Which firewall?
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Which firewall?

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747

    Which firewall?

    Hey guys, I need your opinion on a firewall.

    heres my setup

    Satelite modem - 24 port cisco switch - users

    Now its to the point where we need to have a decent firewall in place to keep our network secure. I need something that will be able to route traffic from the switch to the satellite modem for internet access, and be able to keep our financial data on the network secure.

    our price range is up to $500

    so after the firewall is in place, this is what it would look like

    Satellite modem - firewall -switch - users.

    Nothing to complex, just enough to improve our security.

    The most important thing is for the users on the switch to be able to have access to the internet through the firewall. So I will need to be able to route traffic through the firewall to the modem.

    Also something with a web based set up would be nice. lol I'm not to good with command line set up on cisco products. heres something I was looking at.

    http://www.cdw.com/shop/products/def...spx?EDC=326336

    or

    http://www.cdw.com/shop/products/def...spx?EDC=415245

    or this one

    http://www.cdw.com/shop/products/def...spx?EDC=404780

    Let me know what your professional oppinion would be.

    thanks
    =

  2. #2
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    What is your internet connection type?

    Have you looked into any of the cisco 830 products? ( I know cisco... so I use it.)

    I'm going to replace my 806 with a 831 any day now...

    No worries if you don't know the cisco CLI... they've made it easier for you.

    Cisco Security Device Manager (SDM)—An intuitive, Web-based device management tool embedded within Cisco IOS® access routers
    Simplifies router and security configuration through intelligent wizards

    Enabling customers to quickly and easily deploy, configure and monitor a Cisco 83x0 Series routers without requiring knowledge of Cisco IOS command line interface (CLI)

    Cisco Router Web SetUp Tool

    Allows nontechnical users to complete installation by simply pointing a browser at the router and providing user information
    Check out the features @ http://www.cisco.com/en/US/products/...08010e5c5.html

    I can't wait to get mine.
    Dunno if that would be good for you or not. But, by your described setup... I'd get it.

    And... you can get it for just under or a little over $500 http://google-cnet.com.com/Cisco_831...subj=831_cisco
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  3. #3
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    Internet connection is satellite.

    Same as DSL or cable really but through satellite.

    Thanks for that link phish, I think I'll look into that.
    =

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    ok I have it narrowed down now between your cisco router phish or a watchguard SOHO

    I'm kinda going towards the watchguard due to the fact that it has antivirus capabilities.
    One question I have about both of these, is I shouldn't have a problem hooking a satellite modem on one port(wan port) then using one of the spare ports on the router/firewall then useing once of the ports for network devices into a switch should I?

    Only reason I ask this is cause on some home routers you can't plug a switch or hub, etc into the regular ports on the router. the switch won't recognize it. the only place that you can plug a network device into is the WAN port in order for it to be recognized.

    So do you think that both of those would allow me to plug it into a switch and modem? so in a sense, have two wan ports I guess. One for the internal network and the other for the external network (internet) so that the internal can get outside.

    watchguard
    http://www.cdw.com/shop/products/def...spx?EDC=415245

    cisco
    http://www.cdw.com/shop/products/def...spx?EDC=449437

    once again thanks for you help.

    /edit one last question. lol

    When a hardware firewall says 10 user licenses, do they mean users as in VPN users connecting to the VPN on the firewall or do they mean 10 as in the max number of connections allowed out of the firewall to the internet?
    =

  5. #5
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I can't comment on the watchguard... I've never used one.

    You should be able to connect your modem to the wan port, and then your switch to the lan ports. You won't have two wan ports...

    so, the wan would be your external
    and the lan would be your internal

    if you have any DMZ, then you would just configure that in the router.

    I've never hooked up a satellite modem up to one of these routers... and have no idea how to even configure that. the cisco I pointed you to is good for broadband services... cable and dsl. Not sure if a satellite is configure just like one of those? You may want to call watchgurad or cisco and confirm that they'll work properly. The CRWS has an option to configure cable or dsl... not satellite. so, please confirm that before you get it.

    Here is how I have mine setup

    dsl modem --> cisco 806 wan port --> 24 port switch into one of the lan ports --> pcs into the switch.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  6. #6
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    hmm
    Maybe I'll go with the cisco.
    =

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    144
    just a thought, but a llinux firewall/gateway would also do the trick, and could save you that $500..

    i've had luck with IPCOP it's got a nice web based user interface, easy to use, updates are easy to apply... and it all starts with a pc you have, 2 nic's and a 20mb download.

    http://ipcop.sourceforge.net/cgi-bin.../IPCop/WebHome

    worth a shot... no need for much linux experience either, all actual configuration is done via web interface.

  8. #8
    Senior Member
    Join Date
    Sep 2001
    Posts
    144
    just a thought, but a llinux firewall/gateway would also do the trick, and could save you that $500..

    i've had luck with IPCOP it's got a nice web based user interface, easy to use, updates are easy to apply... and it all starts with a pc you have, 2 nic's and a 20mb download.

    http://ipcop.sourceforge.net/cgi-bin.../IPCop/WebHome

    worth a shot... no need for much linux experience either, all actual configuration is done via web interface.

  9. #9
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Yeah I'd use a nix box for the gateway. You'll get all the throughput you want without Cisco bugs or watchgaurd bugs. You can tighten it down to a nail and even change the ping reply so that anyone outside will think it's a dreamcast or PS2. I did that with my FreeBSD box and it freaks my friends out when they see it.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  10. #10
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    Yeah I'd use a nix box for the gateway. You'll get all the throughput you want without Cisco bugs or watchgaurd bugs. You can tighten it down to a nail and even change the ping reply so that anyone outside will think it's a dreamcast or PS2. I did that with my FreeBSD box and it freaks my friends out when they see it.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •