Firewall Choice?

andybrooke
andybrooke used Ask the Experts™
on
Hi,

we need to buy 2 firewalls for 2 sites. We require the firewall to do:

QOS for our VOIP systems
handle multiple external IP's , So we can route external IP's to various internal servers
VPN access for remote users
Site to Site VPN acces
Handle multiple network ip ranges and also to server DHCP on both for example (192.168.1.0 & 10.1.0.1)
Able to handle a lok of concurrent sessions also setup per seconds

Also at one of the sites I'm going to have more that 300 devices but they will all be on the same netowork so I was just going to have the subnet as 255.255.255.252, so I need the DHCP server to be able to be able to server IP's like 10.0.0.1 / 10.0.2.1

I was looking at sonicwall TZ215..

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
We use Sonicwall for a majority of our firewalls as well.  The 215 should meet your needs just fine for the smaller sites.  Are you planning on running the content filter and the other security services?   if you are, you might want to look at the NSA series for the site with 300 devices, but this all depends on how much traffic those 300 devices will be sending / receiving across the sonicwall.

When you say "a lot" of concurrent sessions, how many are you talking?  The 215 will do up to 48,000 while the NSA 2400 will do up to 225,0000
You can apply qos either via tagging or via bandwidth management for voip.   Though most of our sites are connected with MPLS for voice, we do have one site that uses a site to site vpn with qos being provided by BWM and it is working fine.   Keep in mind, that voice over a public internet line with a VPN on top of it is not guaranteed regardless fo the qos you place on the traffic on the VPN.   You are at the mercy of the internet in general.

Author

Commented:
We are getting dedicated lines, 30Mb. Are the features I want all covered by the TZ215, as in the DHCP requirements I have? Also the multiple external IP's routing to internal servers on the local ip ranges.....
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Yes, you can assign X0 to be one lan interface 10.0.0.1  and X2 to be 10.0.2.1 etc  then dish out DHCP based on interface

You can create the NAT rules as you wish for external services.  we have 10 external IP's at each of our sites that are redirected to servers internally.

Author

Commented:
Yes but that would mean I need 2 physical networks? I'm just going to have a single network.

Commented:
Hi,

Take a look at Untangle.com as well it looks to have what you need and all in there free/Light products.

So all you need is to get some hardware to run it on.

//WebFooL
Yes you would need to physical networks unless you had switches in place that could handle VLANS..  You made no mention of Vlans.  Do you have manageable switches at the site where you want two networks?

Author

Commented:
Most are Dell 3048 which support Vlan. Never set one up, would I give each router its own Vlan ID that I would then in turn configure on the sonicwall to say vlanID 1 = range 10.0.1.0 ?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial