Need a good managed firewall

0ldman

2[H]4U
Joined
Sep 6, 2001
Messages
3,565
I need recommendations on a firewall with realtime intrusion detection, spyware and virus filtering is a definate plus.
I'm looking at a ZyXEL.

http://www.newegg.com/Product/Product.asp?item=N82E16833181022

This is for a GM dealership if anyone has had to meet those requirements.

http://www.gmde.net/security/

About 7 PC's on the network, DSL connection, small dealership. They've got to spend some and get a good firewall, but they aren't made of money.
Thanks!
 
I really need this as a standalone device rather than a Linux x86 box. Endian and Clarkconnect were my first thoughts.

The problem is federal requirements for financial institutions. I don't want to get into the Linux vs brandX firewall argument with GM Corporate.
 
i cant see GM corporate getting involved in what firewall solution a dealership chooses. dealerships are independantly owned an operated apart from GM. if i had to buy something (and me personally, i never would), i woudlnt get anything other than linksys, simply for their direct line into the cisco family.

i consulted at a site recently, and they had some "bobs cool firewall company" box there, and it was the giantest piece of garbage ever.

if they are really on a budget, any workable x86 box running pfsense would compete feature for feature against the most costly cisco's, and since its BSD, it would not fall under SCOs visions of grandeur.

(and GM corporate doesnt get involved my my 8-5 job's affairs, and we interface to their financial grid pretty much the way a dealership does, but instead of cars, we either make their advertising (commercials, print media, etc etc), or buy the air time or pages where they are shown. other than us delivering on the SLA, they couldnt give a crap what we run).
 
Also, Endian does have their software in an appliance as well. We use Cisco, but Endian has got to be cheaper, and I would think probably just as good, if not hardier against attacks. Cue the experts to confirm/rebuff.
 
Sharaz Jek said:
i cant see GM corporate getting involved in what firewall solution a dealership chooses. dealerships are independantly owned an operated apart from GM. if i had to buy something (and me personally, i never would), i woudlnt get anything other than linksys, simply for their direct line into the cisco family.

i consulted at a site recently, and they had some "bobs cool firewall company" box there, and it was the giantest piece of garbage ever.

if they are really on a budget, any workable x86 box running pfsense would compete feature for feature against the most costly cisco's, and since its BSD, it would not fall under SCOs visions of grandeur.

(and GM corporate doesnt get involved my my 8-5 job's affairs, and we interface to their financial grid pretty much the way a dealership does, but instead of cars, we either make their advertising (commercials, print media, etc etc), or buy the air time or pages where they are shown. other than us delivering on the SLA, they couldnt give a crap what we run).
I hear you on Linksys, but I've changed that way of thinking myself. Too many craptacular Linksys SOHO's lately.
GM may not have much to say about this, I guess I need to read further. The requirements themselves are federal, not GM. This is due to having people's financial info, SSN, credit reports, financing, etc, on file.

I guess the base requirement really is a firewall that will notify me of an intrusion attempt, the smaller the better, but I might give more thought to a linux box.
 
to clarify, what i said about my preference for linksys, probaby came out backwards sounding. what i meant was, *if* i had to buy something off the shelf at best buy, it would only be linksys. their interfaces are straight forward, and their equipment relativly reliable. my 2nd choice would be netgear, but would try several stores until i found a suitable linksys first.

another thing to consider, if data were to ever be compromised, it would not be the fault of whatever firewall you choose. it would either be the fault of your mis-configuration of the firewall, or the poor transport of the data that somewhere outside your management footprint, (ie, the data was compromised because of unencrypted transmissions).

finally, the opensource firewall i would recommend, is called pfsense (www.pfsense.org). it is not based on linux, but FreeBSD. i dont know of any other opensource firewall (well, other than monowall, which pfsense is based) that has as many firewalling/routing/vpn features as pfsense. dont let the BSD base scare you, it installs so easy, my dad can do it. if you ever want to test fire pfsense, hit me up on aim/yahoo and i can give you some tips.

cheers,
 
Being a business network...I wouldn't use a home grade model that you could purchase off the shelf of worst buy or compuke usa.....they'll just have the home grade models, I've not seen the more SOHO/Small business models there..such as the RV0 series....which is what I often use.

However..if you want antivirus, anti-spam, anti-malware scanning at the transparent proxy level (UTM features)...you won't find that there either...if on budget, you're stuck with a *nix router such as Endian or IPCop w/copfilter, or..anti up some cash in a honking UTM (unified threat management) router that has a comma in the price tag. But the OP said something about having to remain on a budget..so that throws out the UTM router idea.
 
Sharaz Jek said:
i cant see GM corporate getting involved in what firewall solution a dealership chooses. dealerships are independantly owned an operated apart from GM. if i had to buy something (and me personally, i never would), i woudlnt get anything other than linksys, simply for their direct line into the cisco family.

While dealerships are independantly owned and operated apart from GM, I'm sure there's lots of services that require access to their network, like GMAC.

I worked at a BMW dealer, and we were required to have a T1 (which BMW pays for, thankfully) to their financial services network, and in order to stay "compliant" we had to use a particlar Cisco 1720 router that we had to buy. Fortunately, that was all established prior to my hiring there, but still. This is probably close to where 0ldman's at.
 
The budget isn't huge, but not a $200 limit either, throw me some ideas. I've got three dealerships. Price is a concern, but it has to be right. Spyware/virus filtering is a concern.

I've found some stuff ranging from $10k to $500 that should do the trick, looking for input from you guys that have done similar work. They'll spend money if they have to, but the $10k devices are overkill, regardless of if they will bite.

The largest network has about 10 PC's and they're on DSL, I think 3mb.

That ZyXEL firewall I linked to in the first post looks to have more features than anything else in the price range, but I haven't dealt with ZyXEL before, dunno the quality.
 
Those SonicWALL look good and are cheap too, but the ZyXEL looks good as well, at a higher price.

Anyone used either?
 
0ldman said:
The budget isn't huge, but not a $200 limit either, throw me some ideas. I've got three dealerships. Price is a concern, but it has to be right. Spyware/virus filtering is a concern.

I've found some stuff ranging from $10k to $500 that should do the trick, looking for input from you guys that have done similar work. They'll spend money if they have to, but the $10k devices are overkill, regardless of if they will bite.

The largest network has about 10 PC's and they're on DSL, I think 3mb.

That ZyXEL firewall I linked to in the first post looks to have more features than anything else in the price range, but I haven't dealt with ZyXEL before, dunno the quality.

If AV filtering is important I'd recomend the SonicWalls as well. For less than 10 users the device will be under $500 with yearly maintenance of $150 or so. (Guessing on both) Solid boxes that are easy to use.


 
Back
Top