What should I replace my Pix firewall with to make things easier

Posted on 2008-06-25
Last Modified: 2013-11-16
My Pix firewall is getting a little long in the tooth and I would like to replace it with something that is easier to use.  I've got about 100 machines on my network, but I only have about 10 users that get on the Internet.  Right now I have one webserver running behind the firewall, but I may outsource that in the near future.  I also have Active Directory running with local DNS and DHCP setup on my Domain Controller.

I can do some basic things in the Pix, but have never found it very easy to manage.  Can I just replace it with something like a simple D-Link or Linksys router?  Will I still be protected as well?  Can I let traffic pass to my one webserver and nothing else like I can with the Pix?  Should I use DHCP on one of these devices and turn it off in Windows Server?  My goal is to simplify the network setup, make repair/replacement simple, and hopefully do it all inexpensively.  I'm preparing to switch from 2 T1's to Cavalier's Ethernet Express and I'd like to make the transition as easy as possible.

Question by:s_sykes

Expert Comment

ID: 21870146
I'd go for the newer ASA - 5505 or 5510.

Expert Comment

ID: 21870403
if you want your network protected and be in a good performance and make it is easy as well then there are lots of option to sort it out this issue. First new Pix-Firewall is also good product from cisco and easy to manage. there is also an Astaro Security device. the device is Hardware Appliances,sofware appliances and virtual appliances. it will give you network security, firewall security ,mail security,web security, easy management and flexible deployment. and an other device which is cyberoam, GUI Mode web Interface with dash board, firewall Vpn, bandwidth policy surfing time policy  data policy, manage goups user authentication with AD , Antivirus with mail,pop,smtp,Imap,Http and Ftp, Anti spam with policy, traffic discoverey with live connections and daily reports etc. now its depend on your IT Budget. so now you will take a survay on these devices and decide which one is the best for your organization. i given you the options. now its depend on you.


Author Comment

ID: 21874502
I'm familiar with the Astaro appliance, but that doesn't answer the questions I have about changing  setup:
-Can I just replace the Pix with something like a simple D-Link or Linksys router?  
-Will I still be protected as well?  
-Can I let traffic pass to my one webserver and nothing else like I can with the Pix?  
-Should I use DHCP on one of these devices and turn it off in Windows Server?

Assisted Solution

Salman4u_k earned 100 total points
ID: 21875190
Yes you can replace your Pix with Linksys Router.
there is a built in Firewall Protection. you can also block or unblock anonymous internet  Requests, but by default it is enable.
you can also use access policy and block the users by mac or Ip.
dont disable your dhcp from windows server. disable the linksys modem dhcp. Recommended

Accepted Solution

packetgod earned 400 total points
ID: 21875307
I've worked on most major firewalls out there and am certified on the main ones.  For ease of use on a firewall that is comparable to the PIX I would recommend the Juniper SSG line.  Although the new Cisco ASA firewalls are also quite easy to work with.

To answer your other questions, yes you can replace the PIX with something simple like a D-Link or Linksys router and use their firewalling capabilities.  Generally they are considered good enough for home use and can provide at least some of the functionality of the higher end firewall.  They don't provide any advanced security and really just act as a very basic statefull firewall (look for the words statefull firewall or SPI when shopping for them) with limited additional protections.

Just about all of them also allow you to setup internal services such as a web server and only allow access into that on the ports that you select (or selected from a list).

I do recommend keeping DHCP on your Windows server as you get much better integration with AD (if you use it) plus better logging and tracking of your users and systems.  DHCP on the firewall/network device/etc is only really good if you don't have a local server and even then if you can do DHCP relay back to a windows server that is also preferable.

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now