Small Office Firewall Options

Hi,

I'm hoping to get some advice on which firewall would be best for me.
The Netscreen 5GT-Wireless Extended looks like it will do what I need.
I've used Netscreeen before and was impressed but I am not aware of
what the alternatives might be.

Ideally I'd like the following
1 internal trusted zone
1 untrusted zone - the internet
1 DMZ - for web/email server
1 trusted wireless zone, full access to trusted zone
1 guest wireless zone, with limited access to trusted zone and the
internet.
The network will have up to 6Mb of traffic and I imagine only 20 or so
concurrent sessions.

Any suggestions would be greatly appreciated.
Thanks,
Tas

Re: Small Office Firewall Options

In article <1192712901.412868.43650@z24g2000prh.googlegroups.com>,
tfrangoullides@gmail.com says...
> Hi,
>
> I'm hoping to get some advice on which firewall would be best for me.
> The Netscreen 5GT-Wireless Extended looks like it will do what I need.
> I've used Netscreeen before and was impressed but I am not aware of
> what the alternatives might be.
>
> Ideally I'd like the following
> 1 internal trusted zone
> 1 untrusted zone - the internet
> 1 DMZ - for web/email server
> 1 trusted wireless zone, full access to trusted zone
> 1 guest wireless zone, with limited access to trusted zone and the
> internet.
> The network will have up to 6Mb of traffic and I imagine only 20 or so
> concurrent sessions.

The cheapest solution is a DFL-700, but you are asking for 4 different
networks - no cheap firewall does that.

So, you want:

1 WAN
1 LAN
1 DMZ
1 Wireless LAN
1 Wireless DMZ

You could just add Access Points to the LAN and DMZ if you don't really
need separate physical networks for them.

If you want a firewall with that many ports (networks) then you need to
start with a WatchGuard X750e with Pro option - that's up to 8 networks
that you can use.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Small Office Firewall Options

On 18 Oct, 14:53, Leythos wrote:
> In article <1192712901.412868.43...@z24g2000prh.googlegroups.com>,
> tfrangoulli...@gmail.com says...
>
>
>
>
>
> > Hi,
>
> > I'm hoping to get some advice on which firewall would be best for me.
> > The Netscreen 5GT-Wireless Extended looks like it will do what I need.
> > I've used Netscreeen before and was impressed but I am not aware of
> > what the alternatives might be.
>
> > Ideally I'd like the following
> > 1 internal trusted zone
> > 1 untrusted zone - the internet
> > 1 DMZ - for web/email server
> > 1 trusted wireless zone, full access to trusted zone
> > 1 guest wireless zone, with limited access to trusted zone and the
> > internet.
> > The network will have up to 6Mb of traffic and I imagine only 20 or so
> > concurrent sessions.
>
> The cheapest solution is a DFL-700, but you are asking for 4 different
> networks - no cheap firewall does that.
>
> So, you want:
>
> 1 WAN
> 1 LAN
> 1 DMZ
> 1 Wireless LAN
> 1 Wireless DMZ
>
> You could just add Access Points to the LAN and DMZ if you don't really
> need separate physical networks for them.
>
> If you want a firewall with that many ports (networks) then you need to
> start with a WatchGuard X750e with Pro option - that's up to 8 networks
> that you can use.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999f...@rrohio.com (remove 999 for proper email address)- Hide quoted text -
>
> - Show quoted text -

Thanks Leythos,

For what I'm trying to do I could add a wireless access point to the
trusted zone... but the other wireless zone isn't exactly the same as
DMZ I'd need a seperate zone for this. That's 4 zones in total.

I had a look at the D-Link documentation but could determine how many
zones it supported.

I'm not sure I'd go for a watchguard... I used a watchguard SOHO a few
years ago and was pretty disappointed.

Tas

Re: Small Office Firewall Options

In article <1192718678.860068.24490@q5g2000prf.googlegroups.com>,
tfrangoullides@gmail.com says...
> For what I'm trying to do I could add a wireless access point to the
> trusted zone... but the other wireless zone isn't exactly the same as
> DMZ I'd need a seperate zone for this. That's 4 zones in total.
>
> I had a look at the D-Link documentation but could determine how many
> zones it supported.

The D-Link has three physical zones.

>
> I'm not sure I'd go for a watchguard... I used a watchguard SOHO a few
> years ago and was pretty disappointed.

The SOHO is the cheapest, smallest, lowest end product there is.

You could also setup dual networks (series) in your DMZ, to isolate the
Wireless....

DMZ PORT 1 ----- NAT DEVICE 1 ---- WEB SERVERS
DMZ PORT 1 ----- NAT DEVICE 2 ---- Guest Wireless

DMZ 192.168.16.0/24
NAT DEVICE 1 192.168.17.0/24
NAT DEVICE 2 192.168.18.0/24

This keeps Guess wireless out of NAT 1 LAN, except for HTTP or what you
expose.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)