We help IT Professionals succeed at work.

Recommandations for firewall virtual appliance?

998 Views
Last Modified: 2012-05-10
We'd like to move away from our Sonicwall, and get in to something that can be virtualized to eliminate the hardware appliance.  Does anyone have a recommendation in this regard?

It will be a VM with 3 NICs - 2x WAN (redundant, but not load balanced) and 1x LAN.

Checkpoint is out of our price range, so we are left with:

Forefront TMG (donated because we are nonprofit)
Endian
ClearOS
Untangle
Vyatta

The general populous seems to think having an MS box connected directly to the internet is a horrible idea, but I have yet to see any recorded evidence of ISA/TMG being problematic.  Anybody else?
Comment
Watch Question

Enterprise Solutions Architect
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Do the features you've listed require that the machine be a part of a domain?  I'm hesitant to put a domain member out on the internet.
Mohamed KhairyEnterprise Solutions Architect
CERTIFIED EXPERT

Commented:
If you will not in need to set or create any rules to be applied on a specific users using thier domain user credintials so you are not in need to join it as follow:

1-  if you have a group of computers joined to the domain and used by your users and want to deny the internet or specific websites on some users and enable it for others, in this case you should join the TMG to your domain or  just allowing ldap to your domain controller to get user data.

2- If  yu have a group of computers joined to the domain or member on a workgroup and used by your users and you want to set a rules for internet or any other feature but your TMG is not joined to the domain so you can use the address range  the computers to restrict or grant access and in this case you will not in need of users data just the computers IP.

Author

Commented:
Thanks for that - Forefront is currently in the lead, but I wanted to get other opinions before I made a decision.  Anyone else?
Mohamed KhairyEnterprise Solutions Architect
CERTIFIED EXPERT

Commented:
AkhaterSolutions Architect
CERTIFIED EXPERT
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
I have examined that possibility, but I do not feel our situation warrants the added complexity.  We are a small library, with about 60 concurrent users running 6x12.  I, literally, am the IT department.

Thanks for everyone's input!  We will give TMG a fair shot.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.