1. Home
  2. Networking Firewalls
  3. Small Office Firewall Options

Small Office Firewall Options

Hi,

I'm hoping to get some advice on which firewall would be best for me. The Netscreen 5GT-Wireless Extended looks like it will do what I need. I've used Netscreeen before and was impressed but I am not aware of what the alternatives might be.

Ideally I'd like the following

1 internal trusted zone 1 untrusted zone - the internet 1 DMZ - for web/email server 1 trusted wireless zone, full access to trusted zone 1 guest wireless zone, with limited access to trusted zone and the internet. The network will have up to 6Mb of traffic and I imagine only 20 or so concurrent sessions.

Any suggestions would be greatly appreciated. Thanks, Tas

Reply to
tfrangoullides
Loading thread data ...

The cheapest solution is a DFL-700, but you are asking for 4 different networks - no cheap firewall does that.

So, you want:

1 WAN 1 LAN 1 DMZ 1 Wireless LAN 1 Wireless DMZ

You could just add Access Points to the LAN and DMZ if you don't really need separate physical networks for them.

If you want a firewall with that many ports (networks) then you need to start with a WatchGuard X750e with Pro option - that's up to 8 networks that you can use.

Reply to
Leythos

-

Thanks Leythos,

For what I'm trying to do I could add a wireless access point to the trusted zone... but the other wireless zone isn't exactly the same as DMZ I'd need a seperate zone for this. That's 4 zones in total.

I had a look at the D-Link documentation but could determine how many zones it supported.

I'm not sure I'd go for a watchguard... I used a watchguard SOHO a few years ago and was pretty disappointed.

Tas

Reply to
tfrangoullides

The D-Link has three physical zones.

The SOHO is the cheapest, smallest, lowest end product there is.

You could also setup dual networks (series) in your DMZ, to isolate the Wireless....

DMZ PORT 1 ----- NAT DEVICE 1 ---- WEB SERVERS DMZ PORT 1 ----- NAT DEVICE 2 ---- Guest Wireless

DMZ 192.168.16.0/24 NAT DEVICE 1 192.168.17.0/24 NAT DEVICE 2 192.168.18.0/24

This keeps Guess wireless out of NAT 1 LAN, except for HTTP or what you expose.

Reply to
Leythos

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.