I need help choosing a firewall/vpn solution.



I need help choosing a firewall/vpn solution. I would MOST appreciate
anyones help in making this choice. I have been reading these
newgroups, speaking with sales engineers and trying to make the most
intelligent decision on my own. I have to admit the more I learn the
more I can define what I need...but cannot determine a final product
selection.

We are a small business with limited funds. When I spoke with Cisco
they told me that they had a small-business solution designed to be
both affordable and easy to use. It was only $15,000 !!! I guess
Cisco is too big to know what a small-business budget is. :) I would
like to keep my budget between $2000 and $4000.

Here is what I really need to purchase.

I want to purchase a new firewall/UTM device to replace my aging
SonicWall Pro 200. I need this device to be able to route traffic with
different rules for each route AND act as a DHCP server. I will try
and explain what I mean by this with an example. I have a network of
around 25 computers and 4 servers.. We have a block of 64 public ip
address that are using for external access. The 4 servers are as
follows:
1. Microsoft Small Business Server 2003 with Exchange Server running.
2. Microsoft Windows Server 2003 with Citrix Presentation Server
running.
3. A Windows XP security camera server with proprietary video remote
services.
4. A VOIP PBX telephone server (not connected currently...but want it
to be).
The 25 computers consist of primarily Windows XP boxes with a couple of
Mac OSX and Windows 2000 boxes. We also have around 10
network-connected devices (i.e. network printers, scanners, time
clocks, etc.). We have 5 mobile users who need to be able to connect
to our network through some type of VPN solution. We also have a
branch office that has a SonicWall TZ170 Wireless.

My requirements for this project are as follows:
1. The device(s) must be a DHCP server for our internal network
(192.168.168.x).
2. The device(s) must be able to reserve internal addresses for certain
devices so that they will always keep the same ip (so that our ip
printers & devices will always be at a certain 192.168.168.x address).
3. The device(s) must be capable of taking requests for various
external public IP addresses and transferring that traffic to static
internal-network devices. In example, taking our external IP address
64.207.227.12 and route that traffic to our internal network Exchange
server residing at 192.168.168.15. This feature must be able to apply
different security policies (open port settings) to different
extIP/intIP translations. We need to lock down our Exchange server as
tight as possible and allow our camera server to be almost wide open.
THIS IS VERY IMPORTANT AND IS THE MAIN REASON THAT WE ARE REPLACING THE
SONICWALL PRO 200, AS IT IS NOT CAPABLE OF THIS FEATURE.
4. The device(s) must be able to connect to our Branch Office's
SonicWall TZ170 Wireless device creating a VPN tunnel so that the users
at that office are able to share our network without having to run
local VPN software. (I might be willing to replace the TZ170W if the
solution required it)
5. We currently use the VPN solution provided in Microsoft's Small
Business Server 2003. We like this because it doesn't require any
extra software on the remote users computers. We are however
interested in replacing this with an SSL VPN device for ease of use and
cross-platform support. We have several users that would like to
connect via their smartphones and know that this is an option with some
manufacturers SSL-VPN products. It would be nice if this SSL VPN
device could verify that the connecting user has virus software
installed PRIOR to letting them connect.
7. Must be easy to setup and maintain. If we add another server it
must be easy to create a new public-to-private iIP route with unique
policies/rules WITHOUT disturbing the other previously configured
settings. This is one problem with our current SonicWall Pro 200...we
tried to install a new VOIP server and we couldn't open the ports for
just that device...we had to open them for all the traffic.

I sincerely appreciate your help and if I can do anything to help
clarify my needs please let me know. I cannot tell you how grateful I
am for the help.

<><
michael

.



Relevant Pages

  • Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
    ... This set of steps is redundant in many places, and it's also enormously expensive, since you're using no less than three different expensive bits of networking hardware (AP, PIX, VPN Concentrator), in addition to a bunch of x86 server hardware, windows server licenses, and at least one ISA license. ... Your computers necessarily don't have full access to your network infrastructure when they aren't logged on, so GPOs, software updates, etc can't be applied at the times you want them to be applied. ... Turning on, enabling, and implementing every possible security setting and device you think of is not defence in depth, and will probably only have two effects - your users won't use your wireless network, and you'll burn so much cash you won't have any left to spend on *useful* security measures. ...
    (Full-Disclosure)
  • Re: VPN with SBS 2003 (not R2) and DSL.
    ... Reading property value for VPN returned OK ... Reading VPN Server Name returned OK ... identical network cards. ... it seems doubtful that SBS will work properly with two NICs ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN Connection Problems
    ... Note that we are able to successfully VPN into the office. ... to browse the network, RDP to the server or even ping the server. ... > This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN clients unable to connect to other resources.
    ... on the SBS 2003 server just not sure where to go for help on it. ... Next time I'm at my home PC, I'll VPN in and see what IP info I'm getting ... client PC on your LAN, you should be able to do so from a remote VPN client, ... get the network path was not found. ...
    (microsoft.public.windows.server.sbs)
  • Re: RRAS as VPN Server Configuration Questions...
    ... Ethernet adapter VPN: ... Name resulotion on VPN Connection issues on DC, ISA, DNS and WINS server as ... Issue in a VPN client ... ... How to Setup Windows, Network, VPN & Remote Access on ...
    (microsoft.public.win2000.ras_routing)