Advice on Good Hardware Firewall

[Cleaner]

I'm running a 3com single external IP'ed firewall right now. I'm running a bunch of external applications by using a hodgepodge of different ports to make it work. I've been given the budget to buy a new firewall and make all of the web apps run on port 80 instead of the 4 different ports they run on now. The apps are on 4 differnt machines but the 3com will only forward http traffic to one internal ip. I realize that I could probably just call cisco and get a solution from them for $20,000 but I to frugal to do that. Maybe a SonicWall solution? Any suggestions?

 

[Brazen]

Originally posted by: Cleaner
I'm running a 3com single external IP'ed firewall right now. I'm running a bunch of external applications by using a hodgepodge of different ports to make it work. I've been given the budget to buy a new firewall and make all of the web apps run on port 80 instead of the 4 different ports they run on now. The apps are on 4 differnt machines but the 3com will only forward http traffic to one internal ip. I realize that I could probably just call cisco and get a solution from them for $20,000 but I to frugal to do that. Maybe a SonicWall solution? Any suggestions?

We use SonicWall. We've had problems with it though, and it's impossible to get decent support. It was only $2000, but the subscription fees get ya. When I get time, I plan on getting a 1U server and installing Linux with dansguardian for our firewall/router/content filter.

 

[Diaonic]

I used Sonicwall at my last job and it worked pretty flawless, I'm currently using a PIX 515 and I love this thing. If you have the cisco knowlege or willingness to learn I would suggest going with a PIX.

 

[n0cmonkey]

Nokia + Checkpoint

 

[Cleaner]

I've used both SonicWall and Cisco's in the past. I know that they offer models that will do the job. I was just wondering what experiences people had had with either, or another brand, and any suggestions they could offer. Thanks guys!

 

[spidey07]

I'm a big Nokia/checkpoint appliance fan, just from sheer ease of use.

 

[brentman]

I use Cisco PIX 506E's at 7 of our offices and they work great and are simple to configure and connect together. They are avaialbe for just over $1000 i think now. I haven't had any problems except minor compatibility issues connecting to a certain Checkpoint firewall, though I think Checkpoint updated their software to address the issue. I would definitely recommend the PIX to ya.

 

[vi edit]

I've used Sonic Wall appliances exclusively for the last 5 years. Latest was a 3060. It's a great midrange appliance. A snap to configure and *I* feel it's a good value for what you pay for it.

Yes, their support does suck. I've had better luck going to 3rd party Sonic Wall vendors for per-incident support if needed.

Also, their Enhanced OS is a MAJOR upgrade in features/functionality. Bumping up to the Enhanced OS makes the thing a completely different product.

 

[JackBurton]

You've got some great recommendation here. I'll throw my two cents in for a PIX 515e, but you might even be able to get away with a 506e. Just a note though, the latest PIX OS (7.0) is not supported on anything less than a PIX 515e. Cisco I believe is coming out with a "light" version of 7.0 for the ones that do not support the full 7.0 version though.

 

[SaigonK]

Cisco pix 515e, put my vote in for it, we have several of them and I like them!

 

[spidey07]

one thing to consider about nokia/checkpoint and possibly the ones Juniper bought is that they are more than firewalls.

You get VPN concentrator and SSL vpn to boot!

 

[n0cmonkey]

Originally posted by: spidey07
one thing to consider about nokia/checkpoint and possibly the ones Juniper bought is that they are more than firewalls.

You get VPN concentrator and SSL vpn to boot!

Plus good support.

The High Availability stuff is quick and easy too. 😀

 

[mparr1708]

Not hardware but some of the other suggestion arnt true hardware firewalls either...

ISA 2004

 

[Rookie]

I'll give a vote to Cyberguard... it's a 1U hardware FW based on (a hardened) SCO Unix

Very versatile and have an integrated VPN solution among MANY others.

Pix and Checkpoint are more the industry standard

 

[deadseasquirrel]

Originally posted by: spidey07
I'm a big Nokia/checkpoint appliance fan, just from sheer ease of use.

:thumbsup:

And it has SurfControl. Allows you to filter out over 5 million URLs (sexually explicit, hate, violence, gambling, hacking, etc). Not IP filtering like the PIX, or ACLs like the Netscreen/Juniper, IIRC.