Good Firewall <$500 for a business

T

trckn4life

Limp Gawd
Joined
Sep 5, 2006
Messages
213
I am looking for some suggestions or opinions on firewalls for a small business. Hopefully the price will be under $500 and VPN functionality is needed, also SPI, content filtering and/or QOS would be nice but not necessary. The business that needs it has about 8-10 computers right now, networked printer, etc.

Any particular brand you would suggest? Sonicwall, Cisco, DLink, Netgear, other? I think I could set up most that fall in this category but I'm not so sure that I could setup the cisco out of the box (well at least set it up properly).
 
Nate, it is Cable as of right now. Thanks for the help. I'm going to take a closer look at these probably after work today.
 
QwertyJuan said:
IpCop!! :D
Click to expand...

build a $200 computer (Athlon XP something with 256 to 512megs of ram .. 6gb or bigger hdd with 2 or 3 nics) and install Smoothwall or IPCop or Endian on it.. Endian has everything you would need right out of the box , but that's it .. there isnt a modding community for it that I know of ..

IPCop is easy to add mods to and has alot of the features you want out of the box

Smoothwall is very basic out of the box, but has a large mod community to add whatever functionality you want to it if you dont mind getting your hands a little dirty (so to speak) ..my only gripe is that there isnt any easy implemtation of POP3 spam filtering for it as of right now...

 
Cisco ASA 5505 is probably pretty close to $500 after discount. I have customers with lots of these deployed, they love 'em. The ASA's are very easy to setup with the GUI. They're about to get even easier soon with the new release coming.
 
ThreeDee said:
build a $200 computer (Athlon XP something with 256 to 512megs of ram .. 6gb or bigger hdd with 2 or 3 nics) and install Smoothwall or IPCop or Endian on it.. Endian has everything you would need right out of the box , but that's it .. there isnt a modding community for it that I know of ..

IPCop is easy to add mods to and has alot of the features you want out of the box

Smoothwall is very basic out of the box, but has a large mod community to add whatever functionality you want to it if you dont mind getting your hands a little dirty (so to speak) ..my only gripe is that there isnt any easy implemtation of POP3 spam filtering for it as of right now...
Click to expand...


Unless that solutions come with dedicated support if something goes wrong, I would consider that a no-go for a business.
 
trckn4life said:
I am looking for some suggestions or opinions on firewalls for a small business. Hopefully the price will be under $500 and VPN functionality is needed, also SPI, content filtering and/or QOS would be nice but not necessary. The business that needs it has about 8-10 computers right now, networked printer, etc.

Any particular brand you would suggest? Sonicwall, Cisco, DLink, Netgear, other? I think I could set up most that fall in this category but I'm not so sure that I could setup the cisco out of the box (well at least set it up properly).
Click to expand...

For a small business Watchguard with their UTM bundle should work fairly well.

With the UTM bundle it will do:
Firewall/VPN
Anti-virus
Anti-spyware
Anti-spam
URL filtering

Plus support obviously

http://www.watchguard.com/products/utm-bundle_edge.asp
 
Trepidati0n said:
Unless that solutions come with dedicated support if something goes wrong, I would consider that a no-go for a business.
Click to expand...
I would agree .. we run Smoothwall and Endian currently at the place I work (school for troubled teens) and have about 100 or so behind the smoothie box and 10+ behind an Endian box .. and that is part of my job is to maintain all the smoothwall/endian/ipcop boxen on campus. I use a my small "gaming/internet research/etc" computer lab that I directly oversee (20 + comps) for a testing environment for different firewall distros and mods to see which will go into main firewall appliances..


 
here is sort of what I'm thinking about the options.

I know cisco products are good but I'm concerned about setup since I haven't really setup a firewall before. I've done some cisco command line interface but I'm nowhere near a master.

Running a box with smoothwall, endian, or ipcop is not feeasible for the business. I'd like to mess around with it myself...but it's not the solution for this.

