What's a good firewall to be used within a datacenter? I have four servers at the moment and I'd like to add some sort of appliance. Best advice please. Minimal cost as well haha. Thanks!
No specific recommendations. Current bandwidth? Projected bandwidth? Do you need VPN? (A lot of firewall appliances can serve as a VPN server) Any need for web filtering? Any need for public access? (web server, etc) Some appliances can be a DHCP server and/or Time server. Be sure to check service/maintenance agreement costs before buying.
I don't know how much bandwitdh your external WAN is, but with only 4 servers, you may want to just put them behind a pfsense. Inexpensive desktops can handle gigabit throughput easily.
As others have said more information is needed to make a complete recommendation. That said, Fortinet would be a solid vendor as they have a product lineup that spans from ultra small to carrier sized and allow you to license the feature set you need. When comparing enterprise quality vendors they will generally be the lowest cost vendor at all feature/performance levels.
I would consider Sophos if you don't see your footprint growing too much. If you do think it's going to grow then Palo or Checkpoint would the two I consider. Like others have said, without additional detail it's hard to recommend. All three of these could be overkill. If anything you should right size the appliance for your workload today and for future.
Very well. I will add more detail here. I am just hosting a bunch of servers. 4 to be exact. All virtualizor. I decided to host some friends who all pay in to host all of this. It's well covered in terms of funds. We found a decent datacenter who was cool to hook us up even with unlimited bandwidth. So, we utilize it! We need more security though. A firewall would be great. I'd rather not go virtual. Right now, iDrac is exposed, etc. I am going to turn it off. So, all virtualizor for VPS'. In two vps' there is cPanel. One Plesk server. Few file sharing server. Etc. All my ips are in blocks. I have a few blocks of /28. Believe I have around 50 something total? Give or take. Edit: I would like VPN access to firewall. Web filtering is not required. Hit me. Be kind. Thank you.
Are you looking for any proactive or next gen FW blocking or just strickly basic in and out rules with VPN? Are you tenchincal and comfortable with Linux? PFSense would be good. If not PALO ALTO allows you to manage nats rules, and subscriptions like VPN, you can buy individually. What throughput do you need to manage as that's going to dictate what size box you need to buy. Look at the pa 220 or an 820 for other connections besides copper.
Your description so far leaves out the most critical factor. What kind of bandwidth? Most, if not all, business class firewalls include VPN in the basic bundle. It really boils down to what features at what speed. If your expecting 1Gbps with full blown dpi and tls decrypt expect to spend a lot. If your talking <400Mbps the cost go down dramatically. I will add that if aren't going to do tls decrypt just go buy some cheap consumer class firewall from BestBuy. You will be wasting your money otherwise and you'll get the same protection, none. These days almost everthing is encrypted and if you're not inspecting the data you're basically wasting your time.
Microsoft can sell you life time virus tech support and firewall to stop the hackers in netstat for 500 dollar ma'am.
Do you need a NGFW? If so there are annual subscription prices for AV/IPS/Threat, etc but they are much better than just a stateful inspection firewall. That being said, most modern firewalls these days offer the option. If you want a real Enterprise firewall, then Palo Alto, CheckPoint, Cisco Firepower (yuck) and Fortinet are the main options. One tier down is Meraki, Sonicwall, Watchguard & Sophos. Something down from there outside of a NGFW is pfSense or an older Cisco ASA. Any of them work; all of them work. It depends on the features you want. They all support some kind of VPN Client. If minimal cost if what you are after, and depending on whether you even know anything about firewalls, I'd say Sonicwall might be a good fit. 'Just don't buy the bottom model of any product.
![[H]ard|Forum](styles/hardforum/xenforo/logo_dark.png){kind=logo}
