FIRE WALLS?

The network is the forum.

Moderators: Steel, notfred

FIRE WALLS?

Postposted on Fri Oct 11, 2013 10:20 am

Hey guys,

My office is looking at new firewall solutions and I wanted to poll you for any and all recommendations. This is not my forte, so please be kind and use lameman speak.

-Joe

EDIT : PS We are currently using sonic wall 205 apparently.
kamikaziechameleon
Gerbil Elite
 
Posts: 842
Joined: Wed Dec 03, 2008 3:38 pm

Re: FIRE WALLS?

Postposted on Fri Oct 11, 2013 10:22 am

Why are you looking for it? What was unsatisfactory with your current device? What features do you need?
My subscription allows you people to exist on this site and makes me a better human being than you'll ever be
JohnC
Gerbil Jedi
Gold subscriber
 
 
Posts: 1862
Joined: Fri Jan 28, 2011 2:08 pm
Location: NY/NJ/FL

Re: FIRE WALLS?

Postposted on Fri Oct 11, 2013 11:01 am

It would also help if we knew how large of an office you're dealing with here, speed of Internet connection, and whether the connection is just used for web/e-mail or if there are other services hosted over the connection as well like externally-facing servers, VOIP, etc.

Your question as posed leaves things wide open. If it is a small office with very basic needs, even a consumer-grade router might be "good enough". If it is a large office with its own web/e-mail/e-commerce/etc. servers, QoS requirements, web filtering, etc. then you're probably looking for a serious enterprise-grade solution (big $).
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37520
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: FIRE WALLS?

Postposted on Fri Oct 11, 2013 11:29 am

Wall's on fire. Also VPN endpoint if the office is a satellite. Pfsense.org?

I see OP edited the post to include their current Sonicwall 205. This is a good unit, so what's wrong with the current appliance?
Calm seas never made a skilled mariner.
drsauced
Graphmaster Gerbil
 
Posts: 1463
Joined: Mon Apr 21, 2003 1:38 pm
Location: Here!

Re: FIRE WALLS?

Postposted on Mon Oct 14, 2013 11:32 am

JohnC wrote:Why are you looking for it? What was unsatisfactory with your current device? What features do you need?



Apparently price has gone up appreciably on our current solution. Enough that they are looking for other options.
kamikaziechameleon
Gerbil Elite
 
Posts: 842
Joined: Wed Dec 03, 2008 3:38 pm

Re: FIRE WALLS?

Postposted on Mon Oct 14, 2013 11:34 am

just brew it! wrote:It would also help if we knew how large of an office you're dealing with here, speed of Internet connection, and whether the connection is just used for web/e-mail or if there are other services hosted over the connection as well like externally-facing servers, VOIP, etc.

Your question as posed leaves things wide open. If it is a small office with very basic needs, even a consumer-grade router might be "good enough". If it is a large office with its own web/e-mail/e-commerce/etc. servers, QoS requirements, web filtering, etc. then you're probably looking for a serious enterprise-grade solution (big $).


We don't host a server that will be bypassing the firewall. We are currently built around an internal server that handles internal licenses and stores/backs up our data, about 20 users, email and web browsing.
kamikaziechameleon
Gerbil Elite
 
Posts: 842
Joined: Wed Dec 03, 2008 3:38 pm

Re: FIRE WALLS?

Postposted on Mon Oct 14, 2013 11:39 am

drsauced wrote:Wall's on fire. Also VPN endpoint if the office is a satellite. Pfsense.org?

I see OP edited the post to include their current Sonicwall 205. This is a good unit, so what's wrong with the current appliance?


I don't know a ton about it but I guess the units license expired and the renewal is double.
kamikaziechameleon
Gerbil Elite
 
Posts: 842
Joined: Wed Dec 03, 2008 3:38 pm

Re: FIRE WALLS?

Postposted on Mon Oct 14, 2013 12:24 pm

If it is behaving adequately for you, and especially if someone is familiar with the web interface, the TZ215 is the current model for that grade of SonicWall, and should do fine for you. It *should* even import the settings without much fuss. Make sure you go with unlimited nodes - it will save headaches down the road.

I actually just double checked. It looks like the 205 is still available.
mac_h8r1.postCount++;
Chaos reigns within. Reflect, repent, and reboot. Order shall return.
Slivovitz owns you.
mac_h8r1
Minister of Gerbil Affairs
 
Posts: 2962
Joined: Tue Sep 24, 2002 6:57 pm
Location: Alpha Epsilon Pi for life

Re: FIRE WALLS?

Postposted on Tue Oct 15, 2013 1:22 pm

Only reason we want to change is because of the price. The TZ215 is actually double the price. We want to pay less, and are looking for a CHEAPER alternative. Any suggestions?
Wesley
Gerbil In Training
 
Posts: 1
Joined: Tue Oct 15, 2013 1:06 pm

Re: FIRE WALLS?

Postposted on Tue Oct 15, 2013 2:39 pm

I think you should take drsauced's advice and go with pfsense. It's free so just grab a pc with two good nics (I'd guess most sysadmins would say Intel nics) and install it.

I've been running it for a couple of years and have had no problems with it. It's packed with features but still fairly easy to use.
wof
Gerbil
Gold subscriber
 
 
Posts: 16
Joined: Tue Oct 12, 2004 1:37 pm
Location: @my desk

Re: FIRE WALLS?

Postposted on Wed Oct 16, 2013 1:44 pm

A one year renewal of the Comprehensive Gateway Security Suite Bundle is about $300.
That bundle gets you all the goodies, web content filtering, P2P blocking and 27x7 support.
If you are not using those features, Dynamic Support 24X7 is $125.
Add to that about 1 hour of time (really on 10 minutes) to install the license.
Those are not unreasonable costs. Yes, they add up over time, but that is part of op ex.

If you go the pfSense route, which is a fantastic solution, your costs are going to be higher.
You will have to invest 20 to 40 hours of labour to build out the hardware, replicate the rules in the SW, test, validate and swap.

You can get support for pfSense for $99.

If you use an old PC, rip out the HD and run from a USB stick. Old PC have old HD which are closing in on their life expectancy.
If you want something slick, look at Netgate and Soekris.

My 2 cents...
Cubical 10
I only know enough to be dangerous.

Do ubuntu? pfsense
cubical10
Gerbil First Class
 
Posts: 184
Joined: Fri Mar 03, 2006 2:52 pm
Location: Montreal

Re: FIRE WALLS?

Postposted on Wed Oct 16, 2013 2:23 pm

cubical10 wrote:If you use an old PC, rip out the HD and run from a USB stick. Old PC have old HD which are closing in on their life expectancy.

Or use one of these and a CF card. I use one of them to boot my home firewall box.
(this space intentionally left blank)
just brew it!
Administrator
Gold subscriber
 
 
Posts: 37520
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: FIRE WALLS?

Postposted on Wed Oct 16, 2013 4:34 pm

+2 for pfSense. I'm lucky enough to live where both Cablevision (100/25) and FiOS (25/25) are available. I added FiOS thinking that if I liked it, I'd cancel Cablevision, but now that Cablevision upped their b/w for no extra charge, I may cancel FiOS instead.

Each is firewalled by an instance of pfSense in a Virtual Machine running on VirtualBox on Linux Mint (Ubuntu derivative). For a while, I had that set up with bandwidth sharing and fail-over on a single instance of pfSense. The pfSense VMs are so light-weight that they have no noticeable impact on the machine.

Before that, I played with IPCop, SmoothWall, and several others, including nothing but hand-coded IP Tables rules on Linux. For a while, I ran IPCop on a Soekris 5501 firewalling Cablevision back when it was 15/2. After about a year of faithful service, it started needing reboots - at first monthly, then weekly. Reinstalls did not help, so I trashed it (Life is too short to mess around :)

Recent news about stuff like back-doors in DLink routers makes me glad that I find it fun to play with firewalls.
MarkG509
Gerbil First Class
Gold subscriber
 
 
Posts: 113
Joined: Thu Feb 21, 2013 6:51 pm

Re: FIRE WALLS?

Postposted on Wed Oct 16, 2013 4:46 pm

Why not a decent/recent router? I just got an Asus AC66U for my other gig's office and it's full of win. Great wireless signal, turnkey VPN support, guest networks, couple types of firewalls, etc.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
morphine
Gerbil Khan
Silver subscriber
 
 
Posts: 9934
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest