We help IT Professionals succeed at work.

Which Gui-Based firewall should I purchase for my new Comcast Business Internet (5 Static IPs)?

I am Sr. Exchange Engineer and am setting up a lab (or two) in my home.  I ordered Comcast Business Class Internet which includes 5 static IP addresses.   I understand networking, NAT'ing, port-forwarding etc... enough to request it of our networking team so my projects can move forward ;-)  However, I will leave the command line interfaces to you networking gurus.  

I am looking for a reasonably-priced, relatively easy to configure GUI-Based Firewall with decent features.
I do not know where the balance between price and features sit.  I have heard that chicks dig sonicWALL but I am completely open to suggestions.  

Obviously, the firewall must allow me to NAT/port-forward all 5 static IP's to different hosts/ports.  Features beyond that?  I am not sure, so I turn to you folks to let me know.  Is $200 maximum (new/used) completely ridiculous?  If I need to spend more - I will.  I have the internet on its way first of next week.  I am in North Atlanta so I am open to your suggestions via any bricks & mortar, online shop (ebay etc..) or Atlanta craigslist http://atlanta.craigslist.org/sss/

Thank you so much for your time in advance!

Watch Question

Natty GregIn Theory (IT)

comodo or avast


Thank you for your reply.  
I am looking for a hardware-based solution.
I am also looking for specific recommendations (model number).
Maybe a little bit about why I should purchase that particular device.
There is a chance I will implement Microsoft's TMG in the DMZ as well.
Thanks again!

Cisco ASA, maybe $600 you could find used.  They are widely used so your internet level of support is much higher.

Sonicwalls are nice, kind of think of them as small business.  Juniper SSG/SRX you may be able to find cheap as well, but they are a different beast and I have had trouble finding great support/assistance with them even from the VAR.  They always had to Call Juniper support.

I think with an ASA you will be happy for a long time, but others may be lacking if you want to really learn the networking side more.

What is your goal?


Thank you for your reply!
I definitely do not want to learn networking - this is so I can sharpen my server skills only.  
I need something that is easy and GUI-Based.  
I do not want to dedicate more than 1 day getting this thing up and running.
So when you say small-business that sounds great - whatever will meet the needs of what I described.
Ultimately, I have no idea what I am looking for - I just know the minimum features I need and look to you to tell me what else will come in handy down the road (including which device you recommend).  So I am not kicking myself for one or two features that I should I have invested in to begin with.  
What I know now is that I need to be able to use 5 IP addresses at once and port forward/NAT.  
Perhaps a DMZ feature, as I want to run a Microsoft TMG server in my lab.  

What else do I need?
I am sure you guys know.  
To summarize, I do not want to learn networking and I need a GUI.  
This is just for a server-lab and I apologize if I did not make that clear earlier.

Thanks again!

Kind of what I thought, Sonicwalls are easy probably just a TZ105 will do it.

I again lean to Cisco, but I say that because of the amount of online community support, and they do have guis now.

NAT/Port forwarding could be accomplished on a router too, lose the firewall feature set sense you don't want to configure anyways.  Security hole yes, but it is a lab.
I agree with the Sonicwall TZ105. You can get this with a one years CGSS subscription for $357.



I notice that there is no gigabit support on the TZ-105... Is that a problem?
I suppose I would need a gigabit switch to hang off it?  I suppose the internet speeds dont need the gigabit but my LAN does.  

Any other features i need?
Comparison chart
You could upgrade to the 205, might only be a bit more than a gigabit switch addon unless you have one already.
To upgrade to a TZ205 with one year CGSS subscription would cost you $664. For the $307 difference you could certainly get a gigabyte switch. An unmanaged 5 port is $35 at Amazon, with other options for not much more.


If the throughput of the TZ105 is not an issue I would stick with that and the switch. If it is, got with the TZ205 which has a 150% improvement.
I guess you would have to decide if you need to CGSS


Purchased the TZ 105 on Ebay, new for $218 (w/ free shipping)

Thank you for the direction.
Hopefully you got the subscriptions with that purchase. Typically referred to as TotalSecure


This is just a home lab. I cannot afford the support contract with all the other stuff I am having to buy for the lab.
Is it not easy enough to configure on my own?  What will I lose by not purchasing that?
Look at the following to see what is included:


Without the basic subscriptions your TZ105 will only allow you to create access rules, but will not do any of the other security services, and not have hardware support.

Alternately you can buy just the gateway services (Gateway Anti-Malware, Intrusion Prevention and Application Control) for about $87 for one year. This does not include hardware service or firmware updates.


Will I be able to NAT and port forward 5 static IP addresses to internal private addresses without the basic?
I do not need anything fancy.  
Though this is good information to know as my sister is looking for home-business VPN solution.  I might point her in the direction you recommend.

But keep in mind that without the security services active on the Sonicwall it will be nothing more then a fancy router.

Note that your TZ105 includes one SSLVPN license that you could use if needed.