Re: Moving from IPTABLES to SonicWall
- From: snertking <snertking@!snerts-r-us.org>
- Date: Sat, 01 Apr 2006 18:05:28 -0500
Alex Molochnikov wrote:
We are contemplating a move from the IPTABLES firewall to a firmware-based
one. I've never used SonicWall (the proposed replacement). Could anyone tell
me if this is an adequate substitute for the Linux-based f/w?
What sonicwall model? IME, all the "TZ" models (tz 150, tz 170) have issues every time there is a new major firmware release. My 4060 on the otherhand has been rock solid. The saying "you get what you pay for" applies.
Currently, our small LAN (under 10 computers) is protected by a Linux
machine with IPTABLES that is used to route incoming connections from
trusted IP addresses to a host runnig a Java-based server. Some of the
connections are directed to other hosts, based on the destination port
number. Incoming connections occur on ports 80 (Web server), 422 (SSL), 1099
(RMI registry), and a variety of other ports (the external IP address of the
firewall is static). There is also some NAT involved.
All this is scripted in the IPTABLES rules, and I wonder if the
firmware-based firewall/router will be capable of providing similar
functionality.
Yes. Easily. That's like asking a professional concert pianist if he is proficient enough to be able to play chopsticks.
The enhanced OS boxes (don't get the "standard" OS if you can afford the enhanced) will do plain old NAT by address and by port (nat to completely different IP depending on port), bi-directional NAT, etc. Pretty much any NAT scenario you can think of.
Also available are snort like IPS, anti-virus at the gateway level, and the ability to integrate with web content filtering solutions.
Your advice will be greatly appreciated.
Thank you.
Alex.
.
- Prev by Date: Fortigate FG-60 and SIP
- Next by Date: Re: Zone Alarm deleting cookies always
- Previous by thread: Re: Moving from IPTABLES to SonicWall
- Next by thread: Re: Moving from IPTABLES to SonicWall
- Index(es):
Relevant Pages
|
