Solved

Need recommendations for a hardware firewall product for a Windows Server/DNS/IIS installion, recommendations?

Posted on 2008-06-18
5
374 Views
Last Modified: 2010-04-19
I'm setting up/fixing a network that includes DNS and domain controllers, AD, SQL Server database servers, STMP, and IIS services. My understanding is that one right way to do this is to put the Domain Controllers and database servers behind a hardware firewall and have their communications limited to a local subnet and/or trusted IPs. The load-balanced IIS gear will be exposed to the Internet.

I need three recommendations for hardware firewall products that will work for these needs, with an emphasis on a) doing what I need them to do and b) not being a total pain to work with.  I'd like to hear:

a) the el-cheapo option. What's the cheapest reasonable solution?
b) a decent midrange solution
c) the "correct" device for my needs

If you can explain briefly why you prefer one thing or another, that would be great. Thanks.  
0
Comment
Question by:kennethfine
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 50 total points
ID: 21818543
a)m0n0wall built on pc platform - takes and old/reliable pc and creates a decent firewall - software is free
b)plastic linksys firewall router ... example:  wrt54g

c) cisco pix - expensive but rock solid - can be difficult to set up some times.

Just MHO though

Casey
0
 
LVL 17

Assisted Solution

by:Andres Perales
Andres Perales earned 25 total points
ID: 21818606
Mostly free - you just need a low end pc - smoothwall --http://www.smoothwall.org/
midrange - Microsoft ISA Server
high - enterprise level cisco PIX or better ASA 55XX security appliance.
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21818691
Thanks. I'm really looking for hardware: something simple, and reliable, just as a means of closing my DCs and SQL Server database systems off from the general internet. I have a sofware-based application firewall that seems to meet many of my needs for my webs. I don't want to set up and maintain another server system beyond the servers I have going already.

casedog21 is closest to the mark so far, but ideally somebody can recommend simple effective things that they've used before.

thx
0
 
LVL 15

Accepted Solution

by:
wingatesl earned 175 total points
ID: 21819073
El Cheapo -     Linksys router -  you get what you pay for or Dlink, netgear etc..

midrange - Cisco ASA 5505 or Cisco 871 Router - about the same price and can do basically the same things. The router will give you more flexibility the ASA is a basic firewall

Higher end - Cisco ASA 5510 or Cisco 2800 series router - Higher performing devices with failover capabilities, VPN acceleration.

The mid and high end products Start around $400 and get up over $3000 . The Routers can use CBAC or zone based firewalls and perform well. They also give the most features. I should also not that the 871 router can be used for failover internet connectivity as well and you can get them for ~400. Super easy to configure when you get started and grows into a religion (obviously)
0
 

Expert Comment

by:WianS
ID: 21819896
El Cheapo you can look at pfSense. The website is http://www.pfsense.com/
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question