Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Intergrated Firewall/Spam/VPN Solution

Status
Not open for further replies.
tdoma

tdoma

IS-IT--Management
Aug 13, 2003
94
0
0
US
We currently have a PIX 525 Firewall deployed in our envionment. We have money set aside to spend on security solution. We are looking for an integrated Firewall/Spam solution if we can find a good one. It can either be hardware or software. VPN will be good, but not a absolute requirement, since we probably throw in a Cisco solution on the Catalyst 6500. Any suggestions and recommendtions, plus documented comparisons will be greatily appreciated.

Thanks in advance.
 
Sort by date Sort by votes
Look at the Symantec Gateway product...it is a very strong firewall, with AV scanning (and very nice IPSEC VPN.) It also has a nice ability to filter SMTP traffic. I installed one for a client and was able to configure filters for text-based blocking (in addition to black-list host comparing, and reverse-record-lookup for traffic.)

Of course text blocking stops only about 90% of the total volume (V!agr8 and such garbage still seeps through.)

If you are focusing on Spam, a firewall device is not the best tool, but nice to have it when your focus is firewall...

Alex
 
Upvote 0 Downvote
The Watchguard Firebox has all of the above features. As a firewall it performs brilliantly. The VPN features are handy - it can be used in a variety of configurations:

- VPN server for PPTP client authenticating against Active Directory or firewall itself
- Watchguard MUVPN, which uses Safenet VPN client authenticating against domain, LDAP or other
- manual IPSec tunnels
- Watchguard DVCP IPSec tunnels (really easy to set up an administer)

It falls down on the spam blocking. This is just a list of known spammers as black holes. Then again, I wouldn't set up e-mail filtering based purely on known IPs. You would want some additional filtering performed at the gateway level.

What are your exact requirements? If you only need to support relatively few VPN clients and your internet connection is only around 2MB, you could probably opt for a lower spec firebox and use the money saved on MailMarshal or similar.

Be aware that the firebox requires an annual subscription for URL filtering, web blocking, spam filtering to work.
 
Upvote 0 Downvote
The SGS also requires "Support" for AV and Spam text filters...but so does Mail Marshal and similar SMTP anti-spam software.

Alex
 
Upvote 0 Downvote
Hi There,

Reading al of the comments above they all include what we currently have but also lack a lot of what we currently have on our system:

E-Mail Hosting
Spam Filtering
Proxy Service with content filtering
FTP hosting
Web Hosting
All forms of AV using Sophos
Proxy Control
IPSEC/Road Warrior VPN
Disk2Disk Mirroring for Backup
File SHaring
Network Printing
Ability to fall abck of broadband automatically and connect to any othet dial up serivce (ie ISDN) and continue service.

This product is an Equiinet Netpilot Enterprise.

Get one!

Thanks,
Mike
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
146
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
70
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
167
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
52
WhosYourDiffie
WhosYourDiffie
ITSUPPORTIT
  • Locked
  • Question
VPN from ASA 5510 and RV215W problem
Replies
0
Views
41
ITSUPPORTIT
ITSUPPORTIT

Part and Inventory Search

Sponsor

Back
Top