Firewall/Router Suggestions

[marley1]

Hey guys -

I have a client thats gonna be hosting exchange in house, we need to upgrade there firewall from the current Buffalo Router with DD-WRT to something that has Firewall/Router/VPN

This looks good for me http://www.freedom9.com/products/product.php?p=28&topic=b

Was looking at Sonicwall but in hte past they have been a pain with licensing, but the cheaper solutions look okay.

A friend told me that he was swapping from Sonicwall to Freedom9 and hes liking em more.

Budget < 500.

What do you recommend.

Thanks.

 

[YeOldeStonecat]

Well, DD-WRT has firewall, it is a router, and it does VPN.

However...when you say "Client"..and "Exchange"..to me, that means a business network..and IMO business grade hardware.

Considered some of the *nix router distros that do UTM? Endian, or Untangle?
http://www.untangle.com/
http://www.endian.it/

 

[marley1]

This is a small business, 2 servers (one is Domain/File, other is exchange backup domain), 15 computers.

I dont really want to get another computer just running a linux distro, not familiar with linux although im sure its all gui based, but would rather just have a small device instead of a computer.

This Freedom9 looks good. Have any input on the model i listed?

 

[Tekara]

I would push for a computer box as well, though I preference M0n0wall for it's simplicity and stability.

Idea for cheap and small:
Alix mainboard, they are low power and self-contained with cpu/ram/video. Perfect for an embedded situation like this:
http://www.mini-box.com/s.nl/sc.8/category.754/.f

Then a small enclosure:
http://www.mini-box.com/Morex-T3300

After that you just need a small cf card for the OS and you'll have a ~$200 system that can rival something that would cost over $1000.

 

[YeOldeStonecat]

This is a small business, 2 servers (one is Domain/File, other is exchange backup domain), 15 computers.

I dont really want to get another computer just running a linux distro, not familiar with linux although im sure its all gui based, but would rather just have a small device instead of a computer.

This Freedom9 looks good. Have any input on the model i listed?

They are easy to setup. If you can manage a home grade Linksys router...you can manage the *nix distro routers.

Due to having an Exchange server...I would select one of the distros that does UTM..so that you have antivirus and antispam transparent proxy of mail traffic before it hits your Exchange server. Even if you'd run your own 3rd party app on the Exchange box..having an added second layer..for something that is free...to me is a no brainer.

Else..what features are you looking for, that is not on the DD-WRT product? If you just want something with more horsepower, look at the Linksys/Cisco RV0 series of routers. I've setup dozens and dozens of them....love them. But to be honest..only feature of those over DD-WRT is the increased horsepower of the RV0, the RV082 and RV016 will handle large networks better.

Or are you looking for a true UTM appliance that does deep SPI, antivirus/antispam/antimalware scanning?

 

[shade_star]

A cisco 501 would foot your bill. Good units for small offices

 

[NoID]

While a little more expensive, you may look to get a Cisco ASA 5505. They are aimed at the small office/home office. It has the latest in firewall/VPN features and can do much more than the 501.

 

[zacdl]

Cisco router may be easiest... Highly flexible, that's for sure (It's just (as in my case) if you haven't configured one in years... command line can be a PITA trying to remember everything). If you go that route I suggest getting "CCNA Command Quick Reference" (ISBN 1-58713-159-5)...


I've been looking at Ubuntu myself. The amount of research I have done... it looks VERY easy to use.
However the only problem I see with it is the issue if it crashes- it brings EVERYTHING down (Granted same thing with Cisco router- but a computer is way more likely to do so).

However in my case, if it went down I suppose I can just bypass it until it is fixed. It just nukes all of my spam filtering/content filtering until it is back up again. But this isn't as big of deal to me, as it would just sit behind a Cisco router/firewall anyway... so security would still stay there.


I have heard good things about Watchguard devices as well- might look into those (Good thing is it comes with pretty good GUI- which I have been finding is faster than command line most of the time on quite a few quick tweaks).


You are 100% right on Sonicwall. They do a good job, but are a PITA about licenses, and are also pretty darn expensive.