Firewall Solution 4 Small Business...

[AMD_RULES]

Any suggestions on a firewall appliance for a small business?
10 Users
No need for DHCP or VPN, as logmein.com will be used.
Rackmount or not is fine...

I've been looking at both Sonicwall or setting up a smoothwall....

what would you suggest?

-AMD_RULES

 

[Cobalt2112]

For a small shop like that, why not a regular consumer router like a Linksys 54G?

Do you need to setup routing and out/inbound rules?

 

[AMD_RULES]

For a small shop like that, why not a regular consumer router like a Linksys 54G?

Do you need to setup routing and out/inbound rules?

no need for routing...

i'd rather not use a wired router or wireless router, but instead a product designed for firewall purposes...

How would a Smoothwall work?

 

[Sp00n]

Very well, generally.

 

[Zlash]

That's what their designed for.

 

[ThreeDee]

I use several smoothie boxes on campus at the school I work for and they work great
I use a multitude of mods for content filtering and virus scanning , web proxy, automatic ip blocking if it hits me to many times or triggers snort .. adzapper , blackhole dns (like spybot search&destroy's immunizing feature) and pop3 virus scanning (which is built into Smoothwall 3.0)to name a few ..

..it does "plane jane" well too if you don't need all that

 

[secure.boy]

m0n0wall
pfsense

 

[AMD_RULES]

I use several smoothie boxes on campus at the school I work for and they work great
I use a multitude of mods for content filtering and virus scanning , web proxy, automatic ip blocking if it hits me to many times or triggers snort .. adzapper , blackhole dns (like spybot search&destroy's immunizing feature) and pop3 virus scanning (which is built into Smoothwall 3.0)to name a few ..

..it does "plane jane" well too if you don't need all that

sound good

Is smoothwall or monowall better?

 

[marley1]

AMD - you never pm'd me back. what happened to the dental office and such?

Freeguard 100 from freedom9 i have been digging it.

or sonicwall tz170 for small buisness

 

[AMD_RULES]

AMD - you never pm'd me back. what happened to the dental office and such?

Freeguard 100 from freedom9 i have been digging it.

or sonicwall tz170 for small buisness

got a link to that freeguard?

(ygpm)

 

[marley1]

http://www.freedom9.com/products/product.php?p=28

I am using that at my office now and its been great, loads of options.

I just installed a Sonicwall TZ170 or the 180 (i forget) at a law office and the Sonicwall is more friendly configuration.

You can go with the monowall, *nix distros but meh, i rather get a actual device not a used computer setup.

Also anything will work for your setup, probably just get away with a wireless router/wired router with DD-WRT or Tomato.

Don't need much since your not hosting email and what not.

 

[AMD_RULES]

http://www.freedom9.com/products/product.php?p=28

I am using that at my office now and its been great, loads of options.

I just installed a Sonicwall TZ170 or the 180 (i forget) at a law office and the Sonicwall is more friendly configuration.

You can go with the monowall, *nix distros but meh, i rather get a actual device not a used computer setup.

Also anything will work for your setup, probably just get away with a wireless router/wired router with DD-WRT or Tomato.

Don't need much since your not hosting email and what not.

yep. What's that gonna setup me back since they don't have a MSRP on their site?
Hopefully under $1k

 

[marley1]

honestly i dont have an idea on the exact pricing, i got a not for resale unit so it was cheaper then going with a reseller.

i think they are around 400-500.

big benefit is its unlimited, sonicwall is a bitch with licenses and nodes and such

 

[AMD_RULES]

honestly i dont have an idea on the exact pricing, i got a not for resale unit so it was cheaper then going with a reseller.

i think they are around 400-500.

big benefit is its unlimited, sonicwall is a bitch with licenses and nodes and such

ok, that ain't bad price

so i think that will be the solution, thanks again Marley1!

- AMD_RULES

 

[ThreeDee]

free for commercial and private use

smoothwall
untangle
ipcop
endian

in my computer lab , I am currently running a pogo linux rack mount setup (P4 3.0GHZ, w/ 2GB memory, 80GB hdd) to "play" on , testing what mods from the homebrew section over at smoothwalls forums we could use as a facility and how they work ..etc..

Our main box is just an XP 1600+ w/ 512megs DDR and 20GB hdd

if concerned about support , smoothwall's forums are a great place for quick help or creating your own mods to do what ever you need if it isn't already available.

 

[Sasiki]

Sonicwall TZ180 for $517 - http://www.newegg.com/Product/Product.aspx?Item=N82E16833339057

I use Sonicwall products within my company. Easy to configure and fairly robust as well.

 

[TechieSooner]

I've heard good things about Watchguards but have never used them myself.

Is this company looking like they will grow? You might consider a Cisco routing device... Spend the money now, expand with much ease.

 

[YeOldeStonecat]

Linksys/Cisco RV0 series are rock solid, fast, stable.

 

[scoob8000]

Smoothwall or ClarkConnect, find an older used PC, throw an extra NIC in it and you're on your way.

You can build a pretty robust system for well under $100 bucks.

 

[dx2]

For SMB environments what is preferable though?

A hacked together or brand new built cheap x86 box with a linux fire wall. (ipcop/smooth wall free/ endian)

or something that has commercial support and is backed by a company. (Cisco/sonic wall/ vendor x)

I almost wouldn't feel safe putting any of the free products in a business environment, using them to route my BT traffic is swell, but I dunno if I would trust my business rep on them.

Thoughts?

 

[YeOldeStonecat]

For SMB environments what is preferable though?

A hacked together or brand new built cheap x86 box with a linux fire wall. (ipcop/smooth wall free/ endian)

or something that has commercial support and is backed by a company. (Cisco/sonic wall/ vendor x)

I almost wouldn't feel safe putting any of the free products in a business environment, using them to route my BT traffic is swell, but I dunno if I would trust my business rep on them.

Thoughts?

Exactly. For businesses...as their IT consultant you shouldn't be selfish...think of them if they need to get someone other than you to support their network. If you put in a Tier-1 branded common product...almost any other IT propeller head can pick up the job and continue to support them. If you put in some oddball *nix distro router...most IT support guys don't know about them...and whoever has to fill your shoes will encounter difficulty in trying to support your prior client.

The good IT guy will implement equipment/hardware/software that can easily be supported by someone else.

IMO...use a router designed for the small business...stay away from sub 100 dollar home grade routers, never use home grade equipment in a business environment.

 

[scoob8000]

IMO...use a router designed for the small business...stay away from sub 100 dollar home grade routers, never use home grade equipment in a business environment.

Also, keep in mind we're talking a company with 10 users. I'm just thinking, money could be an issue...

Another question for the OP to ask himself, how mission critical is this device going to be.

 

[AMD_RULES]

Exactly. For businesses...as their IT consultant you shouldn't be selfish...think of them if they need to get someone other than you to support their network. If you put in a Tier-1 branded common product...almost any other IT propeller head can pick up the job and continue to support them. If you put in some oddball *nix distro router...most IT support guys don't know about them...and whoever has to fill your shoes will encounter difficulty in trying to support your prior client.

The good IT guy will implement equipment/hardware/software that can easily be supported by someone else.

IMO...use a router designed for the small business...stay away from sub 100 dollar home grade routers, never use home grade equipment in a business environment.

Also, keep in mind we're talking a company with 10 users. I'm just thinking, money could be an issue...

Another question for the OP to ask himself, how mission critical is this device going to be.

as long as i'm not paying for enterprise grade hardware with a big price tag like Cisco, the budget can be flexible.

as others have said, i don't want a home product, but a business product backed by a reliable company like Sonicwall or Cisco...

 

[ThreeDee]

Currently we are running about 50'ish computers behind one of our smoothie boxes that sits headless up in a cupboard in our copier room plugged into a battery back up unit .. used to be 75'ish until one of our departments moved to another building at the other side of our campus .. no issues then either.

