What should I replace my Pix firewall with to make things easier

Posted on 2008-06-25
Medium Priority
Last Modified: 2013-11-16
My Pix firewall is getting a little long in the tooth and I would like to replace it with something that is easier to use.  I've got about 100 machines on my network, but I only have about 10 users that get on the Internet.  Right now I have one webserver running behind the firewall, but I may outsource that in the near future.  I also have Active Directory running with local DNS and DHCP setup on my Domain Controller.

I can do some basic things in the Pix, but have never found it very easy to manage.  Can I just replace it with something like a simple D-Link or Linksys router?  Will I still be protected as well?  Can I let traffic pass to my one webserver and nothing else like I can with the Pix?  Should I use DHCP on one of these devices and turn it off in Windows Server?  My goal is to simplify the network setup, make repair/replacement simple, and hopefully do it all inexpensively.  I'm preparing to switch from 2 T1's to Cavalier's Ethernet Express and I'd like to make the transition as easy as possible.

Question by:s_sykes
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 21870146
I'd go for the newer ASA - 5505 or 5510.

Expert Comment

ID: 21870403
if you want your network protected and be in a good performance and make it is easy as well then there are lots of option to sort it out this issue. First new Pix-Firewall is also good product from cisco and easy to manage. there is also an Astaro Security device. the device is Hardware Appliances,sofware appliances and virtual appliances. it will give you network security, firewall security ,mail security,web security, easy management and flexible deployment. and an other device which is cyberoam, GUI Mode web Interface with dash board, firewall Vpn, bandwidth policy surfing time policy  data policy, manage goups user authentication with AD , Antivirus with mail,pop,smtp,Imap,Http and Ftp, Anti spam with policy, traffic discoverey with live connections and daily reports etc. now its depend on your IT Budget. so now you will take a survay on these devices and decide which one is the best for your organization. i given you the options. now its depend on you.


Author Comment

ID: 21874502
I'm familiar with the Astaro appliance, but that doesn't answer the questions I have about changing  setup:
-Can I just replace the Pix with something like a simple D-Link or Linksys router?  
-Will I still be protected as well?  
-Can I let traffic pass to my one webserver and nothing else like I can with the Pix?  
-Should I use DHCP on one of these devices and turn it off in Windows Server?

Assisted Solution

Salman4u_k earned 400 total points
ID: 21875190
Yes you can replace your Pix with Linksys Router.
there is a built in Firewall Protection. you can also block or unblock anonymous internet  Requests, but by default it is enable.
you can also use access policy and block the users by mac or Ip.
dont disable your dhcp from windows server. disable the linksys modem dhcp. Recommended

Accepted Solution

packetgod earned 1600 total points
ID: 21875307
I've worked on most major firewalls out there and am certified on the main ones.  For ease of use on a firewall that is comparable to the PIX I would recommend the Juniper SSG line.  Although the new Cisco ASA firewalls are also quite easy to work with.

To answer your other questions, yes you can replace the PIX with something simple like a D-Link or Linksys router and use their firewalling capabilities.  Generally they are considered good enough for home use and can provide at least some of the functionality of the higher end firewall.  They don't provide any advanced security and really just act as a very basic statefull firewall (look for the words statefull firewall or SPI when shopping for them) with limited additional protections.

Just about all of them also allow you to setup internal services such as a web server and only allow access into that on the ports that you select (or selected from a list).

I do recommend keeping DHCP on your Windows server as you get much better integration with AD (if you use it) plus better logging and tracking of your users and systems.  DHCP on the firewall/network device/etc is only really good if you don't have a local server and even then if you can do DHCP relay back to a windows server that is also preferable.

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month11 days, 16 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question