Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 409
  • Last Modified:

Best Small Biz firewall for managing outbound port policies

I want to replace our Microsoft ISA server with a Small Biz firewall such as Watchguard or SonicWall.

Our current policies limit outbound access to specific ports (least required) for each internal server or workstation and I want to do the same with a firewall appliance.  

I want the policy building and editing to be as simple as possilble.  Like with the ISA server, each internal host (or group of hosts) can have a single policy that lists all permitted outbound ports or protocols and then there is a Last-Default-Deny policy for all porrts for all hosts.

What small biz appliance is best for straight forward outbound port filtering managment

0
swb_mct
Asked:
swb_mct
  • 3
  • 3
1 Solution
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
If you're willing to look at an alternative solutions, I will recommend taking a look at Untangle (www.untangle.com), an open source network gateway considered to be a free Sonicwall alternative.

The Policy Manager is a powerful and advanced feature of the Untangle Server. Advanced Policy Management with 'Custom Racks' is a commercial or paid option on the Untangle Server. You can, however, create 'No Rack' and 'Default Rack' policies in the Open Source version.

Policy Manager
http://www.untangle.com/policy-manager
http://wiki.untangle.com/index.php/Policy_Management
0
 
swb_mctAuthor Commented:
Thanks,

The only reason I want to get rid of the ISA server is to replace the server platform for a small appliance.  I have seen and recommended the UnTangle server but it is way over-kill for our office.

I want a basic port filtering firewall for our office, equivelent to PIX but with a more intuitive management interface.  Some firwalls have simple policy management and some are messy where you have to create all sorts of objects before you can create a policy.  I am looking for "simple" port filtering management where you can see what you have and change it at a glance.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Personally, I have a dual solution I use for my home & business needs (i.e. ESXi, virtual web & e-mail servers, workstations, etc)...

1) Firewall/router is a Linksys RV016 unit -- equivalent to that of a Cisco ASA5505 unit. It has dual-WAN capability and can do access rules management.

Here's a thread/example of the RV's Access Rules:
http://www.dslreports.com/forum/r21964501-Wired-Access-Rules-in-a-rv082

2) In between the firewall/router and my internal network switch, I have an Untangle appliance running in "transparent bridge" mode. I have the web filter, e-mail filter, protocol control and IDS modules enabled.

Anything that does get past the firewall, will definitely get heavily screened/checked before getting to my internal network.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
swb_mctAuthor Commented:
The Cisco RVO16 unit looks good.  It provides the prioritized outbound access rules that I was looking for with simple policy creation and editing.  
0
 
swb_mctAuthor Commented:
Followup Question.   Does the RVO16 allow for multiple static addresses on the external interfaces.  The manual looks like it only supports 1 outside address per interface.   That is a deal breaker for me.
0
 
Michael WorshamInfrastructure / Solutions ArchitectCommented:
Honestly, I have never tried to set that up since I only have a single static IP for my environment.

You might be able to use the One-To-One NAT portion for that.

Cisco RV016 Multi WAN VPN Router
http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps9924/data_sheet_c78-501223.html
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now