[TriLUG] Slightly-OT: Firewalls

Jim Ray jim at neuse.net
Tue Apr 19 13:46:46 EDT 2011


I use a SonicWall internally and was impressed to get their 2 year 24/7
support for a couple of hundred bucks. Very reasonable. 

Regards,

Jim Ray, President
Neuse River Networks - ONE(tm) Plan to put IT maintenance behind the
scenes, after-hours and out of your way.

Tel: 919-838-1672 Cell: 919-606-1772 Skype: neusedotnet 
Web: http://www.neuserivernetworks.com 
Linkedin: http://www.linkedin.com/in/neuse 
Facebook: http://www.facebook.com/neuseriver 
Twitter: http://twitter.com/neuse



-----Original Message-----
From: trilug-bounces at trilug.org [mailto:trilug-bounces at trilug.org] On
Behalf Of Chris Bullock
Sent: Tuesday, April 19, 2011 12:07 PM
To: Triangle Linux Users Group General Discussion
Subject: Re: [TriLUG] Slightly-OT: Firewalls

We are in the same boat and have been looking at the Cisco ASA 5520 and
the SonicWall E5500.  The reporting of the sonicwall is grabbing my
attention, from a managing my users standpoint, it can tell me who/where
and how long they have been on the Internet.  The built in outbound URL
filtering of the sonicewalls is a plus for me also.  My cisco vendors
are quoting me a webSense box to do that.  
My reason for going to a appliance platform is that it is openly
supported.  We have used opensource firewall/vpn for over 9 years now,
but frankly I am getting tired of the IT department calling me when
support is needed.  I am hoping the point and click interface of the ASA
or the SonicWall is my answer.  Another good thing about both Cisco and
SonicWall is that if you buy their HA package you only have to put
support on 1 box, even though you have 2.



----- Original Message ----
From: "matt at noway2.thruhere.net" <matt at noway2.thruhere.net>
To: trilug at trilug.org
Sent: Mon, April 18, 2011 3:29:05 PM
Subject: [TriLUG] Slightly-OT: Firewalls

I say slightly OT because it isn't necessarily, but could be, Linux
based and will be used in a Linux based network ....  I have been
looking into (small business grade) hardware firewalls for a while now
and have been seriously thinking of getting one.  Before I make any firm
decisions, I wanted to ask what experience the group has and for any
recommendations for or against.

The basic specs and wish list are:
1 - support for multiple public IP addresses (this puts it outside the
standard home grade) 1A - multiple servers have puplic IP address that
would need to be accounted for in either NAT or PAT* (see below).
2 - VPN for remote access
3 - throughput isn't terribly high (TWC business class)
4 - intrusion detection would be a plus, but isn't necessary at this
level.
5 - Cost is a consideration (seem to range $250 - $500 in this end
range).
6 - wireless is optional.  I would use wireless on one of the VLANs (my
private one), but can just as easily put a simple wireless router in
too.

*Note on NAT * - I was watching a youtube video on the ASA 5505 and it
looks like you define two VLANs (one public, one private) and define ACL
rules between them, using the net masks to translate blocks of IPs and
then define the block gateways.  Before this, I wasn't even sure how
this would work.

I have been leaning towards a Cisco ASA 5505 series, but I seem to see a
lot of mention for Sonicwall.  I have also seen reviews that say stay
away from Sonicwall and go with Cisco.  From what I can tell the
FortiGate products seem to be well received, but a little more
expensive.

I have considered getting a WRT54 series and putting dd-wrt on it, but I
would prefer something a little more "heavy duty" for this application.

Does anybody have a recommendation that they would be willing to share?

--
This message was sent to: Chris Bullock <cgbullock at yahoo.com> To
unsubscribe, send a blank message to trilug-leave at trilug.org from that
address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web    : 
http://www.trilug.org/mailman/options/trilug/cgbullock%40yahoo.com
TriLUG FAQ          :
http://www.trilug.org/wiki/Frequently_Asked_Questions

--
This message was sent to: Jim Ray <jim at neuse.net> To unsubscribe, send a
blank message to trilug-leave at trilug.org from that address.
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
Unsubscribe or edit options on the web	:
http://www.trilug.org/mailman/options/trilug/jim%40neuse.net
TriLUG FAQ          :
http://www.trilug.org/wiki/Frequently_Asked_Questions



More information about the TriLUG mailing list