[TriLUG] Slightly-OT: Firewalls
Chris Bullock
cgbullock at yahoo.com
Tue Apr 19 12:07:11 EDT 2011
We are in the same boat and have been looking at the Cisco ASA 5520 and the
SonicWall E5500. The reporting of the sonicwall is grabbing my attention, from
a managing my users standpoint, it can tell me who/where and how long they have
been on the Internet. The built in outbound URL filtering of the sonicewalls is
a plus for me also. My cisco vendors are quoting me a webSense box to do that.
My reason for going to a appliance platform is that it is openly supported. We
have used opensource firewall/vpn for over 9 years now, but frankly I am getting
tired of the IT department calling me when support is needed. I am hoping the
point and click interface of the ASA or the SonicWall is my answer. Another
good thing about both Cisco and SonicWall is that if you buy their HA package
you only have to put support on 1 box, even though you have 2.
----- Original Message ----
From: "matt at noway2.thruhere.net" <matt at noway2.thruhere.net>
To: trilug at trilug.org
Sent: Mon, April 18, 2011 3:29:05 PM
Subject: [TriLUG] Slightly-OT: Firewalls
I say slightly OT because it isn't necessarily, but could be, Linux based
and will be used in a Linux based network .... I have been looking into
(small business grade) hardware firewalls for a while now and have been
seriously thinking of getting one. Before I make any firm decisions, I
wanted to ask what experience the group has and for any recommendations
for or against.
The basic specs and wish list are:
1 - support for multiple public IP addresses (this puts it outside the
standard home grade)
1A - multiple servers have puplic IP address that would need to be
accounted for in either NAT or PAT* (see below).
2 - VPN for remote access
3 - throughput isn't terribly high (TWC business class)
4 - intrusion detection would be a plus, but isn't necessary at this level.
5 - Cost is a consideration (seem to range $250 - $500 in this end range).
6 - wireless is optional. I would use wireless on one of the VLANs (my
private one), but can just as easily put a simple wireless router in too.
*Note on NAT * - I was watching a youtube video on the ASA 5505 and it
looks like you define two VLANs (one public, one private) and define ACL
rules between them, using the net masks to translate blocks of IPs and
then define the block gateways. Before this, I wasn't even sure how this
would work.
I have been leaning towards a Cisco ASA 5505 series, but I seem to see a
lot of mention for Sonicwall. I have also seen reviews that say stay away
from Sonicwall and go with Cisco. From what I can tell the FortiGate
products seem to be well received, but a little more expensive.
I have considered getting a WRT54 series and putting dd-wrt on it, but I
would prefer something a little more "heavy duty" for this application.
Does anybody have a recommendation that they would be willing to share?
--
This message was sent to: Chris Bullock <cgbullock at yahoo.com>
To unsubscribe, send a blank message to trilug-leave at trilug.org from that
address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web :
http://www.trilug.org/mailman/options/trilug/cgbullock%40yahoo.com
TriLUG FAQ : http://www.trilug.org/wiki/Frequently_Asked_Questions
More information about the TriLUG
mailing list