Reconfiguring my corporate network, need new vpn / router / firewall solution

Toggle sidebar Toggle sidebar
R

rustyjeep

Member
Jul 1, 2004
51
0
0
I'm redoing our firewall at work (we currently use a linux box with IPtables for routing and firewalling). I was wondering if you guys have any recommendations.

I think I have two directions I could go:

1. Linux firewall that connects to a Microsoft ISA server. I believe this would give me VPN capablilites (though ISA), and also some hardening as it would really be double firewalled. This would be the harder way to do things.

2. A vpn appliance. I like this idea, and have been looking at the symantec gateway security 400 series (http://www.symantec.com/Products/enterprise?c=prodinfo&refId=869&cid=1006) as a solution. Anyone have experiance with this, or possibly another recommendation?

Thanks for the time!
Terry
 
R

rustyjeep

Member
Jul 1, 2004
51
0
0
OK, we only have a fractional T1 right now, but would like to leave room for growth (we host the website in house). Also, I'd like redundancy (failover at a minimum, load balancing at best). As for vpn connections - currently only 2 people use vpn, but that's because our vpn barely works as is. I would say 10 connections with the ability to go up to 50 (purchase more liscenses, etc).

I've looked at several, and here is my list in order of preference:
1. Cyberguard 580 (snapgear) http://www.cyberguard.com/products/firewall/SG_Family/SG580.html?lang=de_EN
2. Symantec gateway security 360r http://www.symantec.com/small_business/...curity_appliances/sgs300/features.html
3. Sonicwall TZ 170 http://www.tigerdirect.com/applications...item-details.asp?EdpNo=1491914&CatId=0

All three seem to have 2 wan ports with failover, and they seem to have a good amount of features for the 500 - 900 dollar range.

kabttu - i hear of Cisco PIX all over the place, but I've heard negatives as well. The impression that I get is that they are the industry standard, but are very hard to configure - not to mention expensive (the one you posted seems to be in the $2500 range. Is there a compelling reason for this? Is it that they are just more reliable and give better preformance? The three I listed above look better on paper, but I realize that may differ from the real world.

Thanks for the help!

Terry
 
R

rustyjeep

Member
Jul 1, 2004
51
0
0
Oh, I forgot, we have a cisco catalyst 2629 as the router. We also have about 15 public IP's that we need to route and port forward around our internal network, so the ability to control the routing is important.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Checkpoint Firewall-1 on Nokia boxes. Add in the high availability stuff and you get fully functional failover.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: rustyjeep
N0cmonkey - could you give more info? I've used checkpoint vpn-1 (as an end user - not an admin) and it seemed to work.

I looked here:
http://www.checkpoint.com/products/firewall-1/index.html
and was surprised by the lack of information

Is this a web appliance, or a software solution? Any idea of the cost?
Click to expand...

If you go with the Nokia appliances, i'ts an appliance. If you just buy the software (ew), then it's a software solution. ;)

It's not cheap, but I don't have numbers off hand.
 
P

petey117

Senior member
Jul 24, 2003
755
0
0
I have used lots of different cisco gear, and i can say that they are probably the most stable, and reliable equipment that i have used.
they also have TONS of functionality. yeah, there is a learning curve, but most of the hard stuff is basically network theory, and not specific to cisco.
as for your problem at hand - cisco firewalls all have failover capability
personally, i like the linux based firewall distros. i have setup many, and they rarely go down or need maintenance, and they are cake to setup and configure
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom