Firewall Appliance

D

dotnerd

Well-Known Member
Joined
Apr 16, 2007
Messages
340
Reaction score
0
Location
Sandton, JHB
Anyone here know where i could get a decent firewall appliance? Ive currently only got a Cisco ASA standing which is a bit overkill for what i want.

It cant really be software since there are too many servers to protect. I just want simple port blocking and defensive measures. Something like the smaller hotbricks is what i need but i cant seem to find a local supplier.
Any ideas?
 
Speak to Martin or Bradley at Galix Consulting. They are the vendors for the SonicWALL range of security appliances.
 
dotnerd said:
Something like that yes, except that its a bit too small. This config switches 190mbit max where my little farm does about ~400mbit so it will slow things down quite a bit ;-(
Click to expand...

What budget are you looking at here? how many users?
It might be the best idea to actually use the current cisco asa u have? which one is it?
just had quick look, u would need a 5520 asa for that kind of throughput, which goes around 50k?
 
Last edited:
thealluseless said:
What budget are you looking at here? how many users?
It might be the best idea to actually use the current cisco asa u have? which one is it?
just had quick look, u would need a 5520 asa for that kind of throughput, which goes around 50k?
Click to expand...

I already have a ASA 5540, but dont really wanna use it for this, nor do i want to spend another 50k.

But it seems i have no choice.
 
other high quality non cisco solutions are still gonna clock around 40k...
unless u can live with less throughput..

why dont u want to use the ASA?
 
dotnerd, how many policies do you currently have configured on your ASA? Also do you have any modules with your Cisco such as URL Filtering or AV etc?

If you do then I suggest the next appliance you purchase be a UTM solution. Check Point is really great for this. Expecially because it uses a technlogy called Stateful Package Inspection. Basically in a UTM solution the appliance keeps the state of the session as well as doing payload inspection within the packets. i.e. When the firewall sends an email to the Antivirus for scanning the AV does not need to send the packets back to the firewall instead it only needes to send an "OK"

What really makes Check Point unique is the management console architecture, the Smart Centre which comes with most Check Point appliances has incredibly sophisticated object orieanted policies. You can create an "object" or "egg" called users and within it have 200 IP addresses.

Nowadays a sale of a Firewall is very difficult as they all pretty much do the same thing. If you are looking for a fast NON scalable firewall then Juniper is great with it's Solid State Application (No software)

Fortinet has geared itself around Datacentres and ISP's. CISCO are a networking company who's secondary focus is security... also to mention how dificult they are to manage/setup and implement.

With the security landscape leaning towards Unified Threat Management I personally think Check Point is a market leader and ahead of the wave.
 
Depending on your budget you might want to look at the checkpoint nokia series, or run checkpoint splat (a secured linux platform on a server)

Works like a charm - its a bit expensive but then you get what you pay for.
 
A Check point Nokia solution is actually really awesome. You get all the benifits from Check Point's great software and all the brilliant features from Nokia's appliances. One of the features I love is that the Nokia appliances have built in HA (High Availability) for redundancy/load sharing. So when time comes that you expand and require those features you don't need to fork out extra cash. :-)
 
FYI.

I just heard wind that you can do a "competitive upgrade" from your ASA to a Check Point appliance. I know you mentioned you wanted to keep the ASA for another purpose but perhaps this is worth looking into?

Here's the link: http://www.checkpoint.com/products/promo/trade-in_102008.html

and here are the Cisco devices that Check Point will do a competitive upgrade from:

Cisco
ASA 5510 PIX 515
ASA 5520 PIX 525
ASA 5540 PIX 535

other vendors include the likes of: Sonicwall, Fortinet, Symantec, Juniper
 
Gnatbox

I own a Gnatbox firewall.. I know they sell appliances as well as the software that can be loaded on an PC.

I'ts FreeBSD based so the networking is sound; just has a nice web based gui..

http://www.gta-firewalls.co.za

I bought a gb250e about 2 years ago for 3K.. that's like the baby one..
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X