Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Firewall Recommendation for Budget Hosting

Posted on 2013-06-14
7
360 Views
Last Modified: 2013-06-20
Hi all,

We are helping a client 'test the market' for website hosting (they have identified a niche) and are curious what sort of firewall to invest in as the project is on a shoe string right now (with serious investment coming if this trial works out).

We have a single server, space in a data center with two or three static IP addreses but the ISP is insistent we provide our own firewall.  We're not concerned with VPN connectivity, fibre ports or any high end stuff but it needs to be able to handle the traffic of mail server and a few websites, blocking all ports bar the few standard web hosting services (FTP, HTTP, HTTPS, SMTP, POP, IMAP, etc).

Does anyone have any suggestions for a suitable firewall model?

Thanks for any and all help!

Bob
0
Comment
Question by:Mango-Man
  • 3
  • 3
7 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 450 total points
ID: 39248946
Sonicwall nsa 250M - its cheap fast and will do it all


http://www.newegg.com/Product/Product.aspx?Item=N82E16833339175
0
 
LVL 1

Author Comment

by:Mango-Man
ID: 39250564
Hi Janpakula,

There seem to be many different sub models of the 250M, do you think this one would do the trick:

http://www.amazon.com/SonicWALL-NSA-250M-High-Availability/dp/B0063REGZ4/ref=sr_1_3?s=electronics&ie=UTF8&qid=1371327497&sr=1-3&keywords=sonicwall+nsa+250m

Thanks!

Bob
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 450 total points
ID: 39251002
no because This item is for a secondary/backup NSA 250M to be added to an existing NSA 250M appliance for use with HA (High Availability). This 2nd unit cannot be deployed in a single device environment and must be paired as a secondary appliance to the existing primary appliance (through the www.myDell SonicWALL.com portal).



this one would do it

http://www.amazon.com/Sonicwall-01-SSC-9755-Nsa-250M/dp/B0063REH5S/ref=sr_1_1?s=electronics&ie=UTF8&qid=1371371011&sr=1-1&keywords=nsa+250m

but you still want a security services on it which is additional charge (you don't have to have it - but it makes everything easier)



http://www.amazon.com/SonicWALL-01-SSC-4606-Cgss-250m-01SSC4606/dp/B00684L862/ref=sr_1_1?s=electronics&ie=UTF8&qid=1371371352&sr=1-1&keywords=nsa+250m+1+CGSS


if you want 2 years - it would be cheaper with newegg one


http://www.newegg.com/Product/Product.aspx?Item=N82E16833339175
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 1

Author Comment

by:Mango-Man
ID: 39251320
Hi Janpakula,

Many thanks again for your assistance!  So in the short terms we could buy the unit without the security services and use it as a basic firewall, then when we're ready, simply purchase the service separately?


Bob
0
 
LVL 14

Assisted Solution

by:JAN PAKULA
JAN PAKULA earned 450 total points
ID: 39251331
yup - you will be missing only few services - like gateway antivirus , anti spamming and content filtering - i think that geo-ip blocking/filterning  will also not work without upgrade.

you will also not have nice graphs of usage with app flow
0
 
LVL 6

Assisted Solution

by:Jelcin
Jelcin earned 50 total points
ID: 39254851
Hello,

basically you might need two things:

1. Packetfilter - that controls network traffic on lower OSI layers based on rules you create.
A packetfilter uses IPs/Ports/Interfaces/States to filter traffic. This filter can be used on the machine to be protected and also on firewall itself.

2. Intrusion Detection System (IDS) - that monitors traffic on higher level OSI layers and can detect network attacks by analysing the payload of network packet and comparing it with a database with attack patterns. As said before IDS just monitors and alarms the administrator it is not blocking the attacker from going on with the attack as Intrusion Prevention (IPS) does.
IDS can be used on the firewall itself. For IDS/IPS you need a lot of networking knowledge to correctly analyse the alerts since there can be false positives... I would be very carefull with protecting such a server with IPS because false positives can lead to blocking normal users from their daily work.

Depending on the budget and knowledge i would conside the following.
Both packet filter and IDS / IPS exist as an open source solutions or commercial solutions like the Sonicwall. The commercial solutions often use open source software and finetune it and give you support in case of problems...


For your project i would also look at virtualisation since you can run several servers on one system and also run a Firewall in a virtual machine that protects all other VMs. In this case you would not need additional hardware running the firewall.

If you would ask me i would go for virtualisation (KVM) and the sophos firewall as virtual appliance. The licencing allows you to get just the features you need.

http://www.sophos.com/en-us/products/unified/utm.aspx  (Firewall)
http://www.proxmox.com/proxmox-ve  (open source virtualisation environment - very easy to administer via web interface)
http://www.snort.org (open source IDS)
0
 
LVL 1

Author Closing Comment

by:Mango-Man
ID: 39263494
Many thanks for your help guys!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question