Affordable Hardware Firewalls

[avdven]

Hi, all. I haven't posted in a while, but I have a client with a question.

I recently set up a 40 client/2 server network for this client. Last week, he placed an order to have a T1 pulled to his location. He is, however, somewhat paranoid about external attacks. I installed MS ISA Server onto one of the servers, but he is adamant that he needs a hardware firewall for additional security. The problem is, he does not want to spend too much ($500 or less) and wants more than simply a router with NAT. Does anyone have any suggestions for a managed firewall in that price range? The infrastructure is Dell ProConnect switches (the whole network is running at 100 Mbps) and two Cisco Wireless Access Points for wireless connectivity. Any help you can offer is greatly appreciated.

AJ

[thread_killer]

Well, he's not being picky at all is he? Have you considered a multi-homed P.C. running Linux w/ IP Tables? Here is a link that has several different tools. Here is one for a web enabled log analyzer. You should be able to cobble something together pretty easily with a minimal amount of looking around

[super_phreak]

Have you looked at sonicwall. I believe they make some lower priced low end hardware firewalls. From what I'ev heard they are supposed to be pretty good and even have addons for content filtering and VPN support. Also, I know that severl months back Cisco released a low end PIX. I think is was a PIX 500 or something.

[thread_killer]

You're probably thinking of the 501 which retails for $600. A good vendor though could probably get it in for five hundred. I'm not sure what 505's are going for these days.

[mmelby]

I aggree with thread_killer. I have installed a couple of 501's in small offices. If your client is looking for a hardware solution That is the one I would go with.

[Highlander]

Belive it or not A Linksys DSL/Cable works wonderfully!!!
I have one installed in just a system.
Mine has 3 servers and a bunch of Desktop Stations

I also do the same thing in my shop.

NAT, DHCP, Port Forewarding, etc....
and it is the best $80 you will spend.
Believe it or not, Radio Shack now has them in stock.
I have to spend more money on a monster switch
than a Router.

[hogfly]

AJ: I'd say look into openbsd with pf. Or a sonicwall. A pix would be nice, but any expansion on it will cost an arm and a leg..and afterall, how expandable are they..they run out of room long before a system like openbsd or linux as it were. I know plenty of places that employ linux/bsd as their firewall solutions, as I am sure you do. most HW firewalls are based on bsd anyways..

[Palemoon]

Well one of the best Hardware/Software firewalls I've worked with thought it took a bit of a learning were Watch Guard products from low end to pretty pricy stuff. GUI for network activity both ways was great color coded could tell at a glance what was what. Anyway http://www.watchguard.com/products/ SOHO may be the way to go and their annual advisor service is good as is customer/tech support. My .01 cents

[Nizead]

In terms of good products, I'd agree with Palemoon on his choice of Watchguard. I'm not sure though whether the SOHO 6 will protect this size of network. I had trouble configuring it for my office, although the customer support was 1st class. It turned out that a crossover cable(!!) between the hub and the firewall was what was needed to get connectivity to the outside world!!!!!!!!!!!! The patch cables supplied with the product dodn't work. However, now it's up and running, I'm happy with it. If you can use a SOHO 6, then the budget will remain below $500 - a Firebox will cost a lot more.

[instronics]

www.devil-linux.org

That firewall is really good. Our company and a few of our clients run this firewall, and its really great.

Cheers.