenty of other threads like this one, choosing FW's and VPN's. comparing Cisco/Juniper/Sidewinder etc.
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21704713.html

My 2 cents :)
Hope it helps.
0
 

Author Comment

by:jamessa
ID: 17862442
Wow that is good stuff.   Let me look at all of this.

Thanks
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question