Hardware firewall solutions

Incident response
Intrusion management
Network security
Hi all - I need to find a replacement for our current hardware firewall (Checkpoint 100 user). We are downsizing the office it's in and the current mainenance of $1500/year is rather high. So I'm looking for other solutions, the new office is going to have only 5 people in it, we need to be able to remotely administer the firewall and I would like the ability to VPN in and out of the site. The VPN would need to come from and to our site (still with the Checkpoint firewall). I have been looking at a Cisco Pix 501, 4 port, 10 user or the Symantec Gateway Security 460R. It's been a long time since I've looked at hardware firewalls (3.5 years) so I'm not sure which way to go. I remember that the Symantec Firewall at that time was really good, easy to manage, had a web interface and was fast. The cisco was all console based and took a bit more to configure it - not sure if that is how it is now (I'm researching still, but thought I would ask out here). Or just to add another choice in here the safeoffice solution from Checkpoint. I'm definately looking for something that's a bit easier to use - if it interfaces nicely with the checkpoint firewall all the better. Opinions? Suggestions? Lirria

Answer Wiki

Thanks. We'll let you know when a new response is added.

Dear lirria
I happen to use Fortigate 50A from Fortinet for 30 User and it was quite a help. Its cost should be below $750 with around $250 renewal annual fee for AntiVirus And AntiSpam on-line scanner (that is much less than your checkpoint support)
I have ADSL internet connection which you should install rather than a leased line. That is another cost cut for 5-10 users environment.
You should check if there are any insiders that are causing your Exchange queue flood (Do you have Exchange 5.5 or Exchange 2003??). Interrupt your connector and separate your users from the server and find if the queue is still being flood.
Good Luck
Amal Jeryes

Discuss This Question: 3  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Celtic
    Lirria hello, From my 4 year experience with Fortinet products, I would recommend Fortigate 60 for your needs; It's a very easily managable product and it has all you need for a SOHO installation: VPN (C2S and S2S plus SSL-VPN), Anti-Virus and Anti-Spam, URL Filtering and IPS capabilities. I don't know about prices but they should be reasonable with a Full license for full features updates (AV, AS etc.) Hope I helped...
    0 pointsBadges:
  • CheckSix
    Cisco is a good choice, so is the Fortigate mentioned and you already have some experience with the Symantec. Also look at offerings from Sonicwall and Calyptix. Most modern firewall appliances will interoperate with the existing Checkpoint at your site. Sticking will all Checkpoint may make monitoring and maintenance easier - just drop down to the Safe@Office. CheckSix
    15 pointsBadges:
  • Bigshybear
    I support multiple customers with VPN firewalls. one has a Dlink DFL-300, one has a pair of Fortigate 50A's and one has about 40 Symantec Firewall VPN's of various models (including an SGS 440) connecting point to point tunnels to a Symantec SGS 5420. The needs you mention for your 5 user office are simple enough that the cheapest one, a DLink DFL-CP310 would do what you want. (The DFL 300 has been discontinued and replaced with the DFL-CP310.) The other two I mentioned are more powerful (and slightly more expensive) and will of course also do what you want. I've had to have the customer reboot the DFL 300 twice in the last 14 months, but I have not had the have the Fortigates or the SGS 440's rebooted. The Symantec SGS 440's have the simplest (and most straight forward) web interface for setup. In my opinion the Dlink and the Fortigate interfaces were both a bit jumbled. You can configure all 3 for remote administration (I have). Shifting over to tech support, my experience with the tech support for all 3 companies is that Fortigate has the best tech support, particularly when dealing with connecting a Fortigate with a non-Fortigate brand firewall. Both the Symantec and the Dlink tech support people were decent when dealing with their own firewall, but when you start talking about connecting their firewall with a different brand of firewall they don't have the depth of experience the Fortigate tech support people seem to have. So - lowest price - the Dlink. If you are little leery about getting a corporate product from a retail product vendor, the Symantec SGS440 is very good, with the easiest setup, is very stable and is slight jump up in features for only a little bit more money. And lastly, if tech support is your priority - the Fortigate. In your shoes, I would not even deal with a Cisco Pix. Unless you want to be a firewall guru, stay with a firewall that has a graphical interface.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: