[TriLUG] Slightly-OT: Firewalls

Chris Bullock cgbullock at yahoo.com
Tue Apr 19 12:07:11 EDT 2011 

We are in the same boat and have been looking at the Cisco ASA 5520 and the 
SonicWall E5500.  The reporting of the sonicwall is grabbing my attention, from 
a managing my users standpoint, it can tell me who/where and how long they have 
been on the Internet.  The built in outbound URL filtering of the sonicewalls is 
a plus for me also.  My cisco vendors are quoting me a webSense box to do that.  
My reason for going to a appliance platform is that it is openly supported.  We 
have used opensource firewall/vpn for over 9 years now, but frankly I am getting 
tired of the IT department calling me when support is needed.  I am hoping the 
point and click interface of the ASA or the SonicWall is my answer.  Another 
good thing about both Cisco and SonicWall is that if you buy their HA package 
you only have to put support on 1 box, even though you have 2.



----- Original Message ----
From: "matt at noway2.thruhere.net" <matt at noway2.thruhere.net>
To: trilug at trilug.org
Sent: Mon, April 18, 2011 3:29:05 PM
Subject: [TriLUG] Slightly-OT: Firewalls

I say slightly OT because it isn't necessarily, but could be, Linux based
and will be used in a Linux based network ....  I have been looking into
(small business grade) hardware firewalls for a while now and have been
seriously thinking of getting one.  Before I make any firm decisions, I
wanted to ask what experience the group has and for any recommendations
for or against.

The basic specs and wish list are:
1 - support for multiple public IP addresses (this puts it outside the
standard home grade)
1A - multiple servers have puplic IP address that would need to be
accounted for in either NAT or PAT* (see below).
2 - VPN for remote access
3 - throughput isn't terribly high (TWC business class)
4 - intrusion detection would be a plus, but isn't necessary at this level.
5 - Cost is a consideration (seem to range $250 - $500 in this end range).
6 - wireless is optional.  I would use wireless on one of the VLANs (my
private one), but can just as easily put a simple wireless router in too.

*Note on NAT * - I was watching a youtube video on the ASA 5505 and it
looks like you define two VLANs (one public, one private) and define ACL
rules between them, using the net masks to translate blocks of IPs and
then define the block gateways.  Before this, I wasn't even sure how this
would work.

I have been leaning towards a Cisco ASA 5505 series, but I seem to see a
lot of mention for Sonicwall.  I have also seen reviews that say stay away
from Sonicwall and go with Cisco.  From what I can tell the FortiGate
products seem to be well received, but a little more expensive.

I have considered getting a WRT54 series and putting dd-wrt on it, but I
would prefer something a little more "heavy duty" for this application.

Does anybody have a recommendation that they would be willing to share?

-- 
This message was sent to: Chris Bullock <cgbullock at yahoo.com>
To unsubscribe, send a blank message to trilug-leave at trilug.org from that 
address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web    : 
http://www.trilug.org/mailman/options/trilug/cgbullock%40yahoo.com
TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions

More information about the TriLUG mailing list