Cisco 1700 Series and Third Party Firewall

[AvayaRedDude]

I'd like to know if I can use a third party, non ASA firewall to use for a Cisco 1760. We have a couple desktops a Windows and an OSX server that could be used for a firewall. How can I configure the 1760 to integrate to the firewall for WAN access. I know upgrading to a 1900 or 2800 series would be the easiest to support Ethernet WAN, etc, but I am stuck with this router to do that.

 

[Viconsul]

How are you currently setup?

 

[AvayaRedDude]

Right now, intranet LAN and IPT (Cisco CME) is running on the Cisco, and another DDWRT is running some LANs and it gives WAN/Internet access. These are two separate networks. The LAN runs on 192.168.1.1/255.255.255.0 and the other network is on 192.168.2.0/255.255.255.0

This current network was setup to be highly isolated to the Internet; leaving a few machines exposed to the outside world, such as application servers, terminal servers, desktops, etc. We would like to somehow integrate the two by continuing to have strong protection, also allowing the Cisco phones to allow the PC side jacks to be also tied to the WAN (you know for web/email/etc) so one drop for a desk, kinda thing.

 

[AvayaRedDude]

...And trying to do this with what we have , if possible.

 

[VinceWhirlwind]

Get your existing FW config off the old FW and do an audit of:
- IP addresses
- FW rules, ie, access lists
- NAT rules
and anything else that relates to its layer3 functions.

Then, build your new config on your new FW. Something nice and cheap like a Fortinet is easy to use and very functional. Or a Juniper SRX - those are seriously cool. In fact there aren't many firewalls that are as overpriced and difficult to configure as CIsco ones.

 

[AvayaRedDude]

Seriously,

I clearly asked if there was a possibility I can use a PC as a firewall with my existing network, a NT 5.1 or a Mac OS X Server, is it possible?

We have a tight budget, and we are on a spending freeze, so if I cannot do it with the options, then just tell me in my face than playing politics and sell me something we can't afford, even if its "cheap"

Thanks

 

[iggsterman]

AvayaRedDude, NO ONE is playing politics. There is no need to insult people here. He gave you the answer based upon your question. You said non Cisco, yes? You also did NOT say you must use PC or OSX.
If you insist, you could intsll Linux and run iptables but this requires at least some expertise in how firewalls work and what they should / should not do. Be advised this is far from ideal solution for network security setup. But it's your network after all.

 

[VinceWhirlwind]

You asked for a "third party, non ASA firewall".
I proposed Fortinet. It is non-cisco, therefore very easy to use and cheap.
I prefer the Juniper which are also very cheap, although there would be more configuration required.

Building your own firewall on a Linux platform, as suggested, would require significant time investment, and carry risks that an out-of-the-box solution wouldn't.
Anything is possible, but some choices are bad choices and carry costs that go beyond a simple matter of prices.

It all depends on how you price your time and rate your expertise. Based on what I see here, it seems likely that a Fortinet would be a good fit.

 

[AvayaRedDude]

I could've thought I could use a NAT firewall ability in Windows NT 5.2 or OS X Server to alleviate this.

I think ASA is a better option, since we got the routing, the switching and UC/IPT setup... Will save up the money once the freeze expires.

I tell you I am no genius (as with most people) but boy is the Internet a pretty flawed protocol compared to other networks like telephony... Leaving it at that.

Sincerely appreciate the help.