?
Solved

Looking for Firewall or UTM

Posted on 2007-11-26
7
Medium Priority
?
220 Views
Last Modified: 2010-04-17
I have been at this for a while, researching and trying to figure out what is overkill, what is not enough. Here are my companies needs:

We have 20-25 users connecting to the internet, most are wired however some are wireless. The most important aspect of the firewall is the content filtering/URL blocking etc. I have found plenty of firewalls that do this, but it seems that there is always overkill or no group policies. I want to be able to set up group policies for the users. For example, Managers can have more access than our regular employees who will be more restricted. Also, it would be nice to have some sort of log to view which computer is accessing what.

I looked at Sonicwall and Watchguard, but they seemed to be too much or had too many subscription services for what I wanted. I wouldn't mind some virus scanning capabilities, but Sonicwall requires that you have McAfee installed on the client computers and frankly, I've had bad experience with the McAfee clients so I'd rather not go there.

From another question on EE, I checked out the ZyXEL ZyWALL 5 UTM appliance, but once again, it may be overkill for just 20-25 users. From what I could tell, it did not have group policies, but it at least had "excluded"IP addresses, which I could do.

Anyone have any suggestions on what would be a better appliance to look for? I would like it to have WiFi capabilities so I can cut down the appliances from 3 to 2 ( Currently am running a Linksys router and a  Netgear attached to it as an AP)
0
Comment
Question by:gfei
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 1000 total points
ID: 20353355
Have you considered a GnatBox appliance (www.gta.com).  They start off much cheaper than some of the others, but are very functional and compare well.

I speak as a certified GnatBox admin, but also as an admin of ISA Server 2006.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 1000 total points
ID: 20353362
However, policy restrictions were IP-based when I was last using a GnatBox, so I don't know if that is what you are looking for.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 1000 total points
ID: 20353371
See http://www.gta.com/products/gb250/ for a small-business version.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:gfei
ID: 20357350
Thank you for the info, I am checking it out now. You say policy restrictions are IP-based. I do assign static IPs on the computers. I was hoping for a solution that would allow me to assign IPs or MAC addresses to a group policy and then restrict them. Is that what you are referencing?
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 1000 total points
ID: 20360608
No, none of these solutions work with Active Directory's group policy.

For these firewalls, you can assign computers (based on IP) to a set and then create firewall policy rules based on those computers.

I think there is also a client agent that allows user authentication, but I've never used it.  Of course, if you have user authentication then you can use user rules too!

Typical configurations would use DHCP to assign fixed IP addresses based on MACs, and then the firewall would assign rules based on these fixed IP address ranges.

Generally, firewalls work at Layer 3, which is IP, rather than Layer 2, which is Ethernet and is the layer at which MACs work.

If you only want to block access based on MACs, then you generally need additional support at the network switch/hub level.
0
 

Author Comment

by:gfei
ID: 20365846
Thank you for your responses. I am sorry I am not being too clear on this. My strong point in computers is certainly NOT in networking on this level.

I may have used "group policy" and made it sound like a Windows based group policy.  I speaking more  of a group  policy in the OS of the firewall.

My Linksys BEFSX41 allows for group created according to MAC address. And for these MAC addresses, I can apply certain content filtering rules. It's not very customizable but I've been able to block some of the more nuisance sites.

It seems that all the firewalls I have found that cost more money than the Linksys did do not have a group-creating ability for content filtering. Or a decent way to make exceptions. For example, we have about 10 standard employees who will only be able to access work-related sites. While about 5 managers & bosses would be given a bit more leeway. It seems most of the firewalls I have found have a "one ip address" exception. I need to be able to customize this according to the different computers accessing the internet through the firewall. I am not clear of the GB-200 is capable of that. It seems that this point is one of the most vague things I have found when it comes to firewall research.

Thank you again for all your input so far.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 1000 total points
ID: 20368346
I'm pretty sure the GB-200 does not have this limitation.  I've only used larger models myself.  Contact them directly, they're generally really good on e-mail and they'll probably help you think through what you need to do, even if you don't end up buying from them.

They can also pre-create a firewall configuration for you.

The lower end market, such as NetGear and LinkSys don't offer much in the way of features, and so you've done well to make it do what you want.  Enterprise firewalls don't work in quite the same way, but they do everything that you'll need.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question