..and that's on the XP 1600+ w/512meg DDR, 20GB hdd ..simple red/green setup with Dansguardian with 2 filter groups setup, Blackhole DNS, Advanced Web Proxy, and Active IP block mods (plus a few other logging type mods)

 

[AMD_RULES]

Currently we are running about 50'ish computers behind one of our smoothie boxes that sits headless up in a cupboard in our copier room plugged into a battery back up unit .. used to be 75'ish until one of our departments moved to another building at the other side of our campus .. no issues then either.

..and that's on the XP 1600+ w/512meg DDR, 20GB hdd ..simple red/green setup with Dansguardian with 2 filter groups setup, Blackhole DNS, Advanced Web Proxy, and Active IP block mods (plus a few other logging type mods)

is there a website where these "mods" can be found?

 

[ThreeDee]

why yes ..yes there is ..

http://community.smoothwall.org/forum/viewforum.php?f=26&sid=265904ed5e281e7e231e4b8fc24c55b3

thats the homebrew section for SW3 .. check out the "summary of mods" thread at the top of the list to see them all

 

[marley1]

All i have to say is when shit hits the fan you do not want to be posting on a online forum for fixes, you deff wanna have a phone number to call.

Those linux distros look nice (i haven't used one), but it would be a hell of a tough sell for my clients.

 

[AMD_RULES]

those smoothwalls look like they're gonna require to much work...

i'd rather pay a little bit extra money and get a device suited for firewall with an easy to use GUI interface...

 

[marley1]

those smoothwalls look like they're gonna require to much work...

i'd rather pay a little bit extra money and get a device suited for firewall with an easy to use GUI interface...

sonicwall is your answer imo.

it was my first time deploying one of the tz170 and the first time we plugged it in we were amazed at how easy/user friendly it was.

wizards all over the place.

compared to the freeguard we are using we had to call support a few times to get a little push in the right direction. but tech support was fast to answer us and was great even connected into the router and fixed it up.

 

[AMD_RULES]

sonicwall is your answer imo.

it was my first time deploying one of the tz170 and the first time we plugged it in we were amazed at how easy/user friendly it was.

wizards all over the place.

compared to the freeguard we are using we had to call support a few times to get a little push in the right direction. but tech support was fast to answer us and was great even connected into the router and fixed it up.

who's got overall better support?

 

[scoob8000]

Smoothwall and the likes can be very powerful in the right hands. As long as someone knows linux and ipfw or iptables you should have nothing to worry about besides hardware failure.


Truth betold most SOHO type boxes run some proprietary variant of linux, BUT they are backed by the manufacturer. My personal choices would be amongst Sonicwall, Symantec, or Checkpoint.

</rant></hijack>

 

[YeOldeStonecat]

Also, keep in mind we're talking a company with 10 users. I'm just thinking, money could be an issue...

Another question for the OP to ask himself, how mission critical is this device going to be.

Right..it's not a home based business of just 1 user..but a decent sized small business. A couple of hundge bucks for an internet connection..which is often the lifeline of a business these days....is barely pocket change. The RV0 series is rock stable and fast..and barely a couple of hundred bucks. While Sonicwall makes great stuff...it's very pricey...you're stuck with yearly support agreements which are expensive, and the OP said no VPN stuff...so I'd be leaning away from Sonicwall a bit more..no need to spend money for features they won't use.

 

[AMD_RULES]

So this is what i need?

Sonicwall TZ170 Wired 10 Node

 

[AMD_RULES]

Right..it's not a home based business of just 1 user..but a decent sized small business. A couple of hundge bucks for an internet connection..which is often the lifeline of a business these days....is barely pocket change. The RV0 series is rock stable and fast..and barely a couple of hundred bucks. While Sonicwall makes great stuff...it's very pricey...you're stuck with yearly support agreements which are expensive, and the OP said no VPN stuff...so I'd be leaning away from Sonicwall a bit more..no need to spend money for features they won't use.

