Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Firewall recommendations

Posted on 2014-10-29
Last Modified: 2014-11-06
I have a client who runs a peer-to-peer network (he refuses to use servers...long story, don't ask). He is very anal about security and is in the process of upgrading parts of his network. I am now tasked with finding a firewall that meets, at a minimum, the following requirements:

Inbound/Outbound E-mail Scanning (SMTP/POP3), w/rules for attachment handling and other business requirements.

Internet websites blacklist/whitelist, granular settings by user/node/IP address. AD/DS is not and will not be used in this network.

Internet connectivity failover.

Dual power supplies, preferably hot-swappable.

Site-to-site VPN capability.

Graphical User Interface (GUI) for management. Does not want cloud management capability, if it does can it be turned off?

Thank you in advance for your recommendations/comments/snippets!!!
Question by:Yort

Expert Comment

by:Jason Johanknecht
ID: 40411198
I would recommend Checkpoint for any firewall solution.  I am not sure on the dual power supply part, but the rest they for sure will meet your needs.


Expert Comment

ID: 40411202
How would you identify users with no authentication on this site?

Internet connectivity failover - BGP routing with his own AS system or just two ISP providers without AS system just for surfing to the public network?

Author Comment

ID: 40411218
@DataPro - Thanks. I will research Checkpoint.

@Matt - I am hoping we can use static IP addresses/NetBIOS names as the means of identification. Failover would simply be two ISPs, so if the primary goes down the firewall can failover to the backup connection.
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Accepted Solution

Ben Stirling earned 500 total points
ID: 40411328
Sphos UTM formally Astaro they have some good options for the SMB

Expert Comment

ID: 40411340

For the size of your network, I would point you toward Watchguard.  Quick and easy GUI with granular control based on any number of parameters.  It will give you surfing controls based on combo of categories and specified, email control and scanning/quarantine. You can also upgrade the box for application control.

Definitely worth a look.
LVL 25

Expert Comment

ID: 40411790
You could check Fortigate, Sonic Wall,  Check-point, Juniper ..etc, A list of software/appliances:
squid www.squid-cache.org
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org
websense websense.com
eblaster eblaster.com
forti fortinet.com
SonicWall      sonicwall.com
Cyberroam      cyberoam.com
SmoothWall      smoothwall.net

Check fortinet, they have a good products such as 1500D
1. Frewall throughput minimum 40Gbps.
2. VPN throughput 17Gbps
3. Support up to 6 million concurrent sessions.
4. Support up to 2000 IPSec VPN peers.
5. At least 2x10GE SFP+ ports and 12x 10/100/1000 RJ45
6. Support VPN clustering and load balancing
7. Support Active/Active and Active/Standby HA
8. Power supply redundancy.
9. Support IPS
10. Integrated IPS throughput should not be less than 6Gbps
11. Able to provide stateful inspection capabilities
12. Able to support Network Address Translations(NAT)
13. Capable of supporting ssh, telnet web  management methods:
14. Capable of preventing Denial of Service attacks.
15. Support Virtual domains / Security zones Min. 10/250

Author Closing Comment

ID: 40426575
@Ben Stirling: Thank you. We have opted for the Sophos UTM as it has everything we need.

Thank you to everyone else for the suggestions...it is appreciated.

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to configure AT&T Netgate with Sonicwall Firewall 24 76
Sonicwall - user objects - usage 2 40
Palo Alto Networks: Truly No Hit Count? 2 81
Sonicwall SHA issue 4 40
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question