Affordable Firewall 4 Colo Server

Hi

I have a server in colo that I use for backups and very occasionally serving up a test site for a client. It is public facing to a switch with 100mbps bandwidth (burstable). I need to install a firewall without breaking the bank and was considering the Zywall 5. Does anybody know if it will be powerful enough? Or should I be looking at something like the Watchguard X500. I'm kinda confused.

Many thanks!

Reply to
iVoltage
Loading thread data ...

As the Zywall 5 is rated for a business of up to 30 users, using it on a single server with one external user shouldn't be a problem. The only thing I'd mention is that its throughput is limited to 40Mbps. You would need a Zywall 70 to get 100Mbps but it sounds as if you don't get anywhere near that.

Reply to
Desk Rabbit

Look at the throughput on the different models, you need to find something that states 100mbps or higher. WatchGuard is a good line, I don't like Zywall because of their lack of support.

Reply to
Leythos

You may wish to investigate the Refurbished Cisco PIX Firewall Guide:

formatting link
Sincerely,

Brad Reese BradReese.Com - Cisco eBay Repair Service

formatting link
Hendersonville Road, Suite 17 Asheville, North Carolina USA 28803 USA & Canada: 877-549-2680 International: 828-277-7272 Fax: 775-254-3558 AIM: R2MGrant BradReese.Com - Cisco Power Supply Headquarters
formatting link

Reply to
www.BradReese.Com

What lack of support? Zyxel is fine here in the UK - I call the support line and someone answers within a few seconds and knows what they are talking about. They don't require expensive support contracts to get firmware updates and they don't charge per user licenses. All these reasons are why we moved away from Watchguard to Zyxel in the first place.

Reply to
Desk Rabbit

Strange, I called and could not get through to a human, only sales, and I don't consider sales people to be human :)

It took them 8 calls and emails to get a reply about a simple VPN option that I needed to know if they supported, and in the end, all they said was read the manual. I had already downloaded the manual and it didn't cover the question, and their support people seemed to lack the basics.

I could not even get an answer to "Does the device support multiple public IP addresses NAT'ed to multiple LAN addresses by port, or does it require that a IP be mapped to an IP instead of a IP:Port mapped to an IP:Port".

I was considering their products for a small, 10 office location, but they could not provide basic Branch Office VPN answers during the evaluation phase, so I gave up on them.

Reply to
Leythos

Some of the guys here have been on the courses run by Zyxel UK and have direct numbers for the support guys who are very helpful. So I supose that helps!

As I understand it, the answer is yes to all those questions

Setting up a branch VPN is soooooo simple. Even got them working to Cisco kit. We had no control over the Cisco stuff, we were just told to "Use these settings". Plugged them in, fired up, been working perfectly ever since. Its all pretty standard stuff.

Reply to
Desk Rabbit

Most firewalls work well with CISCO, it's like the vendors do their best to make sure that they can connect with them above all others.

My overall impression of Zyxel has been that of a small startup that needs a few more years before I'm willing to buy it for clients. My first choice, due to 6+ years of experience, is WatchGuard.

Reply to
Leythos

Hardly. They have been building kit which Netgear and others have been rebadging for years.

Reply to
Desk Rabbit

Like I said, it was my overall impression of them, which is based on my limited experience with their sales/support group.

Reply to
Leythos

Thanks for all the advice! I've just checked on the Watchguard prices and they are a world apart from Zyxel. I guess you get what you pay for. I don't like the Watchguard Forever subscription policy, at all. The most throughput I would require is my upload speed, 448kb, and that of my nephew for his site. The rest would be free to deal with constant pounding on Port 22. I can always use the Z5 at home when it proves inadequate to my needs. Does anyone know if it will need to be UTM?

I am messing around with an old HP running Astaro at the moment. Once I am confident with managing it, I was hoping to build my own 1u, half-width, Celeron-powered ASL box. That way, there would be enough rom for a half-width, mini-atx log sever as well. I'm also looking at a Cisco Pix. They seem to be revered in many quarters.

Of course, I could throw caution to the wind and buy a WRAP box and install M0n0wall on it. I have a week to learn before I'm due down at the colo centre.

Thanks again, everyone!

Reply to
Cassius Brown

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.