Firewall Recommendations Needed from the Secuity Group

Don't like Sywall at all, support sucks and they can't answer basic questions.

Sonic, good generic firewall, lots of features, would be my second pick.

Netgear, well, they make nice low end devices and good switches, but, they are my last choice in firewalls, but they are my only low-end firewall choice when customers need something under $350.

WatchGuard, well, they are always my first choice and they offer devices that do all that you ask, but the smaller units are not my first choice

- I never install less than an X500 unit.

DMZ - not optional.

Web Content filtering - this is vastly different depending on the different products - as an example, HTTP Proxy service on WatchGuard will allow you to block files based on extension, will block other content, etc... You can also purchase "Web Blocker" that provides a bunch of categories to allow/block and you can create different blocking rules for different users/internal IP's.

Spam/Virus scanning - WG doesn't slow down when you add this, but, I never install that on the firewall. I purchage a Exchange Server aware product like GFI Mail Security and GFI Mail Essentials to do that.

ID - well, you have to have a real firewall, and if you want real intrusion detection then you need something that also runs on their nodes/workstations that interfaces with the firewall to block that infected client.

just to give a second opinion, since that's what you asked for,

If you worked with Sonicwall, I would stick with it. We have about 120 tz 170's out there, and they seem the right choice in your case.

that would be my order.

Hi David,

You may also wish to visit the individual forum for each vendor:

Brad Reese Cisco Resumes