Small Business Firewall

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
Hello
I need recommendation on a solid firewall which does not require yearly licenses like sonicwall, can be rackmounted, and is under $700

# of Users: 5
# of Servers: 2

Thxs

- AMD_RULES
 

MorfiusX

2[H]4U
Joined
Feb 13, 2004
Messages
3,007
You are going to be hard pressed to find a rack mount solution for under $700. I have used most of the ones available. For ~$700:

Cisco - ASA 5505
CheckPoint - VPN-1 Edge (Several Models)
Endian - Build a Mini-ITX system

For such a small deployment, I would look into build a 1U Mini-ITX machine and use Endian. You are going to get way more features than a regular commercial product.
 

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
You are going to be hard pressed to find a rack mount solution for under $700. I have used most of the ones available. For ~$700:

Cisco - ASA 5505
CheckPoint - VPN-1 Edge (Several Models)
Endian - Build a Mini-ITX system

For such a small deployment, I would look into build a 1U Mini-ITX machine and use Endian. You are going to get way more features than a regular commercial product.
will the endian box give me support for VPN?
This is actually a bit above my budget, but i am also
looking for VPN support so how would this work?

http://www.newegg.com/Product/Product.aspx?Item=N82E16899995001
 

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
What features are you looking for?
Linksys/Cisco RV082 or RV016 series are solid, fast, stable. They come with rack mount ears..take up 1U. Under 300 and 400 bucks respectively.
 

(V)andopr77

Limp Gawd
Joined
Feb 28, 2005
Messages
213
For such a small deployment, I would look into build a 1U Mini-ITX machine and use Endian. You are going to get way more features than a regular commercial product.

I agree 100%. This is what I build for almost all of my clients with much larger networks than this. Endian FTW!
 

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
What features are you looking for?
Linksys/Cisco RV082 or RV016 series are solid, fast, stable. They come with rack mount ears..take up 1U. Under 300 and 400 bucks respectively.
I'm looking for the classic firewall protection from viruses, spyware, and that sort of crap.
Also looking for VPN so i can access my server and desktops from home.
I agree 100%. This is what I build for almost all of my clients with much larger networks than this. Endian FTW!
if it is so good, could you please explain in what ways and features it has plz?
 

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
If you're looking for UTM features (unified threat management)...I also agree...Endian....or....IPCop with the Copfilter add-on. (which is what Endian is based on).

http://www.endian.it/

Can read about the features there...I've built a few....great package. Pickup a 1U upper P3 or a P4 server with a gig and 2x onboard NICs.
 

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
yes I am looking for UTM like Sonicwall has, but I do not want to pay for yearly licenses.
They are pricy
 

MorfiusX

2[H]4U
Joined
Feb 13, 2004
Messages
3,007
I'm looking for the classic firewall protection from viruses, spyware, and that sort of crap.
Also looking for VPN so i can access my server and desktops from home.

if it is so good, could you please explain in what ways and features it has plz?

Yes, it is capable of Client Mode VPN, and Site to Site VPN. Some the features it has:

Spam Filtering
Virus Filtering
Proxy
HTTP Content Filtering
DMZ (multiple routed/firewalled interfaces)
Traffic Shaping
DDNS Support


Endian can be purchased as an appliance, or you can use the community (free) version on and x86 system you have. If you need a rack mount solution, that's where the Mini-ITX system comes into play.
 

MorfiusX

2[H]4U
Joined
Feb 13, 2004
Messages
3,007

Unless they have change, it's not worth what they are asking. I inquired about being a reseller. The systems started around $700-$800 for the smallest one. For that price, most of my customers would rather go with something like an ASA. Where I have primarily installed Endian is places that need the features, but can't really pay for a name brand. We usually use a spare or old PC, which all you really need.
 

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
i think i will consider Endian.
Would you say it's pretty straight foward to configure?

Also, recommend some parts to built an itx 1u system
 

swatbat

[H]F Junkie
Joined
Apr 25, 2001
Messages
12,967
Last time I tried to do this on a via based system I wasn't impressed with the results. As I tried to turn on the extra features and everything it just couldn't handle it. I was using an 800 mhz via board at the time, new ones may handle it better. I would personaly buy a cheap p4 based 1u server and load it on there. Hell throw a 3ghz celeron it or something even. Should be able to hit under that 700 dollar figure.

As far as people that say us an old box I really am against this. Sure if the OP wants to play with it first this can be a good move. For a business though I would go with something new.
 

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
i think i will consider Endian.
Would you say it's pretty straight foward to configure?

Also, recommend some parts to built an itx 1u system

Yes it is...you download, burn ISO to CD...boot from CD....it goes through an install wizard like most of the other linux distros. The install wizard holds your hand through the entire setup..and you manage the appliance through your web browser like any home grade router.
 

MixManSC

║▌║█║▌│║▌║▌█
Staff member
Joined
Aug 12, 2004
Messages
7,110
Juniper SSG-5

I also agree with the Juniper. I just replaced and aging GTA GB1000R with Juniper Netscreen 5GT Unrestricted. It's very small as is the SSG-5 but both have an optional rackmount kit available for them. The one I bought is rock solid, easy to configure, and like a firewall should be.... is quickly forgotten about once it's configured and up and running. Also - as a bonus it also has a serial port and fully supports a dial up modem for use as an automatic failover if the main internet connection goes down. While it's a slow backup plan it still get us on the web to send emails and do some very slow browsing in a emergency. It also will automatically switch back as soon as the high speed connection comes back.
 

