I am a consultant for network system specially for Microsoft solution. Often I have to choose a firewall for my customer, but actually i did'nt find a good product and every time a purchase a different product. My customer usually are company with 50-100 PC and some of these have one or two branch Office
I am searching a firewall on appliance (non on Personal Computer like Smoothwall) that have a perimetral solution (LAN, DMZ, WAN) and VPN option included.
WatchGuard X750 or larger will do all that you need and they scale by just purchasing licensing upgrades, so you can get more performance without having to replace the units.
formatting link
They are not HTTP configurable, but they are what we install all over the world, pass all audits, and have great support.
Look at the NOKIA firewall/switch VPN solution which uses FW1. The underlying OS is more UNIX-like but that shouldn't be a problem, the underlying OS for Macs is UNIX kernel these days.
You are *not* a consultant, you only claim to be one. A consultant, who deserves that name, would have tested the devices before himself. However, if you need a consultant to become one yourself, well, feel free to hire one.
You should set your focus on 1-2 vendors. To do that you have to test various boxes and make up your mind yourself based on the experience *you*
*yourself* have gained during *your* tests. Because of *your* experience and knowledge you call yourself 'a consultant'.
I'm afraid you have to do your homework yourself in order to become a real consultant and write big bills.
In anycase I have no mutch money to test all the product. I tested some of them like Nokia/FW1 but in this case it was to mutch expensive for a Small/Medium company (it is my opinion) so i wanted to conectrate my test on small appliance. For this reason i wrote the post on this NG.
Wolfgang is correct, although a little harsh to post it like that publically IMNSHO. :-) Somebody great said, "praise in public and criticize in private", but at any rate take a look at what the US IRS (infernal revenue service) considers a consultant. I'm sure you can find it on The Net. I'm not trying to be US-centric... just clear.
In their list of 20 questions to determine consultant status they won't allow you to write off expenses unless for example you drive to multiple clients at multiple locations (different companies), open bank accounts in the name of your corporation, create fictitious name, etc.(these last two don't really matter to us) For example in my case I worked for Sun Micro, cisco, SGI, Bay Networks, etc in the Silicon Valley, and also worked with at least a half dozen different firewalls at a dozen different companies, in different Industries.
The best way to do this with your limited budget is to get a series of employers to hire you to work on their equipment at various locations. It is not bad for your resume to jump all over the place in this manner IF you are working as a 1099 or corp-to-corp worker. Once you do begin to build up your epxerience then start *answering* questions in these groups (I have been hired on just this basis) and if you can get speaking engagements to talk about what your have learned your rates will start to go up. Another route is to come out with papers, or a product everyone uses like LINUX, SSH, Kerberos, etc. We all started out small... learn UNIX or LINUX or OpenBSD... get away from MS windoze sometimes, I say this because learning to click buttons on gagets, is not the same as paying your dues pouring over OS source code for answers, sniffing packets, etc. Take a wide variety of classes in your spare time, forever, always be learning.
A lot of vendors and/or distributors offer devices for testing purposes for free. You just have to ask them. You mentioned Checkpoint FW-1 and even for that product you can get a license key that allows you to examine the product for a reasonable time.
They have all the features you want and yet are quite affordable. I like the interface as it gives a single window to configure the security policies, bandwidth management, virus scanning, load balancing.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.