Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


What should I replace my Pix firewall with to make things easier

Posted on 2008-06-25
Medium Priority
Last Modified: 2013-11-16
My Pix firewall is getting a little long in the tooth and I would like to replace it with something that is easier to use.  I've got about 100 machines on my network, but I only have about 10 users that get on the Internet.  Right now I have one webserver running behind the firewall, but I may outsource that in the near future.  I also have Active Directory running with local DNS and DHCP setup on my Domain Controller.

I can do some basic things in the Pix, but have never found it very easy to manage.  Can I just replace it with something like a simple D-Link or Linksys router?  Will I still be protected as well?  Can I let traffic pass to my one webserver and nothing else like I can with the Pix?  Should I use DHCP on one of these devices and turn it off in Windows Server?  My goal is to simplify the network setup, make repair/replacement simple, and hopefully do it all inexpensively.  I'm preparing to switch from 2 T1's to Cavalier's Ethernet Express and I'd like to make the transition as easy as possible.

Question by:s_sykes
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 21870146
I'd go for the newer ASA - 5505 or 5510.

Expert Comment

ID: 21870403
if you want your network protected and be in a good performance and make it is easy as well then there are lots of option to sort it out this issue. First new Pix-Firewall is also good product from cisco and easy to manage. there is also an Astaro Security device. the device is Hardware Appliances,sofware appliances and virtual appliances. it will give you network security, firewall security ,mail security,web security, easy management and flexible deployment. and an other device which is cyberoam, GUI Mode web Interface with dash board, firewall Vpn, bandwidth policy surfing time policy  data policy, manage goups user authentication with AD , Antivirus with mail,pop,smtp,Imap,Http and Ftp, Anti spam with policy, traffic discoverey with live connections and daily reports etc. now its depend on your IT Budget. so now you will take a survay on these devices and decide which one is the best for your organization. i given you the options. now its depend on you.


Author Comment

ID: 21874502
I'm familiar with the Astaro appliance, but that doesn't answer the questions I have about changing  setup:
-Can I just replace the Pix with something like a simple D-Link or Linksys router?  
-Will I still be protected as well?  
-Can I let traffic pass to my one webserver and nothing else like I can with the Pix?  
-Should I use DHCP on one of these devices and turn it off in Windows Server?

Assisted Solution

Salman4u_k earned 400 total points
ID: 21875190
Yes you can replace your Pix with Linksys Router.
there is a built in Firewall Protection. you can also block or unblock anonymous internet  Requests, but by default it is enable.
you can also use access policy and block the users by mac or Ip.
dont disable your dhcp from windows server. disable the linksys modem dhcp. Recommended

Accepted Solution

packetgod earned 1600 total points
ID: 21875307
I've worked on most major firewalls out there and am certified on the main ones.  For ease of use on a firewall that is comparable to the PIX I would recommend the Juniper SSG line.  Although the new Cisco ASA firewalls are also quite easy to work with.

To answer your other questions, yes you can replace the PIX with something simple like a D-Link or Linksys router and use their firewalling capabilities.  Generally they are considered good enough for home use and can provide at least some of the functionality of the higher end firewall.  They don't provide any advanced security and really just act as a very basic statefull firewall (look for the words statefull firewall or SPI when shopping for them) with limited additional protections.

Just about all of them also allow you to setup internal services such as a web server and only allow access into that on the ports that you select (or selected from a list).

I do recommend keeping DHCP on your Windows server as you get much better integration with AD (if you use it) plus better logging and tracking of your users and systems.  DHCP on the firewall/network device/etc is only really good if you don't have a local server and even then if you can do DHCP relay back to a windows server that is also preferable.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question