1. Home
  2. Networking Firewalls
  3. Firewall for web hosting company

Firewall for web hosting company

Hi Everyone

We are a hosting company that are looking for a new firewall solution because our current Symantec Enterprise Firewall can't handle the traffic.

Our current traffic is never over 10Mb/10Mb but there is a large number of connections (http/https (smtp, dns)) which apparently is the problem for our current firewall

Our demands is high availability and high performance (two firewalls in HA mode).

Our supplier has sent us an offer for three different solution.

2x Checkpoint VPN-1 PRO on Crossbeam C10 in HA setup 2x Sonicwall 4100 in HA setup 2x Symantec Gateway Security 5640 in HA setup.

Sonicwall is in price terms the most attractive product but what about performance and security.

It's difficult to compare them based on fact sheets, so I hope that I can get some help from you.

Best regards Claus Pedersen

csf clausp.dk

Reply to
Claus Pedersen
Loading thread data ...

Based on my experience with a single Sonicwall Model: PRO 230 (CPU: StrongARM /

233 Mhz)
  1. The gui is very limiting and awkward.. Although if your just running common web hosting services, you should be ok.

  1. If something goes wrong and you need to call their support........ There tech support is located in India, Singapore or one of those places where you just can't understand what there trying to say. More importantly they don't speak english. They just listen for key words, and read answers off the screen. ie: Q: How much does a hamburger cost in your country, and can I pick it up with my VPN ? A: Ok mr. sir. Click on VPN and then click on summary. Obviously these aren't the actual questions i've asked, but you get the point.

  2. Again with the support, their either using VoIP over ADSL for the whole office, or their using cell phones inside a tunnel.

All in all, If you need a basic setup which it sounds like your using: then you'll be fine.

Any type of obscure customization, and your screwed.

On the plus side! Logging is descent. It allows you to send all your logs to a syslog server. Problem with that, no matter which options you choose to have it send to the syslog server, you get everything.

Reply to
Troubled User

Claus,

Have you looked at the Sidewinder G2 Firewall?

formatting link
I am sure you will be pleased with it's performance and security.

You can set them up in a HA mode load share or Fail-over mode.

Reply to
Security Freak

/ 233 Mhz)

web hosting services, you should be ok.

tech support is located in India, Singapore or one of those

importantly they don't speak english. They just listen for key words,

office, or their using cell phones inside a tunnel.

you'll be fine.

syslog server.

syslog server, you get everything.

But what about the performance - that is my main concern (except from security of course)

Regards Claus

Reply to
Claus Pedersen

Checkpoint NGX on Secure Platform in HA mode. Maximum peformance and maximum security. It runs an optimised and prehardened Linux RedHat kernel.

Wayne McGlinn Brisbane, Oz

Reply to
Wayne

StrongARM / 233 Mhz)

common web hosting services, you should be ok.

tech support is located in India, Singapore or one of those

importantly they don't speak english. They just listen for key words,

office, or their using cell phones inside a tunnel.

you'll be fine.

a syslog server.

syslog server, you get everything.

Claus,

If you are looking at Security and Performance look at the U.S Army TIC labs testing on the G2. This is not marketing numbers. These are real numbers that were done by the U.S Army in there lab.

formatting link
you look at the page 12 it states " the Sidewinder G2 Forwarded traffic at nearly the same rate in which it received it meeting the

2.5 Gbps Requirement.
Reply to
Security Freak

I would recommend a sonicwall 4060 with a layer2 switch that does vlans attached to it over a 4100. more flexible and less $$$. Just my 2 cents.

I use a configuration like that myself and am quite pleased with it. If you are running a web hosting service, you may want to make sure you get the IPS package/subscription with the sonicwall - it will help keep exploits off the boxes you host on.

Reply to
snertking

/ 233 Mhz)

web hosting services, you should be ok.

A box that belongs to a product line they no longer make.

Newer boxes have a completely different OS. Two vesrions are available - standard and enhanced. Standard suck, IMO. Enhanced works well. The gui is a bit liniting, but there IS a cli now. (only accessable vioa the serial port tho - no telnet)

tech support is located in India, Singapore or one of those

importantly they don't speak english. They just listen for key words,

Depends. If you have the enhanced OS, the support groyup for that is soley US based. I have had good experiences with them (actually had them patch bugs and get me the corrected code in three days)

office, or their using cell phones inside a tunnel.

If you DO get tech support in india, and you politely ask to be transferred to US tech support, they will do it.

you'll be fine.

I have a rather complicated setup with my pro4060 box involving aboout

40 private subnet, vlans, seperate wireless zone, and run OSPF on the sonicwall box. Works quite well.

syslog server.

syslog server, you get everything.

True on SOME versions of SOME of the older boxes. Not true with the

4060, 4100, 5060, etc.
Reply to
snertking

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.