The Dlink DFL-200 looks good too and is cheap! But I like some of the additional features of the watchdog, hotbrick, or sonicwall type of appliances. Juniper looks good and I've read a bit about them and I've seen their ads in Network World. I just wonder how they are for support and initial install, especially if I'd need any assistance. I'm suprised noone really mentioned the sonicwall. Are they not all they are cracked up to be? Thanks for the advice. Feel free to keep it coming.
 
sonicwall is really not all they are cracked up to be, dont get me wrong they are great little devices, there are just much better solutions
 
trckn4life said:
here is sort of what I'm thinking about the options.

I know cisco products are good but I'm concerned about setup since I haven't really setup a firewall before. I've done some cisco command line interface but I'm nowhere near a master.
Click to expand...

Again, the Cisco ASA and versions of the PIX running 7.0 or above (not including PIX 501 or 506e) with the ASDM GUI version 5.0 or above are very easy to configure. If you're curious to see how the GUI looks, check out the link below. It's ASDM v5.2, which is the latest. Version 6.0 is coming out soon in conjunction with version 8.0 of the operating system and is going to completely blow away 5.2.

http://www.cisco.com/en/US/products/ps6121/products_data_sheet0900aecd804ba978.html

As for support and especially initial installation support, Cisco TAC is great.

One thing to be aware of as far as VPN goes, the Juniper/Netscreen firewalls do not have support for SSL-based VPN, you have buy a separate appliance for that. There is a license you can get for the ASA 5505 if you should want this in the future, and it supports up to 25 SSL clients.
 
I spoke with SonicWall and WatchGuard today. They both have pro's and cons. Between the two I think I'd lean towards the WatchGuard but I'm more familiar with the SonicWall name. Here are the models that were discussed:

SonicWall tz170
WatchGuard X10E
WatchGuard X20E (For a couple reasons this seemed like the better option in WatchGuard's offerings)
 
trckn4life said:
The Dlink DFL-200 looks good too and is cheap! But I like some of the additional features of the watchdog, hotbrick, or sonicwall type of appliances. Juniper looks good and I've read a bit about them and I've seen their ads in Network World. I just wonder how they are for support and initial install, especially if I'd need any assistance. I'm suprised noone really mentioned the sonicwall. Are they not all they are cracked up to be? Thanks for the advice. Feel free to keep it coming.
Click to expand...

I was one of the ones who suggested the DFL-200.... I've also installed SonicWall (TZ150's & TZ170's) and PIX 501's, and several other brands/models. The D-Link box is nice because first of all it works well, but beyond that there are no extra fees for licensing and support. None of that crap where you are already buying an expensive box but then you also have to pay extra for more than 10 outbound internet connections, VPN licenses, etc.

The DFL-200 would be the box I would install for the environment you are describing.
 
Spartacus said:
I was one of the ones who suggested the DFL-200.... I've also installed SonicWall (TZ150's & TZ170's) and PIX 501's, and several other brands/models. The D-Link box is nice because first of all it works well, but beyond that there are no extra fees for licensing and support. None of that crap where you are already buying an expensive box but then you also have to pay extra for more than 10 outbound internet connections, VPN licenses, etc.

The DFL-200 would be the box I would install for the environment you are describing.
Click to expand...
That is a good point. They do Nickel and Dime you. I do like the features that this D-Link has and I know for the most part the company I work at now, out DLinks have worked pretty well. Now, it's mostly DLink switches that we have, but. In fact I'm tempted to consider ordering one of these DLinks for home maybe, but I need to buy a few other things first for home. Thanks.
 
trckn4life said:
I spoke with SonicWall and WatchGuard today. They both have pro's and cons. Between the two I think I'd lean towards the WatchGuard but I'm more familiar with the SonicWall name. Here are the models that were discussed:

SonicWall tz170
WatchGuard X10E
WatchGuard X20E (For a couple reasons this seemed like the better option in WatchGuard's offerings)
Click to expand...

Personally I like the WatchGuard x20E with their UTM bundle. Ther service, support, and updates are what really make this kind of unit worthwhile IMO.
 
