I need help choosing a firewall/vpn solution. I would MOST appreciate anyones help in making this choice. I have been reading these newgroups, speaking with sales engineers and trying to make the most intelligent decision on my own. I have to admit the more I learn the more I can define what I need...but cannot determine a final product selection.
We are a small business with limited funds. When I spoke with Cisco they told me that they had a small-business solution designed to be both affordable and easy to use. It was only $15,000 !!! I guess Cisco is too big to know what a small-business budget is. :) I would like to keep my budget between $2000 and $4000.
Here is what I really need to purchase.
I want to purchase a new firewall/UTM device to replace my aging SonicWall Pro 200. I need this device to be able to route traffic with different rules for each route AND act as a DHCP server. I will try and explain what I mean by this with an example. I have a network of around 25 computers and 4 servers.. We have a block of 64 public ip address that are using for external access. The 4 servers are as follows:
- Microsoft Small Business Server 2003 with Exchange Server running.
- Microsoft Windows Server 2003 with Citrix Presentation Server running.
- A Windows XP security camera server with proprietary video remote services.
- A VOIP PBX telephone server (not connected currently...but want it to be). The 25 computers consist of primarily Windows XP boxes with a couple of Mac OSX and Windows 2000 boxes. We also have around 10 network-connected devices (i.e. network printers, scanners, time clocks, etc.). We have 5 mobile users who need to be able to connect to our network through some type of VPN solution. We also have a branch office that has a SonicWall TZ170 Wireless.
My requirements for this project are as follows:
- The device(s) must be a DHCP server for our internal network (192.168.168.x).
- The device(s) must be able to reserve internal addresses for certain devices so that they will always keep the same ip (so that our ip printers & devices will always be at a certain 192.168.168.x address).
- The device(s) must be capable of taking requests for various external public IP addresses and transferring that traffic to static internal-network devices. In example, taking our external IP address
- The device(s) must be able to connect to our Branch Office's SonicWall TZ170 Wireless device creating a VPN tunnel so that the users at that office are able to share our network without having to run local VPN software. (I might be willing to replace the TZ170W if the solution required it)
- We currently use the VPN solution provided in Microsoft's Small Business Server 2003. We like this because it doesn't require any extra software on the remote users computers. We are however interested in replacing this with an SSL VPN device for ease of use and cross-platform support. We have several users that would like to connect via their smartphones and know that this is an option with some manufacturers SSL-VPN products. It would be nice if this SSL VPN device could verify that the connecting user has virus software installed PRIOR to letting them connect.
- Must be easy to setup and maintain. If we add another server it must be easy to create a new public-to-private iIP route with unique policies/rules WITHOUT disturbing the other previously configured settings. This is one problem with our current SonicWall Pro 200...we tried to install a new VOIP server and we couldn't open the ports for just that device...we had to open them for all the traffic.
I sincerely appreciate your help and if I can do anything to help clarify my needs please let me know. I cannot tell you how grateful I am for the help.
< michael