Decent Datacenter Firewall Advice needed pls

Discussion in 'Networking & Security' started by rec0d3, Nov 11, 2019.

  1. rec0d3

    rec0d3 Limp Gawd

    Messages:
    366
    Joined:
    Jun 28, 2017
    What's a good firewall to be used within a datacenter? I have four servers at the moment and I'd like to add some sort of appliance. Best advice please. Minimal cost as well haha. Thanks!
     
  2. cjcox

    cjcox [H]ard|Gawd

    Messages:
    1,335
    Joined:
    Jun 7, 2004
    We use Palo Alto. I wouldn't look to put SOHO gear inside of a datacenter btw.
     
    rec0d3, schizrade and Farva like this.
  3. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,592
    Joined:
    Mar 4, 2013
    No specific recommendations.
    Current bandwidth?
    Projected bandwidth?
    Do you need VPN? (A lot of firewall appliances can serve as a VPN server)
    Any need for web filtering?
    Any need for public access? (web server, etc)
    Some appliances can be a DHCP server and/or Time server.

    Be sure to check service/maintenance agreement costs before buying.
     
    rec0d3 and Farva like this.
  4. Valnar

    Valnar 2[H]4U

    Messages:
    3,077
    Joined:
    Apr 3, 2001
    Nowhere near enough info.
     
    rec0d3 and schizrade like this.
  5. OFaceSIG

    OFaceSIG 2[H]4U

    Messages:
    2,120
    Joined:
    Aug 31, 2009
    I don't know how much bandwitdh your external WAN is, but with only 4 servers, you may want to just put them behind a pfsense. Inexpensive desktops can handle gigabit throughput easily.
     
    rec0d3 likes this.
  6. Nicklebon

    Nicklebon Gawd

    Messages:
    580
    Joined:
    May 22, 2006
    As others have said more information is needed to make a complete recommendation. That said, Fortinet would be a solid vendor as they have a product lineup that spans from ultra small to carrier sized and allow you to license the feature set you need. When comparing enterprise quality vendors they will generally be the lowest cost vendor at all feature/performance levels.
     
    rec0d3 and schizrade like this.
  7. RiDDLeRThC

    RiDDLeRThC 2[H]4U

    Messages:
    3,886
    Joined:
    Jun 13, 2002
    I would consider Sophos if you don't see your footprint growing too much. If you do think it's going to grow then Palo or Checkpoint would the two I consider. Like others have said, without additional detail it's hard to recommend. All three of these could be overkill. If anything you should right size the appliance for your workload today and for future.
     
    rec0d3 likes this.
  8. Vengance_01

    Vengance_01 [H]ardness Supreme

    Messages:
    5,865
    Joined:
    Dec 23, 2001
    Palo Alto for the win. We use them at the office and they work well
     
    rec0d3 likes this.
  9. rec0d3

    rec0d3 Limp Gawd

    Messages:
    366
    Joined:
    Jun 28, 2017
    Very well. I will add more detail here.

    I am just hosting a bunch of servers. 4 to be exact. All virtualizor. I decided to host some friends who all pay in to host all of this. It's well covered in terms of funds. We found a decent datacenter who was cool to hook us up even with unlimited bandwidth. So, we utilize it! We need more security though. A firewall would be great. I'd rather not go virtual. Right now, iDrac is exposed, etc. I am going to turn it off.

    So, all virtualizor for VPS'. In two vps' there is cPanel. One Plesk server. Few file sharing server. Etc.

    All my ips are in blocks. I have a few blocks of /28.

    Believe I have around 50 something total? Give or take.

    Edit: I would like VPN access to firewall. Web filtering is not required.

    Hit me. Be kind. Thank you.
     
  10. Vengance_01

    Vengance_01 [H]ardness Supreme

    Messages:
    5,865
    Joined:
    Dec 23, 2001
    Are you looking for any proactive or next gen FW blocking or just strickly basic in and out rules with VPN? Are you tenchincal and comfortable with Linux? PFSense would be good. If not PALO ALTO allows you to manage nats rules, and subscriptions like VPN, you can buy individually. What throughput do you need to manage as that's going to dictate what size box you need to buy. Look at the pa 220 or an 820 for other connections besides copper.
     
  11. Nicklebon

    Nicklebon Gawd

    Messages:
    580
    Joined:
    May 22, 2006
    Your description so far leaves out the most critical factor. What kind of bandwidth? Most, if not all, business class firewalls include VPN in the basic bundle. It really boils down to what features at what speed. If your expecting 1Gbps with full blown dpi and tls decrypt expect to spend a lot. If your talking <400Mbps the cost go down dramatically. I will add that if aren't going to do tls decrypt just go buy some cheap consumer class firewall from BestBuy. You will be wasting your money otherwise and you'll get the same protection, none. These days almost everthing is encrypted and if you're not inspecting the data you're basically wasting your time.
     
  12. N4CR

    N4CR [H]ardness Supreme

    Messages:
    4,172
    Joined:
    Oct 17, 2011
    Microsoft can sell you life time virus tech support and firewall to stop the hackers in netstat for 500 dollar ma'am.
     
  13. Valnar

    Valnar 2[H]4U

    Messages:
    3,077
    Joined:
    Apr 3, 2001
    Do you need a NGFW? If so there are annual subscription prices for AV/IPS/Threat, etc but they are much better than just a stateful inspection firewall. That being said, most modern firewalls these days offer the option. If you want a real Enterprise firewall, then Palo Alto, CheckPoint, Cisco Firepower (yuck) and Fortinet are the main options. One tier down is Meraki, Sonicwall, Watchguard & Sophos. Something down from there outside of a NGFW is pfSense or an older Cisco ASA.

    Any of them work; all of them work. It depends on the features you want. They all support some kind of VPN Client. If minimal cost if what you are after, and depending on whether you even know anything about firewalls, I'd say Sonicwall might be a good fit. 'Just don't buy the bottom model of any product.