Need recommendations for a hardware firewall product for a Windows Server/DNS/IIS installion, recommendations?

I'm setting up/fixing a network that includes DNS and domain controllers, AD, SQL Server database servers, STMP, and IIS services. My understanding is that one right way to do this is to put the Domain Controllers and database servers behind a hardware firewall and have their communications limited to a local subnet and/or trusted IPs. The load-balanced IIS gear will be exposed to the Internet.

I need three recommendations for hardware firewall products that will work for these needs, with an emphasis on a) doing what I need them to do and b) not being a total pain to work with.  I'd like to hear:

a) the el-cheapo option. What's the cheapest reasonable solution?
b) a decent midrange solution
c) the "correct" device for my needs

If you can explain briefly why you prefer one thing or another, that would be great. Thanks.  
LVL 6
kennethfineAsked:
Who is Participating?
 
wingateslConnect With a Mentor Commented:
El Cheapo -     Linksys router -  you get what you pay for or Dlink, netgear etc..

midrange - Cisco ASA 5505 or Cisco 871 Router - about the same price and can do basically the same things. The router will give you more flexibility the ASA is a basic firewall

Higher end - Cisco ASA 5510 or Cisco 2800 series router - Higher performing devices with failover capabilities, VPN acceleration.

The mid and high end products Start around $400 and get up over $3000 . The Routers can use CBAC or zone based firewalls and perform well. They also give the most features. I should also not that the 871 router can be used for failover internet connectivity as well and you can get them for ~400. Super easy to configure when you get started and grows into a religion (obviously)
0
 
Casey HermanConnect With a Mentor Citrix EngineerCommented:
a)m0n0wall built on pc platform - takes and old/reliable pc and creates a decent firewall - software is free
b)plastic linksys firewall router ... example:  wrt54g

c) cisco pix - expensive but rock solid - can be difficult to set up some times.

Just MHO though

Casey
0
 
Andres PeralesConnect With a Mentor Commented:
Mostly free - you just need a low end pc - smoothwall --http://www.smoothwall.org/
midrange - Microsoft ISA Server
high - enterprise level cisco PIX or better ASA 55XX security appliance.
0
 
kennethfineAuthor Commented:
Thanks. I'm really looking for hardware: something simple, and reliable, just as a means of closing my DCs and SQL Server database systems off from the general internet. I have a sofware-based application firewall that seems to meet many of my needs for my webs. I don't want to set up and maintain another server system beyond the servers I have going already.

casedog21 is closest to the mark so far, but ideally somebody can recommend simple effective things that they've used before.

thx
0
 
WianSCommented:
El Cheapo you can look at pfSense. The website is http://www.pfsense.com/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.