I need help choosing a firewall/vpn solution.
- From: "michaelb" <mbolick@xxxxxxxxx>
- Date: 5 Jan 2007 19:17:17 -0800
I need help choosing a firewall/vpn solution. I would MOST appreciate
anyones help in making this choice. I have been reading these
newgroups, speaking with sales engineers and trying to make the most
intelligent decision on my own. I have to admit the more I learn the
more I can define what I need...but cannot determine a final product
We are a small business with limited funds. When I spoke with Cisco
they told me that they had a small-business solution designed to be
both affordable and easy to use. It was only $15,000 !!! I guess
Cisco is too big to know what a small-business budget is. :) I would
like to keep my budget between $2000 and $4000.
Here is what I really need to purchase.
I want to purchase a new firewall/UTM device to replace my aging
SonicWall Pro 200. I need this device to be able to route traffic with
different rules for each route AND act as a DHCP server. I will try
and explain what I mean by this with an example. I have a network of
around 25 computers and 4 servers.. We have a block of 64 public ip
address that are using for external access. The 4 servers are as
1. Microsoft Small Business Server 2003 with Exchange Server running.
2. Microsoft Windows Server 2003 with Citrix Presentation Server
3. A Windows XP security camera server with proprietary video remote
4. A VOIP PBX telephone server (not connected currently...but want it
The 25 computers consist of primarily Windows XP boxes with a couple of
Mac OSX and Windows 2000 boxes. We also have around 10
network-connected devices (i.e. network printers, scanners, time
clocks, etc.). We have 5 mobile users who need to be able to connect
to our network through some type of VPN solution. We also have a
branch office that has a SonicWall TZ170 Wireless.
My requirements for this project are as follows:
1. The device(s) must be a DHCP server for our internal network
2. The device(s) must be able to reserve internal addresses for certain
devices so that they will always keep the same ip (so that our ip
printers & devices will always be at a certain 192.168.168.x address).
3. The device(s) must be capable of taking requests for various
external public IP addresses and transferring that traffic to static
internal-network devices. In example, taking our external IP address
18.104.22.168 and route that traffic to our internal network Exchange
server residing at 192.168.168.15. This feature must be able to apply
different security policies (open port settings) to different
extIP/intIP translations. We need to lock down our Exchange server as
tight as possible and allow our camera server to be almost wide open.
THIS IS VERY IMPORTANT AND IS THE MAIN REASON THAT WE ARE REPLACING THE
SONICWALL PRO 200, AS IT IS NOT CAPABLE OF THIS FEATURE.
4. The device(s) must be able to connect to our Branch Office's
SonicWall TZ170 Wireless device creating a VPN tunnel so that the users
at that office are able to share our network without having to run
local VPN software. (I might be willing to replace the TZ170W if the
solution required it)
5. We currently use the VPN solution provided in Microsoft's Small
Business Server 2003. We like this because it doesn't require any
extra software on the remote users computers. We are however
interested in replacing this with an SSL VPN device for ease of use and
cross-platform support. We have several users that would like to
connect via their smartphones and know that this is an option with some
manufacturers SSL-VPN products. It would be nice if this SSL VPN
device could verify that the connecting user has virus software
installed PRIOR to letting them connect.
7. Must be easy to setup and maintain. If we add another server it
must be easy to create a new public-to-private iIP route with unique
policies/rules WITHOUT disturbing the other previously configured
settings. This is one problem with our current SonicWall Pro 200...we
tried to install a new VOIP server and we couldn't open the ports for
just that device...we had to open them for all the traffic.
I sincerely appreciate your help and if I can do anything to help
clarify my needs please let me know. I cannot tell you how grateful I
am for the help.