Go Premium for a chance to win a PS4. Enter to Win


Firewall recommendations

Posted on 2014-10-29
Medium Priority
Last Modified: 2014-11-06
I have a client who runs a peer-to-peer network (he refuses to use servers...long story, don't ask). He is very anal about security and is in the process of upgrading parts of his network. I am now tasked with finding a firewall that meets, at a minimum, the following requirements:

Inbound/Outbound E-mail Scanning (SMTP/POP3), w/rules for attachment handling and other business requirements.

Internet websites blacklist/whitelist, granular settings by user/node/IP address. AD/DS is not and will not be used in this network.

Internet connectivity failover.

Dual power supplies, preferably hot-swappable.

Site-to-site VPN capability.

Graphical User Interface (GUI) for management. Does not want cloud management capability, if it does can it be turned off?

Thank you in advance for your recommendations/comments/snippets!!!
Question by:Yort

Expert Comment

by:Jason Johanknecht
ID: 40411198
I would recommend Checkpoint for any firewall solution.  I am not sure on the dual power supply part, but the rest they for sure will meet your needs.


Expert Comment

ID: 40411202
How would you identify users with no authentication on this site?

Internet connectivity failover - BGP routing with his own AS system or just two ISP providers without AS system just for surfing to the public network?

Author Comment

ID: 40411218
@DataPro - Thanks. I will research Checkpoint.

@Matt - I am hoping we can use static IP addresses/NetBIOS names as the means of identification. Failover would simply be two ISPs, so if the primary goes down the firewall can failover to the backup connection.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Accepted Solution

Ben Stirling earned 2000 total points
ID: 40411328
Sphos UTM formally Astaro they have some good options for the SMB

Expert Comment

ID: 40411340

For the size of your network, I would point you toward Watchguard.  Quick and easy GUI with granular control based on any number of parameters.  It will give you surfing controls based on combo of categories and specified, email control and scanning/quarantine. You can also upgrade the box for application control.

Definitely worth a look.
LVL 25

Expert Comment

ID: 40411790
You could check Fortigate, Sonic Wall,  Check-point, Juniper ..etc, A list of software/appliances:
squid www.squid-cache.org
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org
websense websense.com
eblaster eblaster.com
forti fortinet.com
SonicWall      sonicwall.com
Cyberroam      cyberoam.com
SmoothWall      smoothwall.net

Check fortinet, they have a good products such as 1500D
1. Frewall throughput minimum 40Gbps.
2. VPN throughput 17Gbps
3. Support up to 6 million concurrent sessions.
4. Support up to 2000 IPSec VPN peers.
5. At least 2x10GE SFP+ ports and 12x 10/100/1000 RJ45
6. Support VPN clustering and load balancing
7. Support Active/Active and Active/Standby HA
8. Power supply redundancy.
9. Support IPS
10. Integrated IPS throughput should not be less than 6Gbps
11. Able to provide stateful inspection capabilities
12. Able to support Network Address Translations(NAT)
13. Capable of supporting ssh, telnet web  management methods:
14. Capable of preventing Denial of Service attacks.
15. Support Virtual domains / Security zones Min. 10/250

Author Closing Comment

ID: 40426575
@Ben Stirling: Thank you. We have opted for the Sophos UTM as it has everything we need.

Thank you to everyone else for the suggestions...it is appreciated.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question