Solved

Firewall recommendations

Posted on 2014-10-29
7
87 Views
Last Modified: 2014-11-06
I have a client who runs a peer-to-peer network (he refuses to use servers...long story, don't ask). He is very anal about security and is in the process of upgrading parts of his network. I am now tasked with finding a firewall that meets, at a minimum, the following requirements:

Inbound/Outbound E-mail Scanning (SMTP/POP3), w/rules for attachment handling and other business requirements.

Internet websites blacklist/whitelist, granular settings by user/node/IP address. AD/DS is not and will not be used in this network.

Internet connectivity failover.

Dual power supplies, preferably hot-swappable.

Site-to-site VPN capability.

Graphical User Interface (GUI) for management. Does not want cloud management capability, if it does can it be turned off?


Thank you in advance for your recommendations/comments/snippets!!!
0
Comment
Question by:Yort
7 Comments
 
LVL 4

Expert Comment

by:DataPro
ID: 40411198
I would recommend Checkpoint for any firewall solution.  I am not sure on the dual power supply part, but the rest they for sure will meet your needs.

Checkpoint
0
 
LVL 6

Expert Comment

by:Matt
ID: 40411202
How would you identify users with no authentication on this site?

Internet connectivity failover - BGP routing with his own AS system or just two ISP providers without AS system just for surfing to the public network?
0
 
LVL 1

Author Comment

by:Yort
ID: 40411218
@DataPro - Thanks. I will research Checkpoint.

@Matt - I am hoping we can use static IP addresses/NetBIOS names as the means of identification. Failover would simply be two ISPs, so if the primary goes down the firewall can failover to the backup connection.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 2

Accepted Solution

by:
Ben Stirling earned 500 total points
ID: 40411328
Sphos UTM formally Astaro they have some good options for the SMB
0
 
LVL 9

Expert Comment

by:stu29
ID: 40411340
Yort,

For the size of your network, I would point you toward Watchguard.  Quick and easy GUI with granular control based on any number of parameters.  It will give you surfing controls based on combo of categories and specified, email control and scanning/quarantine. You can also upgrade the box for application control.

Definitely worth a look.
0
 
LVL 25

Expert Comment

by:madunix
ID: 40411790
You could check Fortigate, Sonic Wall,  Check-point, Juniper ..etc, A list of software/appliances:
squid www.squid-cache.org
Untangle       www.untangle.com
astaro   www.astaro.com
ClearOS www.clearfoundation.com
PF www.pfsense.org
WALL m0n0.ch/wall
IPCop ipcop.org
websense websense.com
eblaster eblaster.com
forti fortinet.com
SonicWall      sonicwall.com
Cyberroam      cyberoam.com
SmoothWall      smoothwall.net

Check fortinet, they have a good products such as 1500D
http://www.fortinet.com/press_releases/2013/fortinet-disrupts-high-performance-enterprise-firewall-1500D.html
http://www.fortinet.com/solutions/unified_threat_management.html
1. Frewall throughput minimum 40Gbps.
2. VPN throughput 17Gbps
3. Support up to 6 million concurrent sessions.
4. Support up to 2000 IPSec VPN peers.
5. At least 2x10GE SFP+ ports and 12x 10/100/1000 RJ45
6. Support VPN clustering and load balancing
7. Support Active/Active and Active/Standby HA
8. Power supply redundancy.
9. Support IPS
10. Integrated IPS throughput should not be less than 6Gbps
11. Able to provide stateful inspection capabilities
12. Able to support Network Address Translations(NAT)
13. Capable of supporting ssh, telnet web  management methods:
14. Capable of preventing Denial of Service attacks.
15. Support Virtual domains / Security zones Min. 10/250
0
 
LVL 1

Author Closing Comment

by:Yort
ID: 40426575
@Ben Stirling: Thank you. We have opted for the Sophos UTM as it has everything we need.

Thank you to everyone else for the suggestions...it is appreciated.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now