Solved

Need recommendations for a hardware firewall product for a Windows Server/DNS/IIS installion, recommendations?

Posted on 2008-06-18
5
375 Views
Last Modified: 2010-04-19
I'm setting up/fixing a network that includes DNS and domain controllers, AD, SQL Server database servers, STMP, and IIS services. My understanding is that one right way to do this is to put the Domain Controllers and database servers behind a hardware firewall and have their communications limited to a local subnet and/or trusted IPs. The load-balanced IIS gear will be exposed to the Internet.

I need three recommendations for hardware firewall products that will work for these needs, with an emphasis on a) doing what I need them to do and b) not being a total pain to work with.  I'd like to hear:

a) the el-cheapo option. What's the cheapest reasonable solution?
b) a decent midrange solution
c) the "correct" device for my needs

If you can explain briefly why you prefer one thing or another, that would be great. Thanks.  
0
Comment
Question by:kennethfine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 50 total points
ID: 21818543
a)m0n0wall built on pc platform - takes and old/reliable pc and creates a decent firewall - software is free
b)plastic linksys firewall router ... example:  wrt54g

c) cisco pix - expensive but rock solid - can be difficult to set up some times.

Just MHO though

Casey
0
 
LVL 17

Assisted Solution

by:Andres Perales
Andres Perales earned 25 total points
ID: 21818606
Mostly free - you just need a low end pc - smoothwall --http://www.smoothwall.org/
midrange - Microsoft ISA Server
high - enterprise level cisco PIX or better ASA 55XX security appliance.
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21818691
Thanks. I'm really looking for hardware: something simple, and reliable, just as a means of closing my DCs and SQL Server database systems off from the general internet. I have a sofware-based application firewall that seems to meet many of my needs for my webs. I don't want to set up and maintain another server system beyond the servers I have going already.

casedog21 is closest to the mark so far, but ideally somebody can recommend simple effective things that they've used before.

thx
0
 
LVL 15

Accepted Solution

by:
wingatesl earned 175 total points
ID: 21819073
El Cheapo -     Linksys router -  you get what you pay for or Dlink, netgear etc..

midrange - Cisco ASA 5505 or Cisco 871 Router - about the same price and can do basically the same things. The router will give you more flexibility the ASA is a basic firewall

Higher end - Cisco ASA 5510 or Cisco 2800 series router - Higher performing devices with failover capabilities, VPN acceleration.

The mid and high end products Start around $400 and get up over $3000 . The Routers can use CBAC or zone based firewalls and perform well. They also give the most features. I should also not that the 871 router can be used for failover internet connectivity as well and you can get them for ~400. Super easy to configure when you get started and grows into a religion (obviously)
0
 

Expert Comment

by:WianS
ID: 21819896
El Cheapo you can look at pfSense. The website is http://www.pfsense.com/
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
domain controllers numbers 4 110
NIC on Proliant 4 54
Password recovery software 4 53
Upgrade BIOS / EUFI at Scale 4 86
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question