Solved

Firewall Recommendation for Budget Hosting

Posted on 2013-06-14
7
357 Views
Last Modified: 2013-06-20
Hi all,

We are helping a client 'test the market' for website hosting (they have identified a niche) and are curious what sort of firewall to invest in as the project is on a shoe string right now (with serious investment coming if this trial works out).

We have a single server, space in a data center with two or three static IP addreses but the ISP is insistent we provide our own firewall.  We're not concerned with VPN connectivity, fibre ports or any high end stuff but it needs to be able to handle the traffic of mail server and a few websites, blocking all ports bar the few standard web hosting services (FTP, HTTP, HTTPS, SMTP, POP, IMAP, etc).

Does anyone have any suggestions for a suitable firewall model?

Thanks for any and all help!

Bob
0
Comment
Question by:Mango-Man
  • 3
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 450 total points
ID: 39248946
Sonicwall nsa 250M - its cheap fast and will do it all


http://www.newegg.com/Product/Product.aspx?Item=N82E16833339175
0
 
LVL 1

Author Comment

by:Mango-Man
ID: 39250564
Hi Janpakula,

There seem to be many different sub models of the 250M, do you think this one would do the trick:

http://www.amazon.com/SonicWALL-NSA-250M-High-Availability/dp/B0063REGZ4/ref=sr_1_3?s=electronics&ie=UTF8&qid=1371327497&sr=1-3&keywords=sonicwall+nsa+250m

Thanks!

Bob
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 450 total points
ID: 39251002
no because This item is for a secondary/backup NSA 250M to be added to an existing NSA 250M appliance for use with HA (High Availability). This 2nd unit cannot be deployed in a single device environment and must be paired as a secondary appliance to the existing primary appliance (through the www.myDell SonicWALL.com portal).



this one would do it

http://www.amazon.com/Sonicwall-01-SSC-9755-Nsa-250M/dp/B0063REH5S/ref=sr_1_1?s=electronics&ie=UTF8&qid=1371371011&sr=1-1&keywords=nsa+250m

but you still want a security services on it which is additional charge (you don't have to have it - but it makes everything easier)



http://www.amazon.com/SonicWALL-01-SSC-4606-Cgss-250m-01SSC4606/dp/B00684L862/ref=sr_1_1?s=electronics&ie=UTF8&qid=1371371352&sr=1-1&keywords=nsa+250m+1+CGSS


if you want 2 years - it would be cheaper with newegg one


http://www.newegg.com/Product/Product.aspx?Item=N82E16833339175
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:Mango-Man
ID: 39251320
Hi Janpakula,

Many thanks again for your assistance!  So in the short terms we could buy the unit without the security services and use it as a basic firewall, then when we're ready, simply purchase the service separately?


Bob
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 450 total points
ID: 39251331
yup - you will be missing only few services - like gateway antivirus , anti spamming and content filtering - i think that geo-ip blocking/filterning  will also not work without upgrade.

you will also not have nice graphs of usage with app flow
0
 
LVL 6

Assisted Solution

by:Jelcin
Jelcin earned 50 total points
ID: 39254851
Hello,

basically you might need two things:

1. Packetfilter - that controls network traffic on lower OSI layers based on rules you create.
A packetfilter uses IPs/Ports/Interfaces/States to filter traffic. This filter can be used on the machine to be protected and also on firewall itself.

2. Intrusion Detection System (IDS) - that monitors traffic on higher level OSI layers and can detect network attacks by analysing the payload of network packet and comparing it with a database with attack patterns. As said before IDS just monitors and alarms the administrator it is not blocking the attacker from going on with the attack as Intrusion Prevention (IPS) does.
IDS can be used on the firewall itself. For IDS/IPS you need a lot of networking knowledge to correctly analyse the alerts since there can be false positives... I would be very carefull with protecting such a server with IPS because false positives can lead to blocking normal users from their daily work.

Depending on the budget and knowledge i would conside the following.
Both packet filter and IDS / IPS exist as an open source solutions or commercial solutions like the Sonicwall. The commercial solutions often use open source software and finetune it and give you support in case of problems...


For your project i would also look at virtualisation since you can run several servers on one system and also run a Firewall in a virtual machine that protects all other VMs. In this case you would not need additional hardware running the firewall.

If you would ask me i would go for virtualisation (KVM) and the sophos firewall as virtual appliance. The licencing allows you to get just the features you need.

http://www.sophos.com/en-us/products/unified/utm.aspx  (Firewall)
http://www.proxmox.com/proxmox-ve  (open source virtualisation environment - very easy to administer via web interface)
http://www.snort.org (open source IDS)
0
 
LVL 1

Author Closing Comment

by:Mango-Man
ID: 39263494
Many thanks for your help guys!
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now