[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 556
  • Last Modified:

Which Low Cost Hardware Firewall is good for Windows Server 2008 R2 Machine

Hi, EE,

I want a Low Cost Hardware Firewall Under $100 ~ 120,

i want to secure my ERP Application which is running under Apache, MySQL, and built with Adobe Flex, Basically This ERP is Running on a Single Static IP Address which is further binded with the Free Hosts Service of  DynDNS.Org, I have Directly Connected the RJ-45 to my Onboard NIC and Configured the Server.

eg:
http://tiny.cc/MyERP                    >>>>>    URL Shortened
MyERP.dyndns.org                     >>>>>    HOST Service at DynDNS.org
http://121.131.141.151:8080/MyERP   >>>>> which further Resolves to 121.131.141.151:8080

So, i want to secure my Server 2008 which is running on a Static IP... with ability of Logs Service

Solutions Other than "Hardware FireWall"  are Highly Appreciated.
e.g.
HTTPS Encryption,
How to Implement Free SSL Certificates under Apaphe in WS 2008 R2

Please Guide me how to implement the Security in my ERP Server.

i am advanced user able to implement the given solutions By EE Members.
0
Pratik Parmar
Asked:
Pratik Parmar
  • 4
  • 3
  • 2
  • +5
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
Life is faster, easier, and (arguably) safer with a decent hardware firewall. It offloads your work to a simple device. A Cisco LinkSys RV042 is an inexpensive such device.  I would do this before maintaining a software firewall.
... Thinkpads_User
0
 
Martin_J_ParkerCommented:
I seriously doubt you will find anything man enough for the job at $120 or less.

If you've got an old PC hanging around with a couple of network cards you could set up your own firewall:
http://www.informationweek.com/news/hardware/showArticle.jhtml?articleID=197001131
0
 
John HurstBusiness Consultant (Owner)Commented:
The box I noted above is under $200 and is a very robust device that works well. ... Thinkpads_User
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
sstone55423Commented:
The Linksys offers basic firewall functionality, but is not robust enough that any auditing agency would accept it. If you are subject to GLBA, HIPAA, SOX or Federal reserve auditing, they would likely reject a low end firewall like that.  If those don;t apply to you,m then the Linksys could be a good choice.  Don't use a software firewall, an appliance is much better for many reasons.
0
 
pwindellCommented:
I agree with sstone55423.
You're looking at probably over $500 for anything close to what is needed.
Me personally,...anything worth buying is going to be over $1200.00 to maybe $1500.00, and up.

I make no distinction between software and hardware.  They are all software that runs on an OS that run on hardware.  If you have a "hardware" firewall and call support for it they are going to ask you what version of OS it is running (the firmware),..which is just software.  Now that hard drives can be purchased as a solid-state unit even that becomes an irrelevant difference now.  Tthe best firewall on the market IMO right now (everyone has opinions) is MS's Forefront TMG (formerly ISA) and it can be purchased in both a "hardware" and a "software" platform.  I'm not telling you to go out and buy that one,...I'm just giving it as an example to make a point.
0
 
Jeff MorlenNetwork EngineerCommented:
I would have to say that a used unit is not out of the question.
If you need to stay in the $100 range, you could easily get an older PIX or Netscreen 5GT appliance.
If you have a little "wiggle room" you could get yourself a newer, yet still used, FortiNet, Netscreen SSG or smaller ASA5505 appliance.

When picking a firewall you always need to have a clear idea of what it is going to do for you in your head.  If all you need is NAT functionality, then the newest and best is vast overkill.  If you need to protect your data and have VPN functionality, then you really need to look at an appliance that has the speed to handle threats in real time and is capable of supporting an IPSEC or SSL vpn.
0
 
John HurstBusiness Consultant (Owner)Commented:
Netscreen Juniper units are excellent. I use them at clients. New, they are about $500, maybe a bit more, so I did not mention them. If you can get one used at a lower price as noted above, they are really good.

... Thinkpads_User
0
 
myramuCommented:
Hello Pratikcparmar,

You can get the commercial supported firewalls for your price but you wont get the real firewall features and the capabilities.

I recommend you to choose any one of the following free open source firewall. These are free and offers features like commercial firewalls.
1. www.m0n0.ch
2. www.ipcop.org
3. www.smoothwall.org
4. www.pfsense.org
5. www.clearfoundation.com

Regarding SSL certificates, you can get it free from the following links.
1. www.cacert.org
2. cert.startcom.org

Otherwise implement your own certificate server with the following open source projects.
1. www.openca.org
2. www.openssl.org

Good Luck!
0
 
Jeff MorlenNetwork EngineerCommented:
As "myramu" indicates, an open source firewall will get the job done too.
I would recommend, from the ones listed, and unlisted, that you choose either Monowall, SmoothWall or Untangle (not listed).

Keep in mind you need to build this firewall and it is only as good as the hardware you put it on.
If you are able to purchase hardware, within your budget, I suggest a 1U rack mount server from SuperMicro (you can get them at Newegg.com or TigerDirect.com) or other vendors.

And, although you can get a certificate for free, you still need to modify your system (by adding the root certificate authority).  So, unless you are farmiliar with that, I would say that spending the money for an already trusted CA would be best... especially if you are planning on using any handheld devices with the SSL/CA.

Anyway... that's my 2 cents... again I guess...
0
 
Jeff MorlenNetwork EngineerCommented:
BTW: You can get a 10 user Juniper Networks 5GT for under $50 on eBay.
0
 
John HurstBusiness Consultant (Owner)Commented:
>>> BTW: You can get a 10 user Juniper Networks 5GT for under $50 on eBay.

Yes, and a vastly better choice than a software firewall. It will save you time (= money). ... Thinkpads_User
0
 
myramuCommented:
Please note that Net-screen 5GT is no more supported from Juniper and you wont get firmware updates.
You are in stuck if there is a bug.
To save time you can go with the pre-installed open-source devices.

You will find them here:
http://store.netgate.com/Firewalls-C2.aspx
http://www.hacom.net/catalog/pfsense

Good Luck!
0
 
Pratik ParmarAuthor Commented:
I am still in busy implementing solutions.
0
 
pwindellCommented:
No problem.  We threw a lot of options at you :-)
0
 
Pratik ParmarAuthor Commented:
The Solution Doesnot Satisfy My Needs... but gave me a lot more options to Explore
0
 
vdsITCommented:
Check this site out, it has a lot of useful information about Juniper Equipment:

http://shop.vds.com/manufacturer/1-juniper-networks.aspx

0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 3
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now