Solved

What would be a good $1000 - $2000 firewall that will prevent most spyware, virus, and entry attacks

Posted on 2009-04-05
8
366 Views
Last Modified: 2013-11-16
I am looking to install a new firewall system in a small-medium business and would like to install a separate VPN device which will need to negotiate through this firewall. Does anyone have a good recommendation. I would be willing to go as high as $4000, but would prefer not to due to budget constraints.
0
Comment
Question by:HutsonAssociatesIT
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 24073867
Juniper Netscreen (5GT for example) combines the firewall and VPN functions quite well and falls in the budget range in your subject. ... Thinkpads_User
0
 
LVL 4

Expert Comment

by:Multipath
ID: 24073918
I would suggest the Astaro 120 depending on user count.  It will give you spyware antivirus spam filtering VPN for both site-to-site and remote access as as a ton of other functions and IPS.  This solution is great for small to medium size buisnesses.  If you are interested in one let me know i have a contact at Astaro that will get you in touch with a reseller.
0
 
LVL 4

Expert Comment

by:Multipath
ID: 24073920
They have a great demo available for free testing if you are interested in trying it out as well.
0
 
LVL 16

Expert Comment

by:ccomley
ID: 24075253
You don't give us much info on the size of the proected network or the amount of traffic.... or what sort of VPN.

There's almost certainly a Sonicwall in your price range, they do built-in IPSec VPN, or a seprate SSL-VPN appliance that can sit inside the main firewall.

Their full Deep Packet Inspection system with Intrusion Prevention and Detection, Application Firewall, Viewpoint reporting, Gateway anti-virus, etc., it's a pretty comprehensive toolset.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 11

Accepted Solution

by:
packetguy earned 125 total points
ID: 24078354
I configure firewalls for a living and have used all the major brands. I have no stake in one company and always recommend the best box for the client's application.

For ease of use you can't beat the Sonicwall NSA 240. It's  a very powerful box (600 Mbps stateful throughput, 150 Mbps IPsec VPN throughput, 25000 sessions at 2000 new connections/sec). List price with all the anti-virus, anti-spyware, and intrusion prevention features is about $1800, but I've seen them on the street for about $1200. You can't beat the SonicWall as an all-around good firewall at a good price.

Juniper Netscreens are somewhat faster in their high-end models, but the user interface is much less friendly and their configuration "theory" is very complex. But the netscreen firmware has many more features than the Sonicwall, and their mid-range boxes support various plug-in modules, making them more flexible. The SSG-140 is the closest fit to the Sonicwall NSA-240: 300 Mbps stateful, 100 Mbps VPN, 32000 sessions.  It costs a lot more though: $3200 list, $2500 on the street. The closest box to your price range is the $1,800 ($1400 street) SSG-20 (this price includes the security subscriptions), but that box is way slower than the Sonicwall: 160 Mbps stateful, 40 Mbps IPsec, 4000 (!) sessions.  Juniper's high-end boxes ($5,000 and up) can accommodate huge transaction volumes, which makes them good for high-volume web hosting applications. I have a couple of Juniper's in a failover configuration on a dual-gigabit Internet feed as a major data center and they never go down and never get saturated even at near link capacity.

Cisco's ASA 5500 line (successor to the PIX models) falls somewhere in between the Juniper's performance and the Sonicwall's ease of use. It's not as easy to set up as the Sonicwall but simpler than a Juniper. It's not as powerful as the  Sonicwall: 300 Mbps stateful, 170 Mbps IPsec, 9000 sessions for the ASA 5510. Alas, the price is very high at $3,500 list / $2,400 street.  In an all-Cisco shop I may recommend an ASA if the client's staff is already familiar with Cisco conventions, because the ASA integrates well with Cisco's advanced IDS tools.

A cool place to shop for firewalls is the "xxxxxGuard" sites: SonicGuard.com and CiscoGuard.com. NScreenSales.com has been good for Juniper products.

I've worked with other brands, but these are the front runners in the firewall niche. A lot depends on your specific needs. If you're protecting a small network with only 50 users, you can get a good firewall for way less than $1,000. If you don't need VPN in the firewall (you mentioned using a separate device) you can spend even less. If you provide some info on your network I can make a better recommendation.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24083769
Sonicwall is great all around. Look into licensing for the Sonicwall Pro 3060
0
 
LVL 11

Expert Comment

by:packetguy
ID: 24084083
The Sonicwall Pro line, including the 3060, has been discontinued; it was replaced by the NSA line; the NSA-240 is much more powerful than the 3060 (600 Mbps vs 290 Mbps stateful, 150 Mbps vs 50 Mbps VPN), and although it has a smaller session table (25,000 vs 131,000) it can actually handle more sessions due to its much more sophisticated state mechanics. You might find some Sonicwall Pro units remaindered by resellers, but the discounted price from the original list ($2,795 for the 3060) still can't come close to competing with the NSA line.


0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24093508
Wow, i didnt know that so thanks for the info. I might even consider replacing my current equipment now!
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Malware seems to be getting smarter and smarter. If you are having trouble being able to launch your malware removal tools such as (and recommended): MalwareBytes, HiJackThis, ComboFix, etc. you can try some of the workarounds listed below. 1. Ma…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now