What appliance to buy?

Hi guys,

I=B4m from Brazil,I work for a company that have 5 Offices in diferent cities.

First office 40 users. Second Office 25 users. Third Office 12 users. Fourth Office 6 users. Fifth Ofifice 2 users.

I would like to install a solution that have this features: Firewall/IDS,Content Filtering(URL blocking),antivirus,Anti-Spam ,VPN and better if it helps Voip in any way.

Up to know i Discovered two companies FORTINET and HOTBRICK they=B4re probably a kind of Linux distribution packed and simplified.

Another option would be to install a Suse LINUX machine nad use it as a Gateway.

What would be easier to install and mantain, and of couse I would not like to pay a fortune every year for a firmware upgrade.

I would like to hear only about solutions that will work both with Windows and Linux.

Best regards, Marcello Dias

Reply to
Marcello
Loading thread data ...

Go with the Fortinet solution. The performance, functionality, security, and management is very strong and the pricing is extremely reasonable. Their platforms include firewall, IPSec VPN, traffic shaping (great for VoIP), and some content filtering out of the box. To get some of the additional features (signatures for anti-virus and intrusion prevention, anti-spam, URL filtering, etc.), you'll need to license them annually and separately (or bundled together). All of our local employees use these at home, and more than a few of our clients use these and are quite happy with them. If you care more about excellent management of multiple devices from a central location, check out the Check Point Edge devices.

Reply to
MJFD.Sr

I recommend that you go for GajShield SecureGate Firewall. We are using GajShield SecureGate Firewall- which includes a ICSA certified Firewall, IPS, Gateway Anti-Virus, URL Filtering, VPN, Bandwidth Management, multiple-isp support - for the past one year and very happy with the solution. The good part about them is that they provide both hardware appliances and software giving us the flexiblity of choosing the platform according to our network needs. For our larger locations we are using the Hardware appliances ( 100 users and above) and for the smaller locations we are using their software appliances running on intel pc's.

You can download the demo from their website

formatting link
and get the pricing details there as well.

Reply to
nt17boy

I recommend that you go for GajShield SecureGate Firewall. We are using GajShield SecureGate Firewall- which includes a ICSA certified Firewall, IPS, Gateway Anti-Virus, URL Filtering, VPN, Bandwidth Management, multiple-isp support - for the past one year and very happy with the solution. The good part about them is that they provide both hardware appliances and software giving us the flexiblity of choosing the platform according to our network needs. For our larger locations we are using the Hardware appliances ( 100 users and above) and for the smaller locations we are using their software appliances running on intel pc's.

You can download the software from their website

formatting link
and get the pricing details there as well.

Reply to
NT17

I'm not familiar with the Fortinet support policy, but does Fortinet offer free firmware upgrades for appliances like the original poster requires?

And I know CheckPoint doesn't offer anything free.

Reply to
gray.wizard

Fortinet gets good reviews, but stay away from Hotbrick. Hotbrick and another company called Xincom just re-badge the same no-name units from Taiwan and put their name on them.

That may be a viable option for you. There are numerous companies that will sell you a turn-key Linux based solution or you could go for a free one, but you'd have to realize that you would be your own tech support and warranty department.

You may want to check into Zyxel's Zywall line. I've never owned one, but they offer all the addon services you require and all firmware upgrades are free.

Don't rush into anything & I'd try to contact some companies to see if you could evaluate some units before you commit your money. Firewall appliances require a significant up-front money investment & often an on-going money investment as well. You don't want to falter and be locked into something you may ultimately hate.

Don't forget the investment you will need to make in knowledge as well. These things don't set themselves up & some can be very complex to get going in a configuration you are happy with.

Don't base too much of your decision on reviews you see on web sites and magazines, either. A lot of the time the reviewers are either idiots who have no business reviewing that kind of equipment or they only test the hardware for a couple hours under unrealistic circumstances before delivering their verdicts.

These pieces of equipment will be protecting your business and livelihood so resist the urge to make snap decisions or "cheap out" if you run across something that strikes you as significantly better than the competition for your usage.

Reply to
gray.wizard

Gray Wizzard,

I agree with the above. The best firewall is the one which is configured most effectively. If you have staff with experience in a particular product you should probably go with that.

If you don't have experience with firewalls perhaps you should look into "Managed Service." This isn't free, but is often less expensive and more secure than doing it in house.

-- Begin shameless plug --

If you're interested in this you may want to check out our "Frontdoor." It is offered as a fully managed service. So you don't have to worry about supporting it in house.

See:

formatting link

-- End of shameless plug --

Scott R. Haven Sr. Systems Engineer Paisley Systems Inc. managed services, consulting, and support

formatting link

Reply to
Scott R. Haven

If you want to go with an easily managed all in one solution with a strong firewall and IPS you should look into the Check Point Safe@Office 500 series. The firmware and security updates are bundled with the annual antivirus updates service. The boxes can be managed remotely via SSH or HTTPS, and a wireless model also exists, if you want to allow secure wireless networking in any of your offices. Content filtering is available as a subscription service for a fairly low fee. As for helping VoIP, the appliances have QoS capabilities that would allow you to prioritize the VoIP traffic. Also, site to site and remote access VPN is a breeze to set up and remote access client licenses are included in the appliance costs. I recommend you download the datasheet and see if this solution works for you. Details can be found here:

formatting link

Reply to
TechGrrl

Remember that the firewall(FW) divides the world into two groups,

*us* vs. *them*. Almost all of the above are defenses against *them*. However, there is a real world problem with *us*; namely, mobile laptops, USB Thumbdrives, and (less frequently today) the 1.44mb floppy. The anitvirus solution must be in place for every system in the organization, and the IDS solution can be a big help too. The VPN is also problematic, in that it is behind the firewall and when there's a connection, your first line of defense is no longer the local FW, but the FW at the remote users system. You're also expose to the environment that is present on that remote system. How clean is it? How do you know that and when did you last verify it?

In today's interconnected world, the *us* vs. *them* division is not as simple as it may first appear.

Reply to
Jeff B

Thanks for having the class to mention up front that you have a vested interest in the product you are recommending. Too many people suggest some super uber-product that they "heard" about which turns out that they also happen to be the CEO of the company that exclusively sells the product they heard about.

Two definite thumbs up for mentioning your product in a way that doesn't come off as being spammy.

Reply to
gray.wizard

Gray Wizard,

Thanks. I hate that too. Besides I'd think usenet users would be a little too smart for that.

I guess this is why I'm not in sales. :) Honestly most other firewalls are also good it just depends on what you need.

Scott R. Haven Sr. Systems Engineer Managed Security Services Paisley Systems, Inc.

formatting link

Reply to
Scott R. Haven

I can't help but notice that "TechGrrl" is a really big fan of Checkpoint! :-)

Scott R. Haven Sr. Systems Engineer Managed Security Services Paisley Systems, Inc.

formatting link

Reply to
Scott R. Haven

Every brand has its fans. When a brand loses its fans it usually goes out of business.

Reply to
gray.wizard

I run a network with approx 750 workstations and 40 servers in about a dozen different office buildings scattered all over the city, and interconnected via a mix of fiber, wireless, private SDSL and T1 lines.

I use SuSE Linux on a 2.4GHz P4 machine with dual NICs as my firewall appliance and it works beautifully well. The price of the software is right ;-) and support via the collective knowledge of the SuSE user community worldwide just simply blows away most every commercial support contract we've got. Using SuSE Linux as your firewall system does require you to invest some time and effort into learning it.

I'm up to SuSE 9.3 (soon to upgrade to 10.x) and have been running SuSE since iptables in kernel 2.4 came out (version 8.0???) . Before that I used OpenBSD. I've never gotten hacked, though thousands have tried.

Reply to
w2k3newbie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.