Results 1 to 10 of 10

Thread: Alll in one solution

  1. #1
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211

    Alll in one solution

    hi guys,

    looking for some recommendations/advice really?

    our corporate network consists of 4 sites in a routed environement.

    We have on corporate bastion edge firewall (ISA 2004).

    We use various AV solutions/Spam etc.

    We are looking to pruchase an all in one IDS/IPS/web content filtering, AV/Anti SPam solution all in one box.

    Si this possible, is ther one out there ?

    We dont want the firewall funstions as we use ISA 2004 so if this feture comes with it we need to be able to disable it.

    the IDS must work in a routed environement if not then obviously we will need a box for each site ? we want to stop drive by downloads, malware, adware etc

    is this possible ? any recommendations,solutions out there ?



    regards
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  2. #2
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    Check out Astaro Security Linux? www.astaro.com

    Not so sure about the spam function as the box would have to be a mail router to process the messages.
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    I'd use several dedicated boxes..

    First reason, prevent SPF (Single Point of Failure) if this all-in-one box dies you'll be left with nothing.. It'll happen sooner or later..
    Second reason, you can choose the best bang for your money per function..
    Third, it's way more scalable.. You can replace parts like lego bricks..

    NB I'd also never ever use ISA as a firewall. It's a good proxy but the firewall is based on the IP stack of windows So i'd use a dedicated hardware firewall like Cisco's PIX, Checkpoint FW/1 (on Nokia hardware) or a Netscreen..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Member
    Join Date
    Sep 2005
    Posts
    77
    I would suggest a Fortinet box. Maybe a Fortinet-60 depending on the size of those 4 sites and their bandwidth consumption. We use them regularly and they have pretty much every feature you could want .....all for a good price.

    Here are some of the features:

    *Provides complete real-time network protection through a combination of network-based antivirus, web/URL and email content filtering, firewall, VPN, dynamic intrusion detection and prevention(IDS/IPS), and traffic shaping.
    *Eliminates viruses and worms from email (Gateway Antivirus), file transfer, and real-time (Web) traffic
    *Dual WAN ports support redundant, load-balanced links to multiple ISPs
    *Integrated 4-port switch eliminates the need for external switches and provides enhanced fan-out
    *Underlying FortiOS™ operating system is ICSA-certified for Antivirus, Firewall, IPSec VPN, and Intrusion Detection
    *Web-based graphical user interface and content filtering supports multiple languages
    *Granular Blocking & Filtering - Provides fast and easy way to select Web categories to allow, log, or block


    Some of the other models provide other/more features including wireless (eeeek!).

    Its an easy box to manage as well... easy to set up and manage (great GUI).
    For cost, easy of use, and total features... I don't think you can beat it.
    I just saw a thread recently in SecurityFocus that asked the same question and
    a large percentage of the responses hailed the Fortinet. I am pretty sure they
    will send you out some demo boxes if you are interested to test.

    As for the Single Point of Failure issue that Sir Dice raised, I have seen clients run two of these boxes parrallel for that very reason. The second box's config is simply mirrored from the first one's. This is a bit more practical (for small and medium sized companies) than it sounds due to their overall lower cost.
    %42%75%75%75%75%72%70%21%00

  5. #5
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    I agree with SirDice, if anything happens to your "all in one" solution everything stops. Probably not a good thing

    Some things to look at would be combining some funtions like anti-vuirus and anti-spam. Two products I am familliar with are Brightmail (runs on Linux or Windows) and Tumbleweed (runs on Windows). Both products allow for redundancy so you can drastically minimize downtime.

    For IDS/IPS I kinda like appliances (less admin hassle), I have used Tipping point which seems to work very well. (can also be set up for redundancy)

    I think content filtering is a different animal and again needs it's own box. There are LOTS of options for that. The one I am familliar with is Websense. They have several different options for implimentation. The one I have implimented most is a PIX firewall pointing to Websense running on a Windows box. The PIX would be redundant but the Websense box is not as that funtion is far less critical and can be configured to bypass if a problem arises.

    You will note a theme of redundancy here . If your Internet traffic (browsing, email, ftp, B2B, VPN) is critial to your company then you don't want that stuff to stop working because there is a problem with one of your security/protection functions.

    I am not familliar with the Fortinet box that Eyecre8 is suggesting but if they can be set up for redundant boxes it might be interesting to look at.

    Just my thoughts...

    m2
    Work... Some days it's just not worth chewing through the restraints...

  6. #6
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    I would go with the multiple box approach. Either by haveing one system duplicated or by having your services spread over two or more servers. what it depends on is how buissness critical are each of the different services and how much of a budget you have. I have some experiance with Tumbleweed and it worked ok for us. but we had centralised our services. All internet activity and mail came throught or main site and was then distributed to our other sites.
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  7. #7
    Senior Member geepod's Avatar
    Join Date
    Jun 2002
    Posts
    211
    hi guys,

    thansk for your responses, very useful. Yes ideally a multi box approach would be great and preferred, however the "BOSS" wants all in one solution in his define wisdom.

    So we are tryng our best to accomodate and research such an appliance. So far the astaro is looking like the kiddie, we did get some recommendations from a reseller offering fortinet but we coudlnt find any good review on it.

    Astaro are looking like what we watn at the moment unless anyone has any thing further to add.


    we are basically looking for the following (IDS/IPS,Anti spam, web content filter, etc) and be able to accomodate the following:

    Can it sit inline with an ISA 2004 comfortable, we use ISA 2004 as our edge firewall?

    Can you disable the firewall feature so we can continue to just use ISA 2004?

    Does it comfortable handle drive by downloads?

    Can any one of the features be disabled if not required?

    Does it offer IDS as well as IPS?

    Also does the IPS/IDS work in a routed environment or would we need one in each site?

    We have 4 sites (subnetted) who all use the same edge firewall/gateway to the outside world
    Our destiny is to endure all hardships that we encounter along the path to what we perceive to be true and worthwhile !

    The Head foundation
    Please give generously

  8. #8
    Junior Member
    Join Date
    May 2006
    Posts
    11
    I see this thread is almost a month old so you may have made a purchase already, but you may want to check out SonicWall too. I've not used it for all of those purposes, but I believe that it will do everything you need. I don't know about "disabling" the firewall, but you certainly could open it wide up if nothing else.

  9. #9
    Yes, that's my CC number! 576869746568617's Avatar
    Join Date
    Dec 2003
    Location
    Earth
    Posts
    397
    You're right ChronoSec, a SonicWall will do all of these. Also, geepod, as SirDice recommended, I would not use the ISA as the perimeter firewall. Instead of disabling the firewall functionality, why not layer the ISA behind the SonicWall.

    Use the Sonicwall as the perimeter firewall, and simply select the "Back Firewall" configuration on ISA 2004. This is fairly strait forward to do, and will provide your network with a nice little buffer zone between the two. Then you can use ISA where it really does good things, like web caching and egress filtering. I personally wouldn't use it as my only ingress filter...have been bitten more than once due to that.
    Windows 9x: n. A collection of 32 bit extensions and a graphical shell for a 16 bit patch to an 8 bit operating system originally coded for a 4 bit microprocessor. Written by a 2 bit company that can\'t stand 1 bit of competition.


  10. #10
    Senior Member
    Join Date
    Mar 2003
    Posts
    372
    Sonicwall
    Fortinet
    Cisco ASA


    I'm not sure of your budget but those are the three devices that we looked at about 6 months ago. We wound up going with the Fortinets though since we already have a ton of them in our network. Sonicwall was a close runner up for us.

    Cisco ASA = suck... at least in the beta stage they did. We had to have a dev engineer come out to set it up and we are almost a full "Powered By Cisco" site O_O We have three CISSE's on site and they couldn't get the thing working properly. Even the dev engineer had problems. If you are hell bent on Cisco though then you should at least check them out.


    /we got 8 Fortinet 3000's for this project

    Give a man a match and he will be warm for a while, light him on fire and he will be warm for the rest of his life.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •