May 8th, 2004 12:17 AM
Cisco PIX 506E Firewall
Anyone know if this firewall is decent? Are there any better around the same price range? (The Cisco PIX 506E is going for about $850-$999) Any recommendations? This is for a k-8 private school with about 150 PCs. We currently have a Free BSD box acting as the firewall that our ISP manages. After I hounded the IS manager for several months (I'm the system admin.) about our poor security (and after many, many machines being infected and our network being exploited and DOSed) he gave in to buying somehthing more robust and commerical. We are investigating different hardware firewalls and this was the one recommended by our ISP. I personally would like a packet filtering firewall w/ antivirus/Spam filtering/Intrusion detection/and network analysis capabilities (packet analyzation and QoS), and Logging and Reports. Something like the new Symantec firewall device (don't remember the model). That's all I can think of at the moment, but I'm sure I will think of more things later.
Thanks in advance for your comments!
May 8th, 2004 10:10 PM
Right now I think you can pick up the Watchguard Firebox for $1100. With an educational discount or non-profit discount I think it should drop into the range you are talking about. It has the WebBlocker built in but you need the addidional subscription so it'll do the surfing control you want. You can configure the SMTP, FTP and HTTP proxies to filter things pretty much any way you want, it'll handle 150 connections easily too.
I like it, I use a couple of them and they are fairly easy to get the hang of with the GUI. It logs to syslog if you want to which I really like, the proprietary log format is bloody huge, (1+ gig a day on 300 connections whereas the syslog does about 20-30 meg, text with just about everything logged..... I like that.... logs are the key.... If something happens the logs can help you find out what.... Without them you are "blind".
Check it out.... It might suit you..... A lot of my users are schoolkids...... Except they are 30+ years old......
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
May 8th, 2004 10:56 PM
Thank you for your recommendation. I will look into it.
May 12th, 2004 11:56 AM
I can't speak highly enough about the Cisco PIX Firewall series. When I still operated AntiOnline, it was what I used as our border firewall.
"antivirus/Spam filtering/Intrusion detection/and network analysis capabilities "
Yuck. I would STRONGLY recommend against an all-in one combo unit like that. Just the thought sends chills down my spine....
May 12th, 2004 07:44 PM
I would take a look at the CyberGuard FS series. I have used their SL series boxes before. I liked working with them.
May 12th, 2004 09:19 PM
I have to agree with JP - Cisco makes a good firewall and once you get it tweaked how you want it, let it do its job. The box that does all things probably doesn't do all of them well.