Home/SmallBusiness transparent firewall?

[RokleM]

No offense, for those of you that don't understand the title, don't continue any further. I gots me a $25 Linksys isn't the answer.

I'm dropping a couple of servers at a hosting facility that is supplying 5-8 IP's, however they will not supply a /29 or /30 via routing. For obvious reasons, I don't want to do NAT. Has anyone found (other than a FreeBSD distro) a small hardware appliance that supports transparent firewall protection? I would prefer a all in one hardware device (not a PC/server with a OS load), a built-in switch/hub would be good, and under $500ish.

Thanks.

 

[Ockie]

Doesn't your host (colocation host) offer firewall services? Most of them should offer that as an additional service.

 

[screwmesa]

Have you checked out Sonicwall's entry level products?

 

[Boscoh]

I dont think you'll find much under $500 dollars, but maybe a little bit above that.

Netscreen 5GT's can do transparent firewalling, I think they'll run a little more than $500.

The PIX 501 and 506e can't do transparent firewalling, but they can route between subnets without having to do NAT if you want to explore that option. A 501 will be around $500, and a 506e will be a few hundred more. If/when the 506e gets PIX 7.0, it'll be able to do transparent L2 firewalling.

You might also check into Fortinet. Their units wont be under $500 (IIRC), but should be competitively priced or less than Netscreen or PIX units. I don't know if they can do L2 firewalling though. It is something I'd check into though, as their units are usually pretty feature-rich.

If none of those 3 vendors can do anything for you, I'd just use FreeBSD.

 

[RokleM]

Have you checked out Sonicwall's entry level products?

I'm actually looking at that now. It looks like they _may_ have some solutions that might work.

I dont think you'll find much under $500 dollars, but maybe a little bit above that.

Netscreen 5GT's can do transparent firewalling, I think they'll run a little more than $500.

The PIX 501 and 506e can't do transparent firewalling, but they can route between subnets without having to do NAT if you want to explore that option. A 501 will be around $500, and a 506e will be a few hundred more. If/when the 506e gets PIX 7.0, it'll be able to do transparent L2 firewalling.

You might also check into Fortinet. Their units wont be under $500 (IIRC), but should be competitively priced or less than Netscreen or PIX units. I don't know if they can do L2 firewalling though. It is something I'd check into though, as their units are usually pretty feature-rich.

If none of those 3 vendors can do anything for you, I'd just use FreeBSD.

I would use no firewall before I resorted to using a Netscreen (no offense). Unfortunately the 506e will not be supported anytime soon, if ever (and you're getting way overcharged btw ). As mentioned, routing isn't really an option, hence the reason I was looking into transparent. Shooting up to a 515e is a little overboard. I know FreeBSD has some solutions, but was trying to avoid another "OS" machine. If it comes down to it, that might be the only solution if Sonicwall falls through. Thanks for the thoughts.

Anyone else have any ideas, or any any experiences (good or bad)?

 

[Boscoh]

You may want to do some research into software bugs and technical support issues before you go with a Sonicwall. I know a lot of people who have put their products in, and yanked them out several months later.

I would do FreeBSD in a heartbeat before I'd ever touch a Sonicwall product.

 

[RokleM]

You may want to do some research into software bugs and technical support issues before you go with a Sonicwall. I know a lot of people who have put their products in, and yanked them out several months later.

I would do FreeBSD in a heartbeat before I'd ever touch a Sonicwall product.

Specifics? Was it a learning curve, software features, bugs, hardware failures?

 

[QwertyJuan]

Specifics? Was it a learning curve, software features, bugs, hardware failures?

As far as I know SonicWall uses a modified Linux core... noway around it... you are gonna get some sorta 'OS'

QJ

 

[RokleM]

As far as I know SonicWall uses a modified Linux core... noway around it... you are gonna get some sorta 'OS'

QJ

However, it's a hardware device, not another server I need to purchase, load, maintain, etc.

 

[Boscoh]

bugs, hardware failures?

Yep. And what is widely regarded as the worst technical support on the planet.