Solved

Need recommendations for a hardware firewall product for a Windows Server/DNS/IIS installion, recommendations?

Posted on 2008-06-18
5
370 Views
Last Modified: 2010-04-19
I'm setting up/fixing a network that includes DNS and domain controllers, AD, SQL Server database servers, STMP, and IIS services. My understanding is that one right way to do this is to put the Domain Controllers and database servers behind a hardware firewall and have their communications limited to a local subnet and/or trusted IPs. The load-balanced IIS gear will be exposed to the Internet.

I need three recommendations for hardware firewall products that will work for these needs, with an emphasis on a) doing what I need them to do and b) not being a total pain to work with.  I'd like to hear:

a) the el-cheapo option. What's the cheapest reasonable solution?
b) a decent midrange solution
c) the "correct" device for my needs

If you can explain briefly why you prefer one thing or another, that would be great. Thanks.  
0
Comment
Question by:kennethfine
5 Comments
 
LVL 10

Assisted Solution

by:Casey Herman
Casey Herman earned 50 total points
ID: 21818543
a)m0n0wall built on pc platform - takes and old/reliable pc and creates a decent firewall - software is free
b)plastic linksys firewall router ... example:  wrt54g

c) cisco pix - expensive but rock solid - can be difficult to set up some times.

Just MHO though

Casey
0
 
LVL 17

Assisted Solution

by:Andres Perales
Andres Perales earned 25 total points
ID: 21818606
Mostly free - you just need a low end pc - smoothwall --http://www.smoothwall.org/
midrange - Microsoft ISA Server
high - enterprise level cisco PIX or better ASA 55XX security appliance.
0
 
LVL 6

Author Comment

by:kennethfine
ID: 21818691
Thanks. I'm really looking for hardware: something simple, and reliable, just as a means of closing my DCs and SQL Server database systems off from the general internet. I have a sofware-based application firewall that seems to meet many of my needs for my webs. I don't want to set up and maintain another server system beyond the servers I have going already.

casedog21 is closest to the mark so far, but ideally somebody can recommend simple effective things that they've used before.

thx
0
 
LVL 15

Accepted Solution

by:
wingatesl earned 175 total points
ID: 21819073
El Cheapo -     Linksys router -  you get what you pay for or Dlink, netgear etc..

midrange - Cisco ASA 5505 or Cisco 871 Router - about the same price and can do basically the same things. The router will give you more flexibility the ASA is a basic firewall

Higher end - Cisco ASA 5510 or Cisco 2800 series router - Higher performing devices with failover capabilities, VPN acceleration.

The mid and high end products Start around $400 and get up over $3000 . The Routers can use CBAC or zone based firewalls and perform well. They also give the most features. I should also not that the 871 router can be used for failover internet connectivity as well and you can get them for ~400. Super easy to configure when you get started and grows into a religion (obviously)
0
 

Expert Comment

by:WianS
ID: 21819896
El Cheapo you can look at pfSense. The website is http://www.pfsense.com/
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Usually shares are where we want them for our users and we tend to take them for granted. There are times, however, when those shares may disappear causing difficulty for your users. One of the first things to try is searching for files that shou…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now