?
Solved

What would be a good $1000 - $2000 firewall that will prevent most spyware, virus, and entry attacks

Posted on 2009-04-05
8
Medium Priority
?
413 Views
Last Modified: 2013-11-16
I am looking to install a new firewall system in a small-medium business and would like to install a separate VPN device which will need to negotiate through this firewall. Does anyone have a good recommendation. I would be willing to go as high as $4000, but would prefer not to due to budget constraints.
0
Comment
Question by:HutsonAssociatesIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 97

Expert Comment

by:Experienced Member
ID: 24073867
Juniper Netscreen (5GT for example) combines the firewall and VPN functions quite well and falls in the budget range in your subject. ... Thinkpads_User
0
 
LVL 4

Expert Comment

by:Multipath
ID: 24073918
I would suggest the Astaro 120 depending on user count.  It will give you spyware antivirus spam filtering VPN for both site-to-site and remote access as as a ton of other functions and IPS.  This solution is great for small to medium size buisnesses.  If you are interested in one let me know i have a contact at Astaro that will get you in touch with a reseller.
0
 
LVL 4

Expert Comment

by:Multipath
ID: 24073920
They have a great demo available for free testing if you are interested in trying it out as well.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Expert Comment

by:ccomley
ID: 24075253
You don't give us much info on the size of the proected network or the amount of traffic.... or what sort of VPN.

There's almost certainly a Sonicwall in your price range, they do built-in IPSec VPN, or a seprate SSL-VPN appliance that can sit inside the main firewall.

Their full Deep Packet Inspection system with Intrusion Prevention and Detection, Application Firewall, Viewpoint reporting, Gateway anti-virus, etc., it's a pretty comprehensive toolset.
0
 
LVL 11

Accepted Solution

by:
packetguy earned 500 total points
ID: 24078354
I configure firewalls for a living and have used all the major brands. I have no stake in one company and always recommend the best box for the client's application.

For ease of use you can't beat the Sonicwall NSA 240. It's  a very powerful box (600 Mbps stateful throughput, 150 Mbps IPsec VPN throughput, 25000 sessions at 2000 new connections/sec). List price with all the anti-virus, anti-spyware, and intrusion prevention features is about $1800, but I've seen them on the street for about $1200. You can't beat the SonicWall as an all-around good firewall at a good price.

Juniper Netscreens are somewhat faster in their high-end models, but the user interface is much less friendly and their configuration "theory" is very complex. But the netscreen firmware has many more features than the Sonicwall, and their mid-range boxes support various plug-in modules, making them more flexible. The SSG-140 is the closest fit to the Sonicwall NSA-240: 300 Mbps stateful, 100 Mbps VPN, 32000 sessions.  It costs a lot more though: $3200 list, $2500 on the street. The closest box to your price range is the $1,800 ($1400 street) SSG-20 (this price includes the security subscriptions), but that box is way slower than the Sonicwall: 160 Mbps stateful, 40 Mbps IPsec, 4000 (!) sessions.  Juniper's high-end boxes ($5,000 and up) can accommodate huge transaction volumes, which makes them good for high-volume web hosting applications. I have a couple of Juniper's in a failover configuration on a dual-gigabit Internet feed as a major data center and they never go down and never get saturated even at near link capacity.

Cisco's ASA 5500 line (successor to the PIX models) falls somewhere in between the Juniper's performance and the Sonicwall's ease of use. It's not as easy to set up as the Sonicwall but simpler than a Juniper. It's not as powerful as the  Sonicwall: 300 Mbps stateful, 170 Mbps IPsec, 9000 sessions for the ASA 5510. Alas, the price is very high at $3,500 list / $2,400 street.  In an all-Cisco shop I may recommend an ASA if the client's staff is already familiar with Cisco conventions, because the ASA integrates well with Cisco's advanced IDS tools.

A cool place to shop for firewalls is the "xxxxxGuard" sites: SonicGuard.com and CiscoGuard.com. NScreenSales.com has been good for Juniper products.

I've worked with other brands, but these are the front runners in the firewall niche. A lot depends on your specific needs. If you're protecting a small network with only 50 users, you can get a good firewall for way less than $1,000. If you don't need VPN in the firewall (you mentioned using a separate device) you can spend even less. If you provide some info on your network I can make a better recommendation.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24083769
Sonicwall is great all around. Look into licensing for the Sonicwall Pro 3060
0
 
LVL 11

Expert Comment

by:packetguy
ID: 24084083
The Sonicwall Pro line, including the 3060, has been discontinued; it was replaced by the NSA line; the NSA-240 is much more powerful than the 3060 (600 Mbps vs 290 Mbps stateful, 150 Mbps vs 50 Mbps VPN), and although it has a smaller session table (25,000 vs 131,000) it can actually handle more sessions due to its much more sophisticated state mechanics. You might find some Sonicwall Pro units remaindered by resellers, but the discounted price from the original list ($2,795 for the 3060) still can't come close to competing with the NSA line.


0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24093508
Wow, i didnt know that so thanks for the info. I might even consider replacing my current equipment now!
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question