Solved

Firewall / Router Solution

Posted on 2007-03-19
4
218 Views
Last Modified: 2013-11-16
Hey gang,

I have a small business that uses an ASP (application service provider) for their main day-to-day duties.  The office staff is about 12 employees, but they also have about 10 remote users (mostly using OWA or RDP).  They are currently using a T1 for internet with 8 channels being used for voice and the rest for data.  Since they’ve migrated to the new app, the internet and application performance has come to a crawl.  Based on the calculations from the ASP on the amount of  bandwidth need per user, they’ve decided to get a 2nd T1 dedicated for the ASP.  

So, the question is, aside from spending $3500 on a Cisco 2821, is there a more cost effective firewall solution that can route all traffic destined for the ASP's IP to T1b, and everything else to T1a?   Would using 2 cheaper firewalls work if made FirewallA the DG, and then put a static route on it that said anything destined for application.aspcompany.com route to internal interface on FirewallB?

Any ideas / recommendations appreciated.
0
Comment
Question by:DMJorgensen
  • 2
4 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 18753795
Personaly opinion, get two T1's and bond them together.  Makes everybody happer, except the accountants.

A single firewall should be able to handle this easily.  You could either have two "outside" interfaces, one for T1a and one for T1b.  Or a single interface with two sub interfaces.  Either way you still have a static route for the IP address of the application server that points to the router for T1b and leave a default route pointing to the router of T1a.

However, are you getting the $3500 Cisco to connect both T1's?  If so, the the static route would go into the 2821 and you just have the firewall forward everything to the 2821.  The 2821 would then route based on going to the application server (static route) or not going to application server (default route).
0
 
LVL 5

Author Comment

by:DMJorgensen
ID: 18756039
The 2821 will definitly do what I want, but I'm looking for something that's cheaper.  This is a small business that would prefer not to spend the $3500.  Are there chearper firewalls with 1 LAN and 2 WAN ports?
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 18756273
You may want to look at the 1841.  I think it is about US$1,500.
0
 
LVL 25

Assisted Solution

by:Cyclops3590
Cyclops3590 earned 250 total points
ID: 18758326
personally I'd go with an ASA 5510.  It can easily handle what you want and for about $2000.  And please correct me if I'm wrong, but for some reason I believe the SmartNET is about $500-$600.
Default license enables 3 interfaces (plus mgmt int).  So you can have your lan and app networks.
Supports vpn very well, and gives you plenty of upgrade options, IPS module, SSL VPN, etc.
At least that's the way I'd go.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now