Home > IT Answers > Security > What is a good firewall appliance for 200 use...
JimmyIT
1260 pts.
0
Q:
What is a good firewall appliance for 200 users?
Firewall appliances, Firewalls
Looking for a good firewall appliance for around 200 users at my company.
ASKED: May 27 2009  8:26 PM GMT
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
RELATED QUESTIONS
0
Aguacer0
2815 pts.
0
A:
 RATE THIS ANSWER
+2
Click to Vote:
  •   2
  •  0
  • AddThis Social Bookmark Button
Nice can of worms to open ;-)

I will put on my flameproof underwear, and have a go at answering this one.


Everyone has their favorite, and essentially they all do the same job. Some are a bit easier to configure, some provide a bit better protection, some are less likely to be compromised, and some have better support and bug fixes.

For my money, I would go with the Cisco ASA 5505 with the unlimited licence (it comes in a 10, 50 and unlimited version). Then you have a very good firewall, it can also provide you with some VPN capability (SSL and IPSEC, and the 3DES/AES upgrade is free), so you can work from home and still access the company network, and Cisco are quick to get out fixes for most security vulnerabilites that may arise. It also has the possibility of hardware module in the future that will provide additional functionality. It is not the most straight forward to configure if you need to do anything fancy, but this forum can help you there, and there are loads of engineers you can hire for the day to configure whatever you need. For the basics, it virtually works straight out of the box.

The support on the Cisco website is second to none. I have worked with Juniper also, and while their boxes are good for the money, the support is not so good, and the website is near impossible to find anything.

Hey ! The bottom line is that you will get as many suggestions here as there are firewalls, and you just end up choosing one of them. What ever you choose, is probably better than not choosing any of them. Work out how much money you can afford, and spend it.

Good Luck !

+++++++++++++++++++++++++++++++++++++++++++

I would recommend you look at the Netscreen firewalls which has all the same functionalities as Cisco and Checkpoint. Netscreen gives you the capabilities of the "VPN, SSL-VPN, IPS, Content Filtering". All these features as becomes what's known in the industry as UTM "United Threat Management". Basically it's alot of functions of multiple single-purpose appliances into a single "box".
Last Answered: Jul 13 2009  4:27 PM GMT by Aguacer0   2815 pts.
Latest Contributors: BlankReg   11270 pts.
  •   
0
0
RSS - Discussions Help
Discuss This Answer:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Stiltner   205 pts.  |   May 28 2009  6:57PM GMT

What is a good firewall for under or around XXX-XXXXXX dollars would have been a better question.

You have to give us some kind of range you’re looking for to spend. What are your goals with the firewall? keep people out? Restrict people internally, broaden your question and I think you’ll get a more direct answer / solution.

Blank gave you a wonderful catch all response, but I think you can get more information out of everyone by passing us a bit more information.

With that suggestion, it really depends upon your or your administrators skill levels. What are you familar with? Because using something you know ahead of time will eliminate two things, learning curve, and implementation schedule.

I’m just as inclined to recommend a Linux based, roll your own firewall, as I am to recommend you a vendor supplied piece of hardware, as outside of user # (which in reality for a firewall is almost irrelevent, at least so far down on the list compared to what you need it to do).

There’s too many variables still needed to give you a more sensible answer from anyone. Unless you want a salesman to pitch his product to you, and I don’t think any of us are that, and are interested in doing that.

 

KevinBeaver   7485 pts.  |   Jun 3 2009  4:28PM GMT

Many of my clients swear by their Cisco ASAs. But I also have clients who love their Watchguards, SonicWalls, and Jupiter/Netscreens. One of the biggest deciding factors should be how comfortable you are with the firewall’s interface so try to check that out first.

 

SpyMoose   625 pts.  |   Jul 9 2009  4:08PM GMT

I loves me some SonicWALL. Out of all of the firewalls I’ve seen the SonicWALL has the simplistic interface that I can troubleshoot at 4a.m. with my eyes burning.

A few of the applications that I like from the SonicWALL are: SSLVPN for remote connections, Load Balancing, and the absolute life saver is the High Availability option. The reports it sends out are easy to troubleshoot.

I’m a little disappointed that I was not working here when it was configured but that’s why the user manual goes with me every where I am for a quick read between classes.

 

Schmidtw   10590 pts.  |   Jul 10 2009  6:45PM GMT

In the past, my company has used Watchdog Firewalls. Moderately priced, good functionality…bad support.

A while ago, we upgraded too a Netgear ProSafe VPN Firewall model FVX538. Another moderately priced device. The configurations have been easy and effective. It just works great!

-Schmidtw

 

Sonotsky   660 pts.  |   Jul 14 2009  1:50PM GMT

We went with Nokia IP350s. Our network admin apparently came into the organization with an “in” to a vendor that gave us an awesome price. For VPN, we have an old (but reliable) pair of Nortel Contivity 1740s that do the job quite nicely. With TunnelGuard on it’s pretty much bulletproof.

 
0