What 2 get? Firewall solution that supports VPN.

[Breaker78]

We need to set up a new firewall for our company, with about 50 users.

We also have 2 branch offices with approx. 15 users each.

All three have Frame-Relay connectivity.

We use a private network ip address space, behind a cisco router at each location, running an internal DNS server.

If I get a stand alone device like a Cisco Secure PIX 506 firewall, am I going to be able to connect thru VPN??

How hard is this to set-up?

What other all-in-on options do i have?

 

[CTR]

Since you have a relatively small number of clients, the PIX 506 would be a good fit. It can do an IPSEC VPN like a champ. If your company is married to Cisco, it's hard to argue against the PIX. Pretty easy to setup too. Have you contacted any Cisco VAR's?

 

[spidey07]

the pix can act as a decent VPN concentrator

The routers will support many flavors of VPN as well if you get the right software. What exactly are you trying to accomplish? I'm seeing a 3 site private network here, where does firewalling and internet come into play?

 

[Breaker78]

One of the branch offices is already online. The other is coming up next week.

We of course have an Exchange 5.5 server at the central location, and all users have internet access.

Currently we have an old NT 4.0 box running AltaVista firewall '97 or something like that, and it just happens to be a good time to upgrade.

We aren't really married to Cisco. We want to have a few options to look at and compare.

I haven't talked to anyone from cisco yet. How much is a PIX 506 going to run me?

What about a SonicWall solution?

Firewall is the priority right now. VPN support is for a future implementaion date.

We also require something with good support options, since our IT staff is relatively new to these types of situations.

 

[CTR]

PIX 506 w/ ipsec software will probably run around $2000. You should negotiate with the var to get some consulting time thrown in. A decent PIX guy could get your config up and running in 15 minutes. Cisco has decent support on their website and TAC is always there for larger issues.

I don't have much hands-on with other firewalls. Hopefully someone else on the forum will chime in soon.

 

[Breaker78]

Yeah, I second that. The only real experience I have with firewalls is setting up the tiny personal firewall on my home lan and cable modem connection.

Truthfully, I am leaning towards the Cisco solution, mostly because of reliability and support.

My real dilemna is I need to come up with a document with a number of options for management.

Anyone know of any good websites that do comparisons on these types of things?

Come on guys, CHIME IN!!!

 

[spidey07]

I'll second the PIX solution because there is so much info and support from cisco, buy a smartnet maintenance contract (probably pretty cheap on a 2000 dollar product) and call them till you hearts content.

If your trying to do lan to lan VPN then your just fine terminating the tunnels on the far end cisco routers and the pix.

a real breeze to setup really.

<edit> sonicwall is also pretty cool (I use one at home) but it does have limitations in terms of speed and firewall options. Can't forget about checkpoing running on a nokia box. nokia firewall appliance