[fw-wiz] Recommendation needed for a firewall appliance
From: Christopher L. Everett (ceverett_at_ceverett.com)
Date: 10/17/03
- Previous message: Ravi Kumar: "Re: [fw-wiz] Post connection SYN"
- Next in thread: Mark Tinberg: "Re: [fw-wiz] Recommendation needed for a firewall appliance"
- Reply: Mark Tinberg: "Re: [fw-wiz] Recommendation needed for a firewall appliance"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Firewall Wizards List <firewall-wizards@honor.icsalabs.com> Date: Fri, 17 Oct 2003 15:51:47 -0500
Hi,
I'm a web programm/system admin for a small company in the
medical advertising space. We operate on a pretty low budget,
but I can get anything I can demonstrate a need for, within
reason. In this case, within reason is $500 or less.
So, even though we're 6 fulltime and a few parttime employees
large, we've outgrown our Linksys BEFVP41 firewall box, because
for the life of me I can't make the VPN work, and we could use
lots more bandwith to administrate our servers directly on the
Internet.
Id set up a Linux based Firewall/VPN server, but I just don't
have the time to mess with setting up such a box from scratch;
the last time I played with FreeSWAN a little over a year ago
I was unsuccessful in getting an IPSec VPN going with a Win2K
box despite following detailed instructions verbatim.
After looking around and seeing what's happening in the firewall
appliance market, and thinking about what I'd like to be able to
do, I've come up with these requirements:
1) > 50 Mbps LAN-to-WAN throughput (needs a 10/100 WAN port)
2) a 10/100 DMZ port
3) enough VPN speed for 3 to 5 broadband users, 10Mbps or more
4) client to VPN connectivity without needing special software,
for Windows, OSX and Linux.
5) maker has a good record on security & releasing patches
6) The firewall/VPN runs in hardware as much as possible.
As far as new, currently manufactured equipment that looks
good to my inexperienced eye are:
1) Netgear FVL328
2) Hotbrick 600/2
The Symantec 200R and Sonicwall stuff seems to need special VPN
software so that's out.
But I've also been checking out used equipment on Ebay hoping
toget lucky and stretch our budget into something a little more
deluxe such as an older Nokia (IP440?) or Watchguard box.
One thing that I don't understand are the licensing issues
with used Nokia boxes: do the Checkpoint licenses travel with
the box or will I have to buy new licenses?
Another thing I'd like to know about are the risks involved
in running an older, possibly unsupported firewall/VPN box:
is it riskier than just running straight NAT access? Are
there some of these older boxes I should stay away from?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Ravi Kumar: "Re: [fw-wiz] Post connection SYN"
- Next in thread: Mark Tinberg: "Re: [fw-wiz] Recommendation needed for a firewall appliance"
- Reply: Mark Tinberg: "Re: [fw-wiz] Recommendation needed for a firewall appliance"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