(sorry to double post)

what would be a better solution?

VPN or LogMeIn.com?

I know they are both pretty much the same except logmein doesn't require a VPN firewall....

 

[marley1]

who's got overall better support?

I didn't have to call sonicwall. The guys at freedom9 have been great so far. All american/engilsh speaking. Picked up phone right away or a a short hold time.

They have a nice remote connection software so they can connect and log into router.

Just some of the firewall stuff is a bit confusing unless you know wat your looking for.

If you want to give the product a shot give me pm or email, and I'll see if I can get you a unit.

 

[marley1]

AMD -

VPN and Logmein is two different things.

VPN and Logmein Hamachi are the same.

Logmein allows you to connect to a workstation and actually work off that unit. A VPN just gives you access to network devices (printers or file shares).

It isn't a bad idea to have a firewall but it really wont gain you much if your not hosting email, vpn, etc.

Look into the Freeguard from what I got out of it was its unlimited with no yearly upgrade costs like Sonicwall has.

 

[AMD_RULES]

AMD -

VPN and Logmein is two different things.

VPN and Logmein Hamachi are the same.

Logmein allows you to connect to a workstation and actually work off that unit. A VPN just gives you access to network devices (printers or file shares).

It isn't a bad idea to have a firewall but it really wont gain you much if your not hosting email, vpn, etc.

Look into the Freeguard from what I got out of it was its unlimited with no yearly upgrade costs like Sonicwall has.

well in that case, Freeguard will probably be a better solution...

 

[ThreeDee]

those smoothwalls look like they're gonna require to much work...

i'd rather pay a little bit extra money and get a device suited for firewall with an easy to use GUI interface...

lol ..if I can set one up ..than anybody can and once you have it setup , most everything is configurable from the web gui (except for Dansguardian..as of right now you can only enable or disable it and have to hand edit the particular files to enable or disable access to sites or set up different user groups ..etc)

once setup , you just log into it via https://192.168.0.1:441 (or whatever you set your green ip to be ) and then almost everything is available to you

but , as stated ..if you plan on a setup that somebody can just call somebody else to walk you thru everything or resolve problems for them should you leave ..then go with something different

 

[AMD_RULES]

lol ..if I can set one up ..than anybody can and once you have it setup , most everything is configurable from the web gui (except for Dansguardian..as of right now you can only enable or disable it and have to hand edit the particular files to enable or disable access to sites or set up different user groups ..etc)

once setup , you just log into it via https://192.168.0.1:441 (or whatever you set your green ip to be ) and then almost everything is available to you

but , as stated ..if you plan on a setup that somebody can just call somebody else to walk you thru everything or resolve problems for them should you leave ..then go with something different

thanks for the info...
I do have no experience with Linux at all!
I'll gonna go with the FreeGuard9 for the office and i may eventually try a smoothwall setup @ home

 

[swatbat]

Linksys/Cisco RV0 series are rock solid, fast, stable.

Exactly. For businesses...as their IT consultant you shouldn't be selfish...think of them if they need to get someone other than you to support their network. If you put in a Tier-1 branded common product...almost any other IT propeller head can pick up the job and continue to support them. If you put in some oddball *nix distro router...most IT support guys don't know about them...and whoever has to fill your shoes will encounter difficulty in trying to support your prior client.

The good IT guy will implement equipment/hardware/software that can easily be supported by someone else.

IMO...use a router designed for the small business...stay away from sub 100 dollar home grade routers, never use home grade equipment in a business environment.

I gotta agree with YeOldStoncate here although if you use a new machine the linux firewalls are pretty easy to figure out.

Personaly I have had bad luck with sonicwall and their av so I generaly stay away from them. For a small office I install a cisco 871 if I go with anything other then one of the lower end linksys business routers.

Looking hard into the linux/unix firewalls though. Getting ready to install a monowall one at a client next week. Using one of the configs that logicsupply advertises on monowalls site but with more memory in case we want to move them to something that needs more later.