Spartacus said:
I was one of the ones who suggested the DFL-200.... I've also installed SonicWall (TZ150's & TZ170's) and PIX 501's, and several other brands/models. The D-Link box is nice because first of all it works well, but beyond that there are no extra fees for licensing and support. None of that crap where you are already buying an expensive box but then you also have to pay extra for more than 10 outbound internet connections, VPN licenses, etc.

The DFL-200 would be the box I would install for the environment you are describing.
Click to expand...

Good luck getting support from them when you need it. There is a reason that companies pay for support packages, and it's because the longer you stay down, the more money you lose.

Try telling a business that just lost $200k over a twenty four hour span that it's just "the cost of doing business". Actually, you won't have a chance to tell them because they will have fired you and hired someone else before you can explain why their equipment failed.
 
Eickst said:
Good luck getting support from them when you need it. There is a reason that companies pay for support packages, and it's because the longer you stay down, the more money you lose.

Try telling a business that just lost $200k over a twenty four hour span that it's just "the cost of doing business". Actually, you won't have a chance to tell them because they will have fired you and hired someone else before you can explain why their equipment failed.
Click to expand...

The question is, is his business like that? If I got that speech and I owned a company with a 1/2 dozen employees...I think I might be laughing at you a bit. The OP needs to figure out what the lost operating profits would be for each hour/day the router is down and see if that justifies a system with a support package. This should also be correlated to the reliability and support of their internet connection as well and the PC's connected to that equipment. Maybe the boss who gave him the budget already figured it out and that is why he has a $500 budget.

Also...if your story was completely true...CSC wouldn't be in business :D
 
cisco asa 5505...its money we got 5 asa 5505s for some of our branch sites, and got an asa 5510 for headquarters
 
Hades12 said:
I really like the look of this, I have been looking at a Cisco ASA 5505 and the brick has the same or better functions. the 5505 does not have load balancing for two Wans.
Click to expand...

Yeah, there is no support for load-balancing across the two WAN links on the 5505. It's backup support only. The HotBrick doesn't support SSL-based VPN either. Also note that load-balancing support on it is limited to outbound connections only.
 
Boscoh said:
Yeah, there is no support for load-balancing across the two WAN links on the 5505. It's backup support only. The HotBrick doesn't support SSL-based VPN either. Also note that load-balancing support on it is limited to outbound connections only.
Click to expand...

And the outbound load balancing is session based. meaning that if 100 sessions open, 50 go to one wan, 50 to the other...but if all 50 on one side close, those other 50 don't automatically shift over to the unused pipe.
 
You ll have to talk to Gabby and see if he 'll give you better pricing, but...

These beasts are quiet impressive.

http://www.redundantinternet.com/en/vpn800.html

The version with gigabit ports is a bit out of your price range tho, The guys from CDW who were working on our new server today were amazed at what this box could do for the price.

I suggest you buy it from here and not the US site. You ll get 10 times better service and support.
 
Eickst said:
And the outbound load balancing is session based. meaning that if 100 sessions open, 50 go to one wan, 50 to the other...but if all 50 on one side close, those other 50 don't automatically shift over to the unused pipe.
Click to expand...


If your refering to the Hotbrick, It can roll over those connections as long as they are not secure connections.

It can do 4 or 5 different types of load balancing. You can also bind certain protocols and types of traffic to one WAN port or the other.

We have a Hotbrick 800/2 VNP with (2) 3.0Mbps/768Kbps lines feeding some 50 employees.

The first line is the promary line with normal web traffic being rolled over the second line when the first reaches 80&#37; of its limit. We also have the second WAN line bound to our internal FTP, which is rate limited to 80KBps. I have the hotbrick set to QOS mail services to the second highest priority, with VPN traffic being number one.

We have off and on 2-5 people using the VPN weekly.

I've never seen the CPU usage on our hotbrick go above 15%

Surprisingly everything works pretty smooth here. One key detail to making this all work is the westell 6000 series DSL modems we use. They have built in QOS for ack packets which make a huge difference when your loading up ADSL with many users.
 
You must log in or register to reply here.
Back
Top