- Posts: 4
- Thank you received: 0
Firewall
21 years 2 months ago #1335
by Savish
Dear Experts
We are a small firm with 4 web servers and 5 other servers that are exposing to out side.
We have only one physical network exposed to out side,all the servers are running on Windows2k and windows2003 with EatherNet Network.
we don't need any VPN
can any one suggest a good hardware firewall within the range of $2500??
At present we have CISCO 2600 series router,And we need to Have automatic failover facility for this firewalls
to serve this purpose we are ready to take 2 firewalls,
Any suggestions will be a great helpfull.
Thanks
Savish :
We are a small firm with 4 web servers and 5 other servers that are exposing to out side.
We have only one physical network exposed to out side,all the servers are running on Windows2k and windows2003 with EatherNet Network.
we don't need any VPN
can any one suggest a good hardware firewall within the range of $2500??
At present we have CISCO 2600 series router,And we need to Have automatic failover facility for this firewalls
to serve this purpose we are ready to take 2 firewalls,
Any suggestions will be a great helpfull.
Thanks
Savish :
21 years 2 months ago #1336
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Firewall
There are various ones out there.
I have used Sonicwalls Pro series that I liked and some of the models fall into the price range you specify (you can get them outside that range also).
I you are only talking about 9 servers, you can get the Sonicwall SOHO series 10 for around 500 dollars and can upgrade for larger amount of users. I use this now and have had it for about 3 years. No problems and in my case I used the VPN option for a couple of years to connect with our offices in NY and we were constantly connected 24/7 with no problems.
I have used Sonicwalls Pro series that I liked and some of the models fall into the price range you specify (you can get them outside that range also).
I you are only talking about 9 servers, you can get the Sonicwall SOHO series 10 for around 500 dollars and can upgrade for larger amount of users. I use this now and have had it for about 3 years. No problems and in my case I used the VPN option for a couple of years to connect with our offices in NY and we were constantly connected 24/7 with no problems.
Thanks,
Tom
21 years 2 months ago #1337
by Savish
Replied by Savish on topic Re: Firewall
Thank you very much for your kind information sir..
Regards
Savish
Regards
Savish
21 years 2 months ago #1339
by tfs
Thanks,
Tom
Replied by tfs on topic Re: Firewall
No problem. Glad to help.
Sahirh will be on board soon and will probably have a few other firewalls he likes, so that should give you some options to choose from.
Also, there are a couple of posts with discussions on firewalls in this forum.
Good luck.
Sahirh will be on board soon and will probably have a few other firewalls he likes, so that should give you some options to choose from.
Also, there are a couple of posts with discussions on firewalls in this forum.
Good luck.
Thanks,
Tom
21 years 2 months ago #1380
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Firewall
Hmm.. heres a list of various firewalls and their corresponding prices :
www.nwfusion.com/bg/firewalls/firewallsr..._tablename=firewalls
For the price you've suggested, I would suggest something from Sonicwall as well, they get good reviews. You can probably pick up Sonicwall Plus for around $2000.. or maybe a Netscreen 10 for a bit higher... you won't need VPN support, so don't buy one of the higher models that includes it by default, it'll just waste your money. Though plan for the future.. you may want to implement a VPN later in which case you'd need to spend more money.
Why don't you consider an application level firewall ?
You said you require redundancy ? Consider this carefully... from a security point of view, installing two of the same type of firewall will give you no redundancy.. if an attacker takes out one box, the other box will be just as vulnerable...
if you're worried about failover due to overloading of the single firewall.. check the traffic rating, you'll probably find that a hardware appliance will comfortably handle most of what you throw at it (as long as you don't go writing pentagon.mil length rulesets).
You could also offload a little bit of processing to the border router.. just chuck out basic stuff like block private IPs coming in from the external interface and block source routing.. chucking those out at the gateway will ease up the firewall a bit (though I really doubt you'll notice any difference.. most of these boxes are very sturdy).
www.nwfusion.com/bg/firewalls/firewallsr..._tablename=firewalls
For the price you've suggested, I would suggest something from Sonicwall as well, they get good reviews. You can probably pick up Sonicwall Plus for around $2000.. or maybe a Netscreen 10 for a bit higher... you won't need VPN support, so don't buy one of the higher models that includes it by default, it'll just waste your money. Though plan for the future.. you may want to implement a VPN later in which case you'd need to spend more money.
Why don't you consider an application level firewall ?
You said you require redundancy ? Consider this carefully... from a security point of view, installing two of the same type of firewall will give you no redundancy.. if an attacker takes out one box, the other box will be just as vulnerable...
if you're worried about failover due to overloading of the single firewall.. check the traffic rating, you'll probably find that a hardware appliance will comfortably handle most of what you throw at it (as long as you don't go writing pentagon.mil length rulesets).
You could also offload a little bit of processing to the border router.. just chuck out basic stuff like block private IPs coming in from the external interface and block source routing.. chucking those out at the gateway will ease up the firewall a bit (though I really doubt you'll notice any difference.. most of these boxes are very sturdy).
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.146 seconds