Solved

Firewall recommendations

Posted on 2014-10-29
7
97 Views
Last Modified: 2014-11-06
I have a client who runs a peer-to-peer network (he refuses to use servers...long story, don't ask). He is very anal about security and is in the process of upgrading parts of his network. I am now tasked with finding a firewall that meets, at a minimum, the following requirements:

Inbound/Outbound E-mail Scanning (SMTP/POP3), w/rules for attachment handling and other business requirements.

Internet websites blacklist/whitelist, granular settings by user/node/IP address. AD/DS is not and will not be used in this network.

Internet connectivity failover.

Dual power supplies, preferably hot-swappable.

Site-to-site VPN capability.

Graphical User Interface (GUI) for management. Does not want cloud management capability, if it does can it be turned off?


Thank you in advance for your recommendations/comments/snippets!!!
0
Comment
Question by:Yort
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 4

Expert Comment

by:Jason Johanknecht
ID: 40411198
I would recommend Checkpoint for any firewall solution.  I am not sure on the dual power supply part, but the rest they for sure will meet your needs.

Checkpoint
0
 
LVL 6

Expert Comment

by:Matt
ID: 40411202
How would you identify users with no authentication on this site?

Internet connectivity failover - BGP routing with his own AS system or just two ISP providers without AS system just for surfing to the public network?
0
 
LVL 1

Author Comment

by:Yort
ID: 40411218
@DataPro - Thanks. I will research Checkpoint.

@Matt - I am hoping we can use static IP addresses/NetBIOS names as the means of identification. Failover would simply be two ISPs, so if the primary goes down the firewall can failover to the backup connection.
0
Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

 
LVL 2

Accepted Solution

by:
Ben Stirling earned 500 total points
ID: 40411328
Sphos UTM formally Astaro they have some good options for the SMB
0
 
LVL 9

Expert Comment

by:stu29
ID: 40411340
Yort,

For the size of your network, I would point you toward Watchguard.  Quick and easy GUI with granular control based on any number of parameters.  It will give you surfing controls based on combo of categories and specified, email control and scanning/quarantine. You can also upgrade the box for application control.

Definitely worth a look.
0
 
LVL 25

Expert Comment

by:madunix
ID: 40411790
You could check Fortigate, Sonic Wall,  Check-point, Juniper ..etc, A list of software/appliances:
squid www.squid-cache.org
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org
websense websense.com
eblaster eblaster.com
forti fortinet.com
SonicWall      sonicwall.com
Cyberroam      cyberoam.com
SmoothWall      smoothwall.net

Check fortinet, they have a good products such as 1500D
http://www.fortinet.com/press_releases/2013/fortinet-disrupts-high-performance-enterprise-firewall-1500D.html
http://www.fortinet.com/solutions/unified_threat_management.html
1. Frewall throughput minimum 40Gbps.
2. VPN throughput 17Gbps
3. Support up to 6 million concurrent sessions.
4. Support up to 2000 IPSec VPN peers.
5. At least 2x10GE SFP+ ports and 12x 10/100/1000 RJ45
6. Support VPN clustering and load balancing
7. Support Active/Active and Active/Standby HA
8. Power supply redundancy.
9. Support IPS
10. Integrated IPS throughput should not be less than 6Gbps
11. Able to provide stateful inspection capabilities
12. Able to support Network Address Translations(NAT)
13. Capable of supporting ssh, telnet web  management methods:
14. Capable of preventing Denial of Service attacks.
15. Support Virtual domains / Security zones Min. 10/250
0
 
LVL 1

Author Closing Comment

by:Yort
ID: 40426575
@Ben Stirling: Thank you. We have opted for the Sophos UTM as it has everything we need.

Thank you to everyone else for the suggestions...it is appreciated.
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question