The best hardware firewall

[Blunted One]

I currently am facing a decision at my job and trying to decide which is the right path for a new hardware firewall to replace our old Watchguard Firebox III/700.

Since our service/support contract has finally run out on our Watchguard Firewall the company feels it is about time we upgrade. The company has slowly been approaching 50 employees as well as it has a few clients and people who access our network remotely to work on and check on projects. I have been given the task of finding the best firewall in terms of features, flexibility and of course money. I have been looking through a number of sites and have been getting a lot of mixed reviews on products. One product I have been looking at is the Sonicwall 2040 as it has a nice balance of features and usually gets good marks for set-up, easy of use, and features. However I wanted to ask you guys the AntiOnline community who I feel have more in depth knowledge on this subject. I appreciate any input or thoughts you may have on this subject and it would definatly help me out in making a smart and decisive decision.

Also if you know what types of extra service/support/upgraded OS to get for the firewalls that would also help me out a lot to decide what are key things to get alongside a new hardware firewall. Sonicwall offers things such as an enhanced OS, but I am not sure if I need something extra like that or if just the hardware and service/support is enough.

[Spekter1080]

Well, I definitely suggest SonicWall. It is a solid firewall and I have not heard any complaints about it other than frustrated kids who cannot get around it...lol. If set up right, the newest SonicWall should perform well.

AS for operating systems, I would make sure that you have everything current for good measure although I believe everything would run fine on win2K. I have not heard that one would need any support software or anything however. I would continue researching and listening to this thread. I believe you have a good start.

[Synja]

Sonicwall in conjuction with Snort. Just a basic Sonicwall.


Add in good domain and local security policies, and you're all set. The point of the firewall is notihing more than traffic control. Security comes from within.

[Spekter1080]

Originally posted here by Synja
Sonicwall in conjuction with Snort. Just a basic Sonicwall.


Add in good domain and local security policies, and you're all set. The point of the firewall is notihing more than traffic control. Security comes from within.

I haven't heard of Snort before, but I agree with you on the addition of policies...

[C4573R 7R0Y]

Never heard of Snort before?!? got to snort.org

Its the best IDS out there.

[Spekter1080]

I don't know how I haven't heard of it (go figure), but it looks amazing.

[MrCoffee]

I have found SonicWall's boxes to be very solid. The only complaint I have is with their customer support. I had one box die a while back, and they sent me no less then 3 replacements that all failed. It seem that at times they will send refurb's out as replacements.

Other then that one problem, the rest have all been rock solid.

[organ]

disregard, sorry.

[kcore]

I've always been a fan of Checkpoint's firewall. It's not bad.

Definately place some sort of IDS/IPS on the interior side of your firewall (let the firewall do it's job, sniff what is getting through), Snort is definately the best one. www.snort.org/dl

[mencken]

I have had a great run with Netscreens. They have nice large office units and the 5g units are great small office devices. The small office ones can be run in high availability mode which was a must for me at the time.

-m