YeOldeStonecat

[H]F Junkie
Joined
Jul 19, 2004
Messages
11,330
As an added vote for Juniper....probably above the budget for the OP here..but I can state that, after my first experience with Juniper a few months ago...I've very...VERY pleased with Juniper. I'd done VPNs with lots of various appliances, Cisco PIX 501s, Sonicwall SOHO and TZs, down to entry levels with Linksys/Cisco RV0 and Nutgear boxes, etc etc. I had a client with a growing fleet of mobile nurses with their laptops..heavy VPN demands, I got sick of the PIX 501 issues, upgraded to an RV016..which ran OK until it started getting near maxed out (upgrade of 50x user license). Recently got them to bite the bullet and spend a couple of grand on a Juniper sa500 SSL VPN box.

From day 1..impressed. The few phone calls to support in my learning curve...fantastic support. Stability of the unit...fantastic, since the first week of setting it up back then...I haven't rebooted it yet.

Stability of VPN program for the clients? Rock stable...I've not had one_single_support phone call from the nursing staff since I implemented this appliance and rolled them all over to it. With prior brands, I'd have a couple per month..which often required just an uninstall/reinstall of the client software, especially the Cisco VPN client..ugh.

"2x Thumbs Up" from me..regarding Juniper. Based on just my first install of one...it's now my favorite brand, and will be my first recommendation from now on...for clients that can squeeze the cabbage for one.
 

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
Juniper SSG-5

That is an excellent choice for a small business.

Yes it is...you download, burn ISO to CD...boot from CD....it goes through an install wizard like most of the other linux distros. The install wizard holds your hand through the entire setup..and you manage the appliance through your web browser like any home grade router.

I also agree with the Juniper. I just replaced and aging GTA GB1000R with Juniper Netscreen 5GT Unrestricted. It's very small as is the SSG-5 but both have an optional rackmount kit available for them. The one I bought is rock solid, easy to configure, and like a firewall should be.... is quickly forgotten about once it's configured and up and running. Also - as a bonus it also has a serial port and fully supports a dial up modem for use as an automatic failover if the main internet connection goes down. While it's a slow backup plan it still get us on the web to send emails and do some very slow browsing in a emergency. It also will automatically switch back as soon as the high speed connection comes back.

As an added vote for Juniper....probably above the budget for the OP here..but I can state that, after my first experience with Juniper a few months ago...I've very...VERY pleased with Juniper. I'd done VPNs with lots of various appliances, Cisco PIX 501s, Sonicwall SOHO and TZs, down to entry levels with Linksys/Cisco RV0 and Nutgear boxes, etc etc. I had a client with a growing fleet of mobile nurses with their laptops..heavy VPN demands, I got sick of the PIX 501 issues, upgraded to an RV016..which ran OK until it started getting near maxed out (upgrade of 50x user license). Recently got them to bite the bullet and spend a couple of grand on a Juniper sa500 SSL VPN box.

From day 1..impressed. The few phone calls to support in my learning curve...fantastic support. Stability of the unit...fantastic, since the first week of setting it up back then...I haven't rebooted it yet.

Stability of VPN program for the clients? Rock stable...I've not had one_single_support phone call from the nursing staff since I implemented this appliance and rolled them all over to it. With prior brands, I'd have a couple per month..which often required just an uninstall/reinstall of the client software, especially the Cisco VPN client..ugh.

"2x Thumbs Up" from me..regarding Juniper. Based on just my first install of one...it's now my favorite brand, and will be my first recommendation from now on...for clients that can squeeze the cabbage for one.

Well it sounds like this is the best option for me. I can go over $700, but I would like to keep it under $1200.

Which model would be the best for my needs/requirements?
 

MixManSC

║▌║█║▌│║▌║▌█
Staff member
Joined
Aug 12, 2004
Messages
7,110
For 2 servers and 5 users - that happens to be exactly what I have here at my shop... The Netscreen 5 or SSG 5 series will be more than sufficient for your needs. I got the Netscreen 5GT Plus for here. The additional features like anti spam, antivirus, web filtering, do cost extra though and those features do have a yearly subscription fee. I think those features are subscription based on just about any business class firewall though as they need frequent updates to be effective.
 

K1llaB

Limp Gawd
Joined
Oct 13, 2001
Messages
356
the old netscreen 5's would meet your needs, & u can prolly find em cheap on ebay. Back in the day netscreen gave us a couple to take home & use for word of mouth recommendations. The new line is the ssg's but i havent priced the 5, hoping sales guy hooks me up for house. i just bought a ssg20 for our lab & after discount it was under $600 i think, so i assume the ssg5 has to be around $200-350 range. ive deployed everything from a ns50 to 508 to isg2000 to 5200. hands down the boxes get the job done.
 

AMD_RULES

2[H]4U
Joined
Mar 26, 2007
Messages
3,010
For 2 servers and 5 users - that happens to be exactly what I have here at my shop... The Netscreen 5 or SSG 5 series will be more than sufficient for your needs. I got the Netscreen 5GT Plus for here. The additional features like anti spam, antivirus, web filtering, do cost extra though and those features do have a yearly subscription fee. I think those features are subscription based on just about any business class firewall though as they need frequent updates to be effective.

good point
I've actually made up my mind and i'm increasing my budget on it to get the Sonicwall 3060 Pro which costs $2480 and I will pay for the yearly license which is $140
 

cyr0n_k0r

Supreme [H]ardness
Joined
Mar 30, 2001
Messages
5,358
http://www.hotbrick.com

I have the small business version of their dual wan router firewall and it has been GREAT

They have a 1U rackmount version right at about the price you are looking for.
 
Top