hardware firewall recommendation

Looking at Watchguard, Sonicwall and maybe Zyxel hardware firewalls to
fit this scenario.

We have 2 web servers to protect. There are no LAN users, no VPN
needs, and traffic at peak times averages around 180kb / sec (even
though we have a 10mb connection) - so low throughput.

My main needs are a configurable firewall.

For example, server #1 uses 3 public IPs currently (LAN is a /28 of
public IPs, WAN is a /30).

For IP #1 on Server #1, we block all non-US based traffic, so my
current rules start with a bunch of drops:

from: 218.0.0.0/8 to xxx.xxx.xxx.100 drop
from: 210.0.0.0/7 to xxx.xxx.xxx.100 drop

etc.

then let in my web traffic - from anywhere to port 80/443 allow to .
100, .101, .102 etc.

Watchguard was helpful on the phone and recommended the X550e - around
$1,100.00. Seemed a bit overkill as the specs on the smaller X10e
seem to be sufficient.

Anyone familiar with these units? Any suggestions on what we might
look at for a firewall?

Thanks,

Re: hardware firewall recommendation

In article <1186526019.276209.222260@g4g2000hsf.googlegroups.com>,
steve.logan@gmail.com says...
> Looking at Watchguard, Sonicwall and maybe Zyxel hardware firewalls to
> fit this scenario.
>
> We have 2 web servers to protect. There are no LAN users, no VPN
> needs, and traffic at peak times averages around 180kb / sec (even
> though we have a 10mb connection) - so low throughput.
>
> My main needs are a configurable firewall.
>
> For example, server #1 uses 3 public IPs currently (LAN is a /28 of
> public IPs, WAN is a /30).
>
> For IP #1 on Server #1, we block all non-US based traffic, so my
> current rules start with a bunch of drops:
>
> from: 218.0.0.0/8 to xxx.xxx.xxx.100 drop
> from: 210.0.0.0/7 to xxx.xxx.xxx.100 drop
>
> etc.
>
> then let in my web traffic - from anywhere to port 80/443 allow to .
> 100, .101, .102 etc.
>
> Watchguard was helpful on the phone and recommended the X550e - around
> $1,100.00. Seemed a bit overkill as the specs on the smaller X10e
> seem to be sufficient.
>
> Anyone familiar with these units? Any suggestions on what we might
> look at for a firewall?

The X550e is a nice unit, I consider it to be the lowest end of a
network solution for a business. The double digit units are more of a
SOHO solution and while they provide great protection as a real
firewall, they don't have all of the options of the larger units.

An X550e + LSS for 1 year at $1,100 is a good price.

If you pick the WG unit, post here if you need help - I'm almost always
reading this group.


--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: hardware firewall recommendation

On Aug 7, 5:33 pm, "steve.lo...@gmail.com"
wrote:
> Looking at Watchguard, Sonicwall and maybe Zyxel hardware firewalls to
> fit this scenario.
>
> We have 2 web servers to protect. There are no LAN users, no VPN
> needs, and traffic at peak times averages around 180kb / sec (even
> though we have a 10mb connection) - so low throughput.
>
> My main needs are a configurable firewall.
>
> For example, server #1 uses 3 public IPs currently (LAN is a /28 of
> public IPs, WAN is a /30).
>
> For IP #1 on Server #1, we block all non-US based traffic, so my
> current rules start with a bunch of drops:
>
> from: 218.0.0.0/8 to xxx.xxx.xxx.100 drop
> from: 210.0.0.0/7 to xxx.xxx.xxx.100 drop
>
> etc.
>
> then let in my web traffic - from anywhere to port 80/443 allow to .
> 100, .101, .102 etc.
>
> Watchguard was helpful on the phone and recommended the X550e - around
> $1,100.00. Seemed a bit overkill as the specs on the smaller X10e
> seem to be sufficient.
>
> Anyone familiar with these units? Any suggestions on what we might
> look at for a firewall?
>
> Thanks,

Get a used PIX 506 or Netscreen 5GT off Ebay for $500. Hell - with
that low of bandwidth needs get a $150 Linksys from Bestbuy...

If you're needing deep inspection, AV, etc you'll need something more
substantial anyway

Re: hardware firewall recommendation

On Aug 7, 6:33 pm, "steve.lo...@gmail.com"
wrote:
> Looking at Watchguard, Sonicwall and maybe Zyxel hardware firewalls to
> fit this scenario.
>
> We have 2 web servers to protect. There are no LAN users, no VPN
> needs, and traffic at peak times averages around 180kb / sec (even
> though we have a 10mb connection) - so low throughput.
>
> My main needs are a configurable firewall.
>
> For example, server #1 uses 3 public IPs currently (LAN is a /28 of
> public IPs, WAN is a /30).
>
> For IP #1 on Server #1, we block all non-US based traffic, so my
> current rules start with a bunch of drops:
>
> from: 218.0.0.0/8 to xxx.xxx.xxx.100 drop
> from: 210.0.0.0/7 to xxx.xxx.xxx.100 drop
>
> etc.
>
> then let in my web traffic - from anywhere to port 80/443 allow to .
> 100, .101, .102 etc.
>
> Watchguard was helpful on the phone and recommended the X550e - around
> $1,100.00. Seemed a bit overkill as the specs on the smaller X10e
> seem to be sufficient.
>
> Anyone familiar with these units? Any suggestions on what we might
> look at for a firewall?
>
> Thanks,

Hi,

Why Cant you try Cyberoam available through Avaya. It got Load
balancing feature, AV, Antispam and Content filtering in addition to
firewall. It is one of the kind where you can set rules based on users
instead of IP address.

Regards,
Murali Murugesan
Technology Consultant
S3 Networks, Chennai, India