Affordable Hardware Firewalls

**meloncholy** · March 11th, 2003, 03:39 PM

Like Highlander said, the Lynksys DSL/Cable router works great. Wallwatcher.com has a free downloadable app (log files) that works with the Lynksys which is pretty cool.

***avdven*** · March 11th, 2003, 03:53 PM

I originally suggested to the client to go with a *nix box running IPTables, but he was reluctant to do it because of the support issues. While I could easily support it, I only have a short-term contract with this client because he wants to do the maintenance himself once it's up and running.

Based upon everyone's recommendations, I'm looking at the Cisco firewall, as well some of Soinicwall's products. I'm running Linksys products for my one of my home networks, but I'm reluctant to go with a SOHO solution such as Linksys for a larger network. If anyone has any further recommendations, though, I'd love to hear them.

AJ

**meloncholy** · March 11th, 2003, 03:57 PM

What Cisco firewall are you looking at that cost less than $500? Please tell....

**brandon64_99** · March 31st, 2003, 04:18 AM

If there are any Catalyst switches located withhin the catchment areas, or in his area, I would suggest putting the guy's sever on a VLAN. However, Cisco 2500 routers can be purchased on Ebay cheaply now. Range of 250-400. I would invest in a Cisco 2500 router, get the latest IOS, and install some extended ACLs. That should be all the security the guy needs, as long as the system is fairly secure. Either do this or invest in what super_phreak had to offer up above^, it seemed like a good bet also.

**VicE$DoS$** · March 31st, 2003, 09:36 AM

For a small appliance firewall its gotta be one of the following

NetScreen 5XT [URL=http//www.netscreen.com[/URL]

Sonicwall Soho appliance [URL=http://www.sonicwall.com[/URL]

Watchguard (er..the small boxes) [URL=http://www.watchguard.com[/URL]

Checkpoint Sofaware [URL=http://www.sofaware.com[/URL]

Intrusion [URL=http://www.intrusion.com[/URL]

Forget the little Nokia (IP110) there too expensive.

I dont think for $500 your gonna get a managed firewall but these things are so 'dumb' user friendly your client wont need to worry. I personally recommend either the Netscreen or the Checkpoint Sofaware unit.

**iNViCTuS** · March 31st, 2003, 06:36 PM

Originally posted here by brandon64_99
I would invest in a Cisco 2500 router, get the latest IOS, and install some extended ACLs. That should be all the security the guy needs, as long as the system is fairly secure.

Wrong!!!

Cisco ACL's will not provide you with Stateful Inspection firewalling. It will give you the ability to filter traffic, which is better than nothing, but I would not consider a Cisco router to be a replacement for a firewall.

I would agree with some of the previous posts that a PIX 501 is probably the way to go for the $$, but I think there is a much more user-friendly choice in a Checkpoint solution on an S-Box platform. (As the previous post states)

http://www.sofaware.com/

**d0ppelg@nger** · March 31st, 2003, 07:14 PM

Originally posted here by avdven
I originally suggested to the client to go with a *nix box running IPTables, but he was reluctant to do it because of the support issues. While I could easily support it, I only have a short-term contract with this client because he wants to do the maintenance himself once it's up and running.

AJ

It appears that your customer is out of luck no matter what you do, seeing that
A. He/She didn't know enough to install their own network, that's why you have a job
B. If they could not perform job A, then there is no CHEAP firewall solution that a non technical person is
going to be able to maintain.

If you go with a Cisco firewall, then the customer is going to have to know how to use the CLI or the GUI that cisco has built to help configure PIX commands. This job is not for the faint of heart, it's easy but it's very technical.

The answer appears that you will need to go with some sort of *nix firewall with a simple web frontend in order for the customer to be able to maintain it himself/herself.

Also if you find a Cisco firewall for ~$500 you need to let everyone know where you found it. You won't find one of those, legit, for around ~$500. Unless it's the older PIX Classic, which has been EOL (end of lifed) years ago. Not too mention Cisco support for the product, which is optional. Your looking at over $500 alone for Cisco Service Agreement for one year....

Just my 2 cents....

**iNViCTuS** · March 31st, 2003, 07:40 PM

Originally posted here by d0ppelg@nger

Also if you find a Cisco firewall for ~$500 you need to let everyone know where you found it. You won't find one of those, legit, for around ~$500. Unless it's the older PIX Classic, which has been EOL (end of lifed) years ago. Not too mention Cisco support for the product, which is optional. Your looking at over $500 alone for Cisco Service Agreement for one year....

The PIX 501 is a SOHO firewall that can be found in most places in the ~$500 range.

here ya go:
http://www.cdw.com/shop/products/default.asp?EDC=329744

What is a PIX classic?

**d0ppelg@nger** · March 31st, 2003, 08:07 PM

The PIX Classic was the PIX before models 520 and 515. It was around about 4-5 years ago. Cisco EOL it a couple of years ago. The reason I know about it was because I had one. It cratered on me and since Cisco EOL it, they gave me a PIX-520 for a replacement. I guess I had never looked at the PIX 501. Looking at our pricing sheet I can get one for ~$400 for DES capable and ~$485 for 3DES capable 501's. I'm always looking at the 515 and higher models...

That would be the way to go for a small office. Here is the spec sheet on the 501

Cisco PIX 501 Data
Cisco 501 PDF Doc

**iNViCTuS** · March 31st, 2003, 08:10 PM

Yeah...I know what you mean...

I actually have 4 PIX 535's that are going to be doorstops soon. What a waste...

Thread: Affordable Hardware Firewalls

Thread Tools

Display

Posting Permissions