Our firewall at work is fried! Help me find a new one!

Dec 27, 2001
11,272
1
0
Bottom line: Our firewall, a PIX 506, is toast. We may be able to have it repaired, but I've taken this opportunity to get funding for a new firewall with a GUI interface instead of all that damn cryptic Cisco nonsense.

I can't spend over $1000 and I'd like built-in VPN. Doesn't have to have switches, but they'd be a plus. DMZ would be a huge plus.

Anybody have experience with any firewalls in this price range that you'd recommend? Currently, I'm looking at D-Link and Symantec which both look better than the equivalent Netgear or Sonicwall products.
 

vi edit

Elite Member
Super Moderator
Oct 28, 1999
62,484
8,344
126
Try the networking forum...assuming the mods don't move the post before then.
 
Dec 27, 2001
11,272
1
0
how the hell do you break a firewall?

You drop it off a 10 story building. But thats not what I did. The damn thing just won't power on. It's probably fixable if it's just something inside that came loose or fried or whatever. But, like I said, I've wanted something else for a while anyway, so this is an opportunity.
 

Skyclad1uhm1

Lifer
Aug 10, 2001
11,383
87
91
OpenBSD? Or for more userfriendlyness NetBSD/FreeBSD?

Wouldn't need an expensive machine for it either, so if you have anyone with knowledge of Linux or *BSD it is fairly easy as well as cheap to do.
 

phatcow

Platinum Member
Nov 25, 2000
2,266
0
0
we have a sonicwall pro... the one that rackmounts....


i really dont like the thing.. it has crashed on us twice too much, plus its not robust enough...

PLUS they limit the amount of VPN connections soyou have to buy more....


the PIX's include more off the bat.
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Raptor is supposed to be nice, but I think (havent looked at it enough to find out) its only for NT. Plus, symantec scares me now... :/

SideWinder is a great firewall.

Checkpoint has a gui....

OpenBSD + PF is nice. And there are guis for it now (not that it matters, its easy enough without them).

Linux + IPTables is supposed to be good.

FreeBSD/NetBSD with IPF wouldnt be bad.
 

beer

Lifer
Jun 27, 2000
11,169
1
0
up

Interested for other opinions, especially on the SonicWall. Ours has never crashed...wonderin if we're the only ones out there!
 

lowtech1

Diamond Member
Mar 9, 2000
4,644
1
0

What are you looking for in a firewall?
Most modern firewall comes with a GUI & DMZ.
If you have time & want a firewall that have all of the tools that you will ever wanted then a Linux or Unix box will do the job.
If you don't have time to learn, but want all the tools with lots of cash then a Pix or Checkpoint firewall will do.
If you don't want to spend time looking at the network trafics or intrusion detection & don't mind the shell/text format layout then a router such as D-links, Linksys & Netopia that have VPN & DMZ will do the job.
Another thing is to look for network through put if you want some thing that is greater than 3 mb/s (but that is an if you can aford a T3 or fiber line).
 

lowtech1

Diamond Member
Mar 9, 2000
4,644
1
0
There is almost no firewall that can be had for a $1000.

Here ya go IBR-680 price at $90.00 from Pricewatch, and it have browser base management to boot. No IPsec, only PPPoE, PPP, PAP & CHAP.

Here is the D-Link DI-707 at $95.00 from Pricewatch that have DMZ & IPsec.

You can get Netopia at about $300.00-400.00, and it also support IPsec/DMZ.

If you have have time an old 386 + a floppy & FreeSCO or the a like would do, or a pentium & a hdd would get you GUI galore + IDS, maps & charts. And it is all free on your favorite Linux or Unix system :D
 

phatcow

Platinum Member
Nov 25, 2000
2,266
0
0
when he means firewall, i think he means somethng with stateful packet inspection.


The PIX will support it, as well as the lower end Sonicwalls. Even that cute yellow symantec thing supports it.. Those are under a grand....



you cant buy a REAL GOOD firewall for under a grand... you can by a decent one... it depends on the size of your network..


how big is it?
 

beer

Lifer
Jun 27, 2000
11,169
1
0
Originally posted by: lowtech
There is almost no firewall that can be had for a $1000.

Here ya go IBR-680 price at $90.00 from Pricewatch, and it have browser base management to boot. No IPsec, only PPPoE, PPP, PAP & CHAP.

Here is the D-Link DI-707 at $95.00 from Pricewatch that have DMZ & IPsec.

You can get Netopia at about $300.00-400.00, and it also support IPsec/DMZ.

If you have have time an old 386 + a floppy & FreeSCO or the a like would do, or a pentium & a hdd would get you GUI galore + IDS, maps & charts. And it is all free on your favorite Linux or Unix system :D


I wouldn't trust any corporate network to anything with the D-link logo on it. Same with Linksys, etc. Home, yes...remote office, yes...but in reality, a dedicated 14 year old can break through it. You might as well be using ZoneAlarm.
 
Dec 27, 2001
11,272
1
0
Small network...30 or so computers. What does a PIX do that the Symantec 200 wouldn't? We're still on NT 4.0. A consultant the company used before I got there talked them into it, and, since I don't know Cisco, it was just a really expensive box that did stateful packet inspection for all I knew for all this time. It wouldn't VPN, I could get no reporting from it, it blew up ater 2 years of use, and I had to call our ISP and get their techs to configure it whenever I needed anything done.

All I need is something with a GUI interface that does stateful packet inspection. VPN and DMZ are pluses. Right now, I've got people who need VPN using PPTP, so finally moving up to IPSec would be great since the decision to not move to W2K was recently made. :(

Switches would be great because right now everything is going through a pile of hubs.
 

skyking

Lifer
Nov 21, 2001
22,458
5,486
146
I have experience with Netopia products, they have been rock solid, never down due to the router yet(crosses fingers, throws salt over back, etc.)
 

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: phatcow
when he means firewall, i think he means somethng with stateful packet inspection.

Everyone of the firewalls I mentioned will do that, and possibly more.
 

phatcow

Platinum Member
Nov 25, 2000
2,266
0
0
Originally posted by: n0cmonkey
Originally posted by: phatcow
when he means firewall, i think he means somethng with stateful packet inspection.

Everyone of the firewalls I mentioned will do that, and possibly more.

i wasnt referring toyour post... i was referring to the post by the other guy


Here ya go IBR-680 price at $90.00 from Pricewatch, and it have browser base management to boot. No IPsec, only PPPoE, PPP, PAP & CHAP.

Here is the D-Link DI-707 at $95.00 from Pricewatch that have DMZ & IPsec.

You can get Netopia at about $300.00-400.00, and it also support IPsec/DMZ.

If you have have time an old 386 + a floppy & FreeSCO or the a like would do, or a pentium & a hdd would get you GUI galore + IDS, maps & charts. And it is all free on your favorite Linux or Unix system