Re: Firewall for web hosting company

On Fri, 17 Feb 2006 12:54:27 +0100, Claus Pedersen <SeeBelow@xxxxxxxxxxxxx> wrote:

Hi Everyone

We are a hosting company that are looking for a new firewall solution
because our current Symantec Enterprise Firewall can't handle the traffic.

Our current traffic is never over 10Mb/10Mb but there is a large number
of connections (http/https (smtp, dns)) which apparently is the problem
for our current firewall

Our demands is high availability and high performance (two firewalls in
HA mode).

Our supplier has sent us an offer for three different solution.


2x Checkpoint VPN-1 PRO on Crossbeam C10 in HA setup
2x Sonicwall 4100 in HA setup
2x Symantec Gateway Security 5640 in HA setup.

Sonicwall is in price terms the most attractive product but what about
performance and security.

It's difficult to compare them based on fact sheets, so I hope that I
can get some help from you.

Best regards
Claus Pedersen

csf clausp.dk


Based on my experience with a single Sonicwall Model: PRO 230 (CPU: StrongARM / 233 Mhz)
1. The gui is very limiting and awkward.. Although if your just running common web hosting services, you should be ok.

2. If something goes wrong and you need to call their support........ There tech support is located in India, Singapore or one of those
places where you just can't understand what there trying to say. More importantly they don't speak english. They just listen for key words,
and read answers off the screen.
ie:
Q: How much does a hamburger cost in your country, and can I pick it up with my VPN ?
A: Ok mr. sir. Click on VPN and then click on summary.
Obviously these aren't the actual questions i've asked, but you get the point.

3. Again with the support, their either using VoIP over ADSL for the whole office, or their using cell phones inside a tunnel.


All in all, If you need a basic setup which it sounds like your using: then you'll be fine.

Any type of obscure customization, and your screwed.

On the plus side! Logging is descent. It allows you to send all your logs to a syslog server.
Problem with that, no matter which options you choose to have it send to the syslog server, you get everything.
.

Relevant Pages

  • Re: Firewall for web hosting company
    ... We are a hosting company that are looking for a new firewall solution because our current Symantec Enterprise Firewall can't handle the traffic. ... 2x Checkpoint VPN-1 PRO on Crossbeam C10 in HA setup ...
    (comp.security.firewalls)
  • Re: Problem about ppp -nat
    ... ipfw firewall, ... Just setup your fw of choice as if the tun0 device is the external device and leave all the nat stuff completely out of it. ... My Internet interface is rl0, ... # /etc/rc.d/routing restart ...
    (freebsd-questions)
  • Re: SBS 2003 SP1 Premium Issues (including ISA 2004 installation i
    ... If the CEICW runs then you should have the SBS 2003 SE RRAS firewall setup ... I don't have any clients that use PPPOE ... At the moment, the PPPoE connection ...
    (microsoft.public.windows.server.sbs)
  • Re: MCE 2005 Xbox 360 Extender PC Setup Cannot find Xbox 360 on Ne
    ... > You are currently talking to someone at Microsoft on the Extender team :-) ... The dump below is how my registry looks now. ... I wasn't sure what puts those registry entries there (is it setup ... This is typically due to firewall issues, ...
    (microsoft.public.windows.mediacenter)
  • Re: [opensuse] why no "cups" entry in YaST Firewall Allowed Services in 11.3?
    ... not the setup more secure. ... You say that we are still free to open the port in the firewall. ... Of course, but what is the point of YaST, if not making administration steps ...
    (SuSE)