Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Firewall on Budget Help

Posted on 2014-03-19
Medium Priority
Last Modified: 2014-04-28
I need a firewall first that can host multiple IP addresses:

I have 5 static at the moment with Comcast but looking for 10 shortly!

I need the firewall to be listening on the external address and forwarding to the appropriate server at the moment.

Of course, Opening ports for what is necessary.

I am hosting Web: Port 80 / 443

Share Point Team Server, Exchange server, RDP, Lync etc.

NOTE::   VPN is not critical at all!!!

Looking for 200.00 to 600.00...


A firewall that can have multiple IPS (5 or 10) on one WAN port:

Incoming coming traffic being routed to the correct server based on IP!

All info and in detail / advice is greatly appreciated...
Question by:Clint Jones
LVL 15

Expert Comment

ID: 39940602
Grab a Cisco ASA 5505 or ASA 5510 from eBay or a used computer store.
I would not, at all, recommend a consumer-grade firewall.
You can use a PC or laptop with two NICs and one of the Linux distribution firewalls.

Accepted Solution

Kent Fichtner earned 1500 total points
ID: 39940632
I absolutely agree that you don't need to buy a consumer grade firewall, but if you don't feel like setting up the Linux, you can go with a Watchguard XTM 2.  It is their smallest version and as long as you don't need a bunch of Ethernet ports it should do well.  An upgraded version can also do WiFi.  But we have the XTM5 series.  it does all the stuff you said above (routing the IPs to the correct computer, can do many different static IP addresses).

Author Comment

by:Clint Jones
ID: 39941047
I have Microsoft TMG 2010 which I know is know is no longer supported but I am all for the linux option as I do have a PC with 2 NIC's etc...

But I do want to look at both sides as I agree it seems the biggest functionality for price is watchguard and Cisco.

I am researching it but what linux application firewall are specific thinking about and looking at the above versions of the cisco and watchguard you both mentioned.

I do need a ton of ports but will need a bit if watchgaurd puts a limitation it.

ALSO and may need to open another question for this one.  I was for a few days using my netgear and asus wireless routers as the main guys and internet with wireless drops constantly.  Thinking that was the issue the traffic load.

After taking the traffic off and allowing the wireless to just be the wireless. Which is 2 laptops, 2 ipads, 2 iphones and apple tv at times. It still drops on both routers which are b,g and N. Internet on the comcast router is not dropping... Pain more than anything... I go into the asus and click around on the menus and its up again lol...

Firewall is more important but thought I would as ... Thanks so much for your help =) Clint
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

LVL 17

Expert Comment

ID: 39948935
The number of IP addresses is not a parameter to worry about when choosing firewall. Apart from features, you need to look at the bandwidth and the number of concurrent sessions.

If I were you I would chose a Juniper SRX100, which is about $500.
However, I would manage it with the CLI, since I like it and since the GUI does not yet expose all functionality.

If using GUI is a must I would go for the smallest model of FortiGate. It is even cheaper.
LVL 18

Expert Comment

by:Garry Glendown
ID: 39948949
+1 for the FortiGate ... probably one of the most easily configurable firewall as far as general functionality goes ...
Also, with the amount of intrusion attempts on web servers nowadays, adding the NGFW/UTM features will definitely reduce or completely block any hacking attempts on your servers with the IDS/IPS.
As an added benefit, you get full VPN functionality, making secured remote access easy ...
Depending on your bandwidth, something like a 30D (for higher requirements 60D) should do nicely ...
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39948978
For under $600 depending on licenses for gateway anti virus and such, you can get a sonicwall tz210. Easy to manage but powerful. A big factor I don't see mentioned yet is wan throughput. These lower end devices especially can choke on something over 30 Mbps especially with security features enabled.
LVL 18

Expert Comment

by:Garry Glendown
ID: 39949008
As a basis for selecting a device:

FG30D does 800M Firewall, 150M IPS, 30/40 M AV (which, assuming you're mainly protecting servers shouldn't be that relevant ...)
FG60D does 1.5G Firewall, 200M IPS, 35/50M AV
LVL 81

Expert Comment

ID: 39949388
For Linux firewall, fwbuilder might be an option to consider.
You of course could use iptables manually to add the rules.if you decide to do it manually,  consider using custom ip gains that you predefine and place within the appropriate builtin chains, INPUT, forward, PRE/POSTrouting, OUTPUT, MANGKE,DNAT,SNAT as appropriate.

This way you would only need to add rules to your custom chain to achieve ......

There are multi-port nics.  You could/should consider two older workstations as a cluster to provide HA router.
LVL 22

Expert Comment

ID: 39949442
A new Cisco 5505 can be found at that price range.
LVL 32

Expert Comment

ID: 39954827
pfSense is my goto firewall on a budget.  It's got a great development and support community.  It supports multiple IPs, vLANS, and even a captive portal if you want to authenticate guests in an office.

A computer with a PIII proc is all you need and 2~4GB of RAM.  


Author Comment

by:Clint Jones
ID: 39975932
I am going to try the firewalls you can put on PC's but::

If I had too without worrying about VPN's the number of?

Will the Watchguard XTM 2 do:

As I said above where can add 10 External IPs from the Comcast router then route each IP to the correct server so the external matches and routers the correct internal IP???

I am looking at a linux do think the open source or another but if had go buy one so it router 10 external IPs to exch server who would be the choose???

the watchguard seems very budgetary but not at 4000.00 the lower one XTM2 is very budgetary???  

Input please I am reading all the posts and thank you!!!

Author Comment

by:Clint Jones
ID: 40026664
using spiceworks for help as well...

Author Comment

by:Clint Jones
ID: 40026672
We have Comcast with the 13 static IP addresses. and we use most of them.

We've had three firewalls during this time.  They all were able to handle any of the static IP addresses coming inbound.

One was a WatchGuard, but I don't remember the model.  Another was a Watchguard XTM 5.

Now we have SonicWall NSA 220.

With NAT and Firewall rules , we're able to direct any of the incoming traffic by external IP Address

** Our incoming traffic comes on HTTP, HTTPS, FTP, FTP SSL Implicit.

I currently use an XTM5 series for our main firewall/router and a few XTM 2 series for remote offices and do this using 1-to-1 nat to route external ip's to internal servers. You can do this easily with the XTM 2 if it's sized properly for your environment if not look at a larger device. If you go the Watchguard route the 25, 26 and up routers have a new feature that enable them to be gateway wireless controllers. Just buy a Watchguard wireless AP (AP100 or AP200) and use your firewall as the controller...rock solid and reliable. It's also nice because since the AP is separate from the router you can place it anywhere you need it to maximize your wireless coverage.

Thinking the same seperate the wireless from the firewall

What is thoughts about xtm3 ??? Xtm 2 enough? I want monitoring and NAT of course. VPN is not as important.

I only need maybe a few. Concurrent connections and unlimited internal users are and allowing exchange, share team and web site and possible lync too work with no issues.

Able to get reporting and alerts on iPhone / iPad be great but but email to txt is fine.

There is just 5 servers, 5 pc's and the. Wireless for 2 iPhones 2 iPads and 2 laptops.

Is the environment.

Wireless drops a lot. The netgear and ASUS not that old and not using both same time just are an issue.

I need solid wireless that can keep up.

And firewall the can handle the 16 ips and NAT to each server by external ip correctly without issues

Right now the the load traffic wise is not that heavy.

But want high bandwidth efficiency. With concurrent connections etc and I'm able monitor the system for any issues from hacking to etc in the security end

So looking at enterprise level wireless and enterprise level firewall

Watch xtm 5 seems very out budget at the but the xtm 2 and xtm 3 seem doable? And then I need a wireless that can be stable. I'm looking at watch guard only because the affordability and sonicwall is more pricey and do not know much about the rest mention at top my original message.

Again all help is very very appreciated as I have to make decisions.

I'm not a big fan of Cisco or Watchguard... Based on past experiences with both these, I would not touch them with a 10ft barge pole

I would recommend either (In no order of preference)

Sonicwall - I have deployed these extensively... Good bang for the buck... Decent support.
Sophos - Never used... However, I am evaluating one of the products, and I seems rather promising.
Juniper -  A tad on the expensive side, but pretty much worth the extra penny.

ME:: Jones
pfsense seems awesome solution

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Each password manager has its own problems in dealing with certain websites and their login methods. In Part 1, I review the Top 5 Password Managers that I've found to be the best. In Part 2 we'll look at which ones co-exist together and why it'…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question