asked on
Recommandations for firewall virtual appliance?
We'd like to move away from our Sonicwall, and get in to something that can be virtualized to eliminate the hardware appliance. Does anyone have a recommendation in this regard?
It will be a VM with 3 NICs - 2x WAN (redundant, but not load balanced) and 1x LAN.
Checkpoint is out of our price range, so we are left with:
Forefront TMG (donated because we are nonprofit)
Endian
ClearOS
Untangle
Vyatta
The general populous seems to think having an MS box connected directly to the internet is a horrible idea, but I have yet to see any recorded evidence of ISA/TMG being problematic. Anybody else?
It will be a VM with 3 NICs - 2x WAN (redundant, but not load balanced) and 1x LAN.
Checkpoint is out of our price range, so we are left with:
Forefront TMG (donated because we are nonprofit)
Endian
ClearOS
Untangle
Vyatta
The general populous seems to think having an MS box connected directly to the internet is a horrible idea, but I have yet to see any recorded evidence of ISA/TMG being problematic. Anybody else?
Microsoft Forefront ISA ServerSoftware FirewallsLinux Security
Last Comment
sbumpas
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Do the features you've listed require that the machine be a part of a domain? I'm hesitant to put a domain member out on the internet.
If you will not in need to set or create any rules to be applied on a specific users using thier domain user credintials so you are not in need to join it as follow:
1- if you have a group of computers joined to the domain and used by your users and want to deny the internet or specific websites on some users and enable it for others, in this case you should join the TMG to your domain or just allowing ldap to your domain controller to get user data.
2- If yu have a group of computers joined to the domain or member on a workgroup and used by your users and you want to set a rules for internet or any other feature but your TMG is not joined to the domain so you can use the address range the computers to restrict or grant access and in this case you will not in need of users data just the computers IP.
1- if you have a group of computers joined to the domain and used by your users and want to deny the internet or specific websites on some users and enable it for others, in this case you should join the TMG to your domain or just allowing ldap to your domain controller to get user data.
2- If yu have a group of computers joined to the domain or member on a workgroup and used by your users and you want to set a rules for internet or any other feature but your TMG is not joined to the domain so you can use the address range the computers to restrict or grant access and in this case you will not in need of users data just the computers IP.
ASKER
Thanks for that - Forefront is currently in the lead, but I wanted to get other opinions before I made a decision. Anyone else?
Check out this article too:
https://www.experts-exchange.com/Microsoft/Windows_Security/A_1928-What-is-Microsoft's-Forefront-Threat-Management-Gateway.html
It's for one of the experts here and I found it very good and will explain more things to you:
https://www.experts-exchange.com/Microsoft/Windows_Security/A_1928-What-is-Microsoft's-Forefront-Threat-Management-Gateway.html
https://www.experts-exchange.com/Microsoft/Windows_Security/A_1928-What-is-Microsoft's-Forefront-Threat-Management-Gateway.html
It's for one of the experts here and I found it very good and will explain more things to you:
https://www.experts-exchange.com/Microsoft/Windows_Security/A_1928-What-is-Microsoft's-Forefront-Threat-Management-Gateway.html
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I have examined that possibility, but I do not feel our situation warrants the added complexity. We are a small library, with about 60 concurrent users running 6x12. I, literally, am the IT department.
Thanks for everyone's input! We will give TMG a fair shot.
Thanks for everyone's input! We will give TMG a fair shot.