Firewall recommendations: <25 users?

[RockysDad]

Would somebody throw out some ideas on a firewall recomendation for my small business setup? I'll be setting up a new server in our office with SBS 2003 Premium Edition, 2 nics, with ISA running. (hopefully, anyways...)

I have four main pc's that share files and access the internet. I also have 18 win98se machines that will access a web-server program on the SBS box. I only really don't need internet access for the 18 pc's, but may be an option down the road.

I've been looking at products like Watchguard Firebox soho 6tc, Symantec 100, Check Point safe@office 105. I've been using a linkysys router with a 8 port switch built in, like you'd use at home and its worked fine. Since we're setting up a new server, I figured it was time to take a look at tougher security.

What are these boxes providing beyond what the linksys does? Why do they have user licenses? Many SBS 2003 sites recomend running ISA, and the hardware firewall, would the linksys router serve that purpose?

I'd like to understand this all a little more clearly, any help would be appreciated!

 

[Diaonic]

RockysDad,

I Work in a school district where content filtering is mandated by the state. The firewall I choose to work with was Sonic Wall. I have a network with about 800+ users an 300 shared computers. So the model i'm using a pro 200, but you can purchase smaller SOHO models. The thing about sonic wall I like is, it's fairly easy to use an scaleable to most situations. It supports:VPN,DHCP,Virus protection on Pcs connected to it( I wouldn't recommend just get norton corperate, Port forwarding, DMZ ( this would be good for your web server), Https management, Content filtering,I'm sure there are a few more things i'm forgetting..

For the most part the support they have provided has been excellent. Anyway Thought I would share my experiances with you.

 

[cmetz]

RockysDad, Firebox is bad. Also consider the Cisco PIX 501.

 

[narzy]

I would go with the Cisco PIX 501.

 

[Boscoh]

I'll third the recommendation for a PIX 501.

Or a Netscreen 5xx series (where xx denotes the different models they have in the 5 series).

 

[Southerner]

I like the Sonicwall line as well. Liked it enough to get certified in 'em.

You can search on eBay for a Webramp 700s which is a rebadged Sonicwall (original). Get one with 100 or unlimited users allowed, and you should be in good shape. E-mail me if you want one of mine (I have two sitting in boxes right now).

In general, any of the firewall appliances will be about what you're looking for. Netscreen/Sonicwall/whatever -- different versions of essentially the same thing. Pix's are nice, and are more configurable but require more knowledge (and are more prone to misconfiguration).

 

[RockysDad]

thanks for all the good info!

(1) The Cisco PIX 501 looks like a winner, although a little pricey..
(2) The webramp 700s really looks good, thanks for the tip on that one. ebay has unlimited model for $159.

Would anybody care to make the argument that my current linksys router with ISA running between it and the lan is all I really need, or is the webramp 700s advisable as a minimum? (I say webramp because its the least expensive...)

 

[RockysDad]

Cisco PIX 501 or SonicWall tz 170 or webramp 700s?

 

[Boscoh]

PIX

 

[mboy]

Snapgear SME 550. Be aware that the webramp 700 has not been support in quite a few years. The newest firmware is a few years old and they will NOT be coming out with any for it. I would say it is fine for home, I would NOT use it for business.

 

[n0cmonkey]

I setup a small office Nokia Checkpoint appliance. It was smooth and easy (I know checkpoint well enough to make it easy for me ). I'd recommend them to pretty much anyone that has the cash and the need.

Most of the office equipment (as opposed to home consumer equipment) will provide better stateful packet inspection, better support, and if you pay for it a boat load more features (HA being a big one).