Link to home
Start Free TrialLog in
Avatar of Tom Beck
Tom BeckFlag for United States of America

asked on

Do I need a hardware firewall?

For the 16 years I have been with this company there has always been a hardware firewall between the ISP's router and the internal network. But the number of employees has steadily decreased over the years so that now we have only four. Of the four, two use laptops exclusively that they take with them at the end of the day. We used to have our own Exchange server. We also used to run two servers in-house just for accounting. The accounting is now farmed out. We are down to just one Windows Server 2003 machine as a domain controller and file server. Rather than upgrade the now unsupported Server 2003 machine, we are moving everything to the cloud with Office 365. All of the workstations are Apple products and I have an additional Mac Mini that I intend to install OS X Server and Open Directory on as a domain controller.

The existing hardware firewall, a Watchguard dinosaur, no longer requires any special rules or configuration. It does have a PPTP VPN feature that I use on rare occasions though.  I need to either replace the current firewall or eliminate it completely.

Do I even need a hardware firewall?
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tom Beck

ASKER

Sorry, computer networking has never been my strong suit. You are both saying the same thing essentially I think, that an inexpensive router will give me all the security I need. The ISP provides a router with their service. I can't log into it and make any changes and so it does not in itself provide a VPN solution.

John is suggesting a router inside the ISP's router and the suggested model has the VPN capability. No doubt there are many that have that capability.

Spartan, are you saying the ISP's router is all I need or are you also suggesting I add a low end router inside the ISP's router? If just the ISP's router, how do I get the remote access?
What are you trying to remotely access as you cannot remotely access a Mac without 3rd party software. Is this your intention? You can use most cloud based remote solutions if that is what you are trying to accomplish (Teamviewer, LogMein, etc...)
Yes, I would like to be able to remotely access Macs. Although it's rare these days that I have any reason to do that. In the past I've used Splashtop 2. It allows you to use a proxy server like LogMeIn or you can VPN to the network and have a more direct connection. I found the proxy server arrangement unusable because of latency or just plain slow performance. Maybe that's just due to lousy internet speed on either or both ends. Or maybe Splashtop proxy servers are just slow or too remote to provide a good user experience. The VPN solution was at least useable.
Unless there is major latency, you rarely see that. They offer the same, or even more, level of security when it comes to remote access. VPN is a secure method however it's not exempt from breaches. I have used LogMeIn and Teamviewer for remote access and I support many PC's throughout the country using these two solutions. It would serve as a comparable alternative to VPN and the need to rely on setting up and managing this.
I'm willing to consider giving up the VPN for a service like LogMeIn or Teamviewer.

My original question about 'do I need a firewall?' seems to have changed to 'do I need a router?' Are they essentially the same thing?

Are there other good reasons to put a router inside of the ISP's router? It would give me more control over the inside network. I can choose my pool of DHCP addresses, reserve addresses if need be, separately route the three different static IP addresses I get from the ISP. For example, I'm thinking of adding some security cameras that I can access from the internet. Would it not be best to keep them on a different network?

I think I'm leaning toward John's suggestion of adding a router inside the ISP's router. The idea of having zero control over the network configuration is not sitting well with me.
I'm willing to consider giving up the VPN for a service like LogMeIn or Teamviewer.

The products we are talking about all have firewalls. Cheap routers just use NAT and no VPN, better routers have firewalls and no VPN, and entry level commercial ($350-$400) have VPN, good firewalls, good speed and long term reliability.

You can give up VPN for LogMeIn or Teamviewer also.
John,

I'm going to buy the little brother of the router you suggested, the RV320. It has the VPN feature if I decide to set it up.

I recently rewired the building with CAT6 and installed a 48 port Cisco gigabit switch so I don't need a 16 port router. Although we only have 4 employees currently, we have desks for about 30 and the owner wanted everything wired.

The price of the RV320 is only $135. No big deal if it turns out to be inadequate. The best part is, there are no annual subscriptions. I've purchased Sonicwall and Barracuda devices in the past and always cringed every time the annual subscription invoice showed up. I hate paying for things over and over again.
The RV320 and 325 are the same beast. The RV325 has 16 ports which allowed me to eliminate a switch. So the RV320 should be fine for you.

No subscription fees with the Cisco RV boxes :)
Thanks to both of you for your assistance.
You are very welcome and I was happy to help you with this.