Solved

Firewall Recommendation for Budget Hosting

Posted on 2013-06-14
7
361 Views
Last Modified: 2013-06-20
Hi all,

We are helping a client 'test the market' for website hosting (they have identified a niche) and are curious what sort of firewall to invest in as the project is on a shoe string right now (with serious investment coming if this trial works out).

We have a single server, space in a data center with two or three static IP addreses but the ISP is insistent we provide our own firewall.  We're not concerned with VPN connectivity, fibre ports or any high end stuff but it needs to be able to handle the traffic of mail server and a few websites, blocking all ports bar the few standard web hosting services (FTP, HTTP, HTTPS, SMTP, POP, IMAP, etc).

Does anyone have any suggestions for a suitable firewall model?

Thanks for any and all help!

Bob
0
Comment
Question by:Mango-Man
  • 3
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 450 total points
ID: 39248946
Sonicwall nsa 250M - its cheap fast and will do it all


http://www.newegg.com/Product/Product.aspx?Item=N82E16833339175
0
 
LVL 1

Author Comment

by:Mango-Man
ID: 39250564
Hi Janpakula,

There seem to be many different sub models of the 250M, do you think this one would do the trick:

http://www.amazon.com/SonicWALL-NSA-250M-High-Availability/dp/B0063REGZ4/ref=sr_1_3?s=electronics&ie=UTF8&qid=1371327497&sr=1-3&keywords=sonicwall+nsa+250m

Thanks!

Bob
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 450 total points
ID: 39251002
no because This item is for a secondary/backup NSA 250M to be added to an existing NSA 250M appliance for use with HA (High Availability). This 2nd unit cannot be deployed in a single device environment and must be paired as a secondary appliance to the existing primary appliance (through the www.myDell SonicWALL.com portal).



this one would do it

http://www.amazon.com/Sonicwall-01-SSC-9755-Nsa-250M/dp/B0063REH5S/ref=sr_1_1?s=electronics&ie=UTF8&qid=1371371011&sr=1-1&keywords=nsa+250m

but you still want a security services on it which is additional charge (you don't have to have it - but it makes everything easier)



http://www.amazon.com/SonicWALL-01-SSC-4606-Cgss-250m-01SSC4606/dp/B00684L862/ref=sr_1_1?s=electronics&ie=UTF8&qid=1371371352&sr=1-1&keywords=nsa+250m+1+CGSS


if you want 2 years - it would be cheaper with newegg one


http://www.newegg.com/Product/Product.aspx?Item=N82E16833339175
0
Register Today - IoT Current and Future Threats

Are you prepared to protect your organization from current and future IoT Threats?  Join our Wi-Fi expert in episode three of our webinar series for a look at the current state of Wi-Fi IoT and what may lie ahead. Register for our live webinar on April 20th at 9 am PDT!

 
LVL 1

Author Comment

by:Mango-Man
ID: 39251320
Hi Janpakula,

Many thanks again for your assistance!  So in the short terms we could buy the unit without the security services and use it as a basic firewall, then when we're ready, simply purchase the service separately?


Bob
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 450 total points
ID: 39251331
yup - you will be missing only few services - like gateway antivirus , anti spamming and content filtering - i think that geo-ip blocking/filterning  will also not work without upgrade.

you will also not have nice graphs of usage with app flow
0
 
LVL 6

Assisted Solution

by:Jelcin
Jelcin earned 50 total points
ID: 39254851
Hello,

basically you might need two things:

1. Packetfilter - that controls network traffic on lower OSI layers based on rules you create.
A packetfilter uses IPs/Ports/Interfaces/States to filter traffic. This filter can be used on the machine to be protected and also on firewall itself.

2. Intrusion Detection System (IDS) - that monitors traffic on higher level OSI layers and can detect network attacks by analysing the payload of network packet and comparing it with a database with attack patterns. As said before IDS just monitors and alarms the administrator it is not blocking the attacker from going on with the attack as Intrusion Prevention (IPS) does.
IDS can be used on the firewall itself. For IDS/IPS you need a lot of networking knowledge to correctly analyse the alerts since there can be false positives... I would be very carefull with protecting such a server with IPS because false positives can lead to blocking normal users from their daily work.

Depending on the budget and knowledge i would conside the following.
Both packet filter and IDS / IPS exist as an open source solutions or commercial solutions like the Sonicwall. The commercial solutions often use open source software and finetune it and give you support in case of problems...


For your project i would also look at virtualisation since you can run several servers on one system and also run a Firewall in a virtual machine that protects all other VMs. In this case you would not need additional hardware running the firewall.

If you would ask me i would go for virtualisation (KVM) and the sophos firewall as virtual appliance. The licencing allows you to get just the features you need.

http://www.sophos.com/en-us/products/unified/utm.aspx  (Firewall)
http://www.proxmox.com/proxmox-ve  (open source virtualisation environment - very easy to administer via web interface)
http://www.snort.org (open source IDS)
0
 
LVL 1

Author Closing Comment

by:Mango-Man
ID: 39263494
Many thanks for your help guys!
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Losing connectivity from some servers - Restore connectivity if i ping them 3 49
VoIP Polycom Phones not working 30 46
802.1x and RDP Issues 6 72
Problem to copy file 14 43
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question