Solved

Best VPN firewalls

Posted on 2010-08-23
9
407 Views
Last Modified: 2012-05-10
I have a corportate HQ and two (more to come) branch offices that I need to tie together.  My main objective is to get the servers talking on the same domain/forest.  If someone has a secure way to accomplish this without a VPN, I would love to hear it.  Otherwise, what is the best firewall/VPN solution?  I've looked at WatchGuard and SonicWall. Thoughts?
0
Comment
Question by:MasterComputing
9 Comments
 
LVL 8

Expert Comment

by:ZombieAutopsy
ID: 33501829
One way to connect the office would be a Poitn-to-Point T-1. thats how i have  one of mine. The other few are setup on VPN tunnels using a Cisco ASA 5510.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 33501921
VPN tunnel at the router level is probably the most flexible.

What about Dial in VPN in the future ?

I personally prefer the Netscreen ( juiper ) routers, reasonably priced and very powerful.
Even an NS 5 GT 201 or similar on ebay can handle 25 simultaneous  VPN tunnels - $70 - $170 each

There are newer models also available as the SSG series if needed.

I hope this helps !
0
 
LVL 3

Accepted Solution

by:
darthcontra earned 250 total points
ID: 33502015
Personally, I would look at a Cisco ASA or integrated services router for the main office.
For the branch offices it would depend on number of users, but either a smaller ASA or possibly the Linksys RVO42 router.

You are talking 3 sites currently with more to come.  Do you have an idea for how many more?  This will determine the requirements of the main office device.
0
 
LVL 4

Expert Comment

by:mrbrain646
ID: 33502032
If you dont want to do VPN, use a dedicated ethernet drop. MPLS TLS from verizon. Other providers should have something similar.

For VPN i would go with cisco asa or the cheaper route would be sonicwall.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 8

Expert Comment

by:jimmyray7
ID: 33502091
MPLS or Point-toPoint T1 will get you the connectivity without the overhead of VPN, at the expense of potentially higher monthly costs.  Since it sounds like these are somewhat permanent locations, it might be worth looking into.

If you decide to go the VPN route, Sonicwall firewalls are very price competitive and offer a lot of other valuable features.
0
 
LVL 18

Expert Comment

by:deimark
ID: 33502158
Have a look at Check Point UTM-1 appliances, especially the smaller Edge boxes
http://www.checkpoint.com/products/utm-1_edge

or Juniper small SSG/SRX range
http://www.juniper.net/us/en/products-services/security/srx-series/
http://www.juniper.net/us/en/products-services/security/ssg-series/

The Newer SSGs and SRX tend to be a bit more expensive than the older NS5GTs as mentioned above.  The 5GTs are still great little bits of kit but if official vendor support is a requirement then I would not consider them.

Both of these vendors provide very good enterprise level solutions with a similar level of performance and feature parity.  Each will allow remote access VPNs, ie the dial in VPN or users to connect to the corporate LAN form hotels etc

HTH
0
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 33503464
Juniper Networks SSG series are very capable - lots of features and possibilities.  Excellent support.  Will support  plenty of VPNs

Cisco/Linksys RV042 for VPNs is a simpler approach.  I use them standalone for VPN connections.

Using fiber MPLS private connections between sites now.  No VPN but could do if desired.

Either way, all sites are on separate subnets.  So you have to decide how to handle that.
0
 
LVL 3

Expert Comment

by:jensskov
ID: 33509002
I will second to the statements that you are best off with router based VPN.

The Juniper SSG's are great products with good performance. If you are unexperienced with routers I would recommend something like ZyXEL ZyWALL USG-100 og maybe the new USG-25 or USG-50.

They are cheaper than Juniper, checkpoint, Wtachguard and sonicwall and you will not have to pay for support and upgrades.
You only pay a regular fee if you want antivirus and intrusion detection.
In my experience most people find them reasier to set up as they have wizzards for stuff like multiple WAN and for VPN setup.

But any of the products mention will be able to do the trick!

Just be aware how you set up your DNS structure and remember that traffic is routed on different subnets. If you need site to site traffic and not only site to HQ there are ways to solve that. IMO the Junipers SSG's do this the best way, but that's just my thought.


0
 

Author Closing Comment

by:MasterComputing
ID: 33521583
Thanks for all the input.  I think I'll go the Cisco ASA route.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now