Solved

Best Firwall solution for me?

Posted on 2006-10-25
13
810 Views
Last Modified: 2013-11-16
I am the IT manaer for a medium size company.  We have about 45 computers and 3 servers on our network.  We have a NAT router firwall currently and it is closed to all ports that are not needed inbound.  I have tested this.  The firewall/router is maintained and provided by our ISP.  I recently have had an issue with a computer connecting to an outside ip address and opening 1000+ ports.  Issue explained here http://www.experts-exchange.com/Networking/Q_22036070.html
I would like another hardware firwall that I can controll and limit ourbound ports.  

Could someone suggest an easy firewall/internet appliance that is not too $$ and easy to setup and maintain?
0
Comment
Question by:jamessa
13 Comments
 
LVL 4

Expert Comment

by:LBACIS
ID: 17807020
What is the budget something around 2000 will get you running a full statefull packet inspection low mainentance appliance and will let you grow as your needs grow.
0
 

Author Comment

by:jamessa
ID: 17807090
I would like less than that, but if that is where they start I will have to go for it.  I would have to put that on next years budget though.
0
 

Accepted Solution

by:
Westez earned 85 total points
ID: 17809211
Take a look at Checkpoints SafeOffice or VPN1 UTM Edge appliances.  I'm not sure of the price, I've heard their under a $1000.  You might try googling for firewall hardware appliances for other products that are out there.
0
 
LVL 5

Assisted Solution

by:idyllicsys
idyllicsys earned 83 total points
ID: 17810559
The SonicWall TZ170 Unrestricted with the Complete Security Gateway package sells for about $1100. Or if you can wait a few weeks, they just released the TZ190 for about the same price with a faster processor and a PC Card slot for cellular dial backup.
0
 

Author Comment

by:jamessa
ID: 17811342
Does anyone have experience with checkpoint or sonicwall?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 32

Assisted Solution

by:rsivanandan
rsivanandan earned 83 total points
ID: 17812169
Take a look at Juniper's firewall or Cisco's firewall.

For you NS5gt from Juniper/PIX 501 from Cisco should do.

Cheers,
Rajesh
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17812173
And yeah, it will come to you about 800 dollars.

Cheers,
Rajesh
0
 
LVL 8

Assisted Solution

by:nitadmin
nitadmin earned 83 total points
ID: 17826750
Hi jamessa,

For easy and quick configuration and best price I suggest Sonicwall TZO 170 with unlimited users.
If you willing to spend some money then go with Cisco PIX 515. However, there a steep learning curve with regard to configuring this device.

Cheers!
NITADMIN
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 83 total points
ID: 17835144
try smallest cisco pix (PIX 501)

good luck!!!!
0
 
LVL 9

Assisted Solution

by:jabiii
jabiii earned 83 total points
ID: 17850957
Personally I'd recommend the Juniper Netscreen. But the PIX is "swell" too :)

Part of choosing your FW, is what kind of support you will be utilizing, whether it be the vendor, or coming here. Your familiarity with the product, cost, performance, etc etc. All of it needs weighed in on your decision.  That's why when people post here asking for a FW. the First thing most expert's respond with, ok, what is your price range, what architecture are you going to be implementing it with, bandwidth etc etc.

Both have 10 vpn limit. Dimensions and weight are similar. But look at your performance.

CIsco 501 Security Applicance
 firewall throughput,                   60 Mbps
 3DES VPN throughput,               3 Mbps
 Concurrent connections:             7,500 (Cisco wins this one vs the 5series)
Dimensions (H x W x D): 1.0 x 6.25 x 5.5 in. (2.54 x 15.875 x 13.97 cm)
Weight: 0.75 lb (0.34 kg)

NS 5GT
Firewall performance                   75 Mbps
3DES VPN performance                20 Mbps
Deep Inspection (DI) performance 75 Mbps
Concurrent sessions                    2000
New sessions/second                  2000
Dimensions (H/W/L) 1/8.25/5 inches
1.5 lbs

C 501
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_data_sheet09186a0080091b18.html

NS 5
https://www.juniper.net/products/integrated/dsheet/110034.pdf



Here is a checklist, granted it's from Juniper so might be slighted, but will help you compare FW's for you.
https://www.juniper.net/solutions/literature/buyer_guide/710008.pdf

Here's some 3rd party studies of FW's.
http://www.cs.nmt.edu/~cs491_02/IA/firewall%20performance_files/0312rev.htm

2006 Products of the year
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1160468_tax299825,00.html?track=NL-20&ad=543466&adg=299807

2005
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1041739,00.html

You can also search here there are plenty of other threads like this one, choosing FW's and VPN's. comparing Cisco/Juniper/Sidewinder etc.
http://www.experts-exchange.com/Networking/Broadband/VPN/Q_21704713.html

My 2 cents :)
Hope it helps.
0
 

Author Comment

by:jamessa
ID: 17862442
Wow that is good stuff.   Let me look at all of this.

Thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now