Solved

Looking for Firewall or UTM

Posted on 2007-11-26
7
217 Views
Last Modified: 2010-04-17
I have been at this for a while, researching and trying to figure out what is overkill, what is not enough. Here are my companies needs:

We have 20-25 users connecting to the internet, most are wired however some are wireless. The most important aspect of the firewall is the content filtering/URL blocking etc. I have found plenty of firewalls that do this, but it seems that there is always overkill or no group policies. I want to be able to set up group policies for the users. For example, Managers can have more access than our regular employees who will be more restricted. Also, it would be nice to have some sort of log to view which computer is accessing what.

I looked at Sonicwall and Watchguard, but they seemed to be too much or had too many subscription services for what I wanted. I wouldn't mind some virus scanning capabilities, but Sonicwall requires that you have McAfee installed on the client computers and frankly, I've had bad experience with the McAfee clients so I'd rather not go there.

From another question on EE, I checked out the ZyXEL ZyWALL 5 UTM appliance, but once again, it may be overkill for just 20-25 users. From what I could tell, it did not have group policies, but it at least had "excluded"IP addresses, which I could do.

Anyone have any suggestions on what would be a better appliance to look for? I would like it to have WiFi capabilities so I can cut down the appliances from 3 to 2 ( Currently am running a Linksys router and a  Netgear attached to it as an AP)
0
Comment
Question by:gfei
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 19

Accepted Solution

by:
SteveH_UK earned 250 total points
ID: 20353355
Have you considered a GnatBox appliance (www.gta.com).  They start off much cheaper than some of the others, but are very functional and compare well.

I speak as a certified GnatBox admin, but also as an admin of ISA Server 2006.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 250 total points
ID: 20353362
However, policy restrictions were IP-based when I was last using a GnatBox, so I don't know if that is what you are looking for.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 250 total points
ID: 20353371
See http://www.gta.com/products/gb250/ for a small-business version.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 

Author Comment

by:gfei
ID: 20357350
Thank you for the info, I am checking it out now. You say policy restrictions are IP-based. I do assign static IPs on the computers. I was hoping for a solution that would allow me to assign IPs or MAC addresses to a group policy and then restrict them. Is that what you are referencing?
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 250 total points
ID: 20360608
No, none of these solutions work with Active Directory's group policy.

For these firewalls, you can assign computers (based on IP) to a set and then create firewall policy rules based on those computers.

I think there is also a client agent that allows user authentication, but I've never used it.  Of course, if you have user authentication then you can use user rules too!

Typical configurations would use DHCP to assign fixed IP addresses based on MACs, and then the firewall would assign rules based on these fixed IP address ranges.

Generally, firewalls work at Layer 3, which is IP, rather than Layer 2, which is Ethernet and is the layer at which MACs work.

If you only want to block access based on MACs, then you generally need additional support at the network switch/hub level.
0
 

Author Comment

by:gfei
ID: 20365846
Thank you for your responses. I am sorry I am not being too clear on this. My strong point in computers is certainly NOT in networking on this level.

I may have used "group policy" and made it sound like a Windows based group policy.  I speaking more  of a group  policy in the OS of the firewall.

My Linksys BEFSX41 allows for group created according to MAC address. And for these MAC addresses, I can apply certain content filtering rules. It's not very customizable but I've been able to block some of the more nuisance sites.

It seems that all the firewalls I have found that cost more money than the Linksys did do not have a group-creating ability for content filtering. Or a decent way to make exceptions. For example, we have about 10 standard employees who will only be able to access work-related sites. While about 5 managers & bosses would be given a bit more leeway. It seems most of the firewalls I have found have a "one ip address" exception. I need to be able to customize this according to the different computers accessing the internet through the firewall. I am not clear of the GB-200 is capable of that. It seems that this point is one of the most vague things I have found when it comes to firewall research.

Thank you again for all your input so far.
0
 
LVL 19

Assisted Solution

by:SteveH_UK
SteveH_UK earned 250 total points
ID: 20368346
I'm pretty sure the GB-200 does not have this limitation.  I've only used larger models myself.  Contact them directly, they're generally really good on e-mail and they'll probably help you think through what you need to do, even if you don't end up buying from them.

They can also pre-create a firewall configuration for you.

The lower end market, such as NetGear and LinkSys don't offer much in the way of features, and so you've done well to make it do what you want.  Enterprise firewalls don't work in quite the same way, but they do everything that you'll need.
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question