Netscreen, Watchguard, Cisco, Sonicwall Firewall opinions

[ftechguy]

Hello,

I am planning to add a firewall to our small office network to increase security and to add VPN capability. There are about 50 computers, but the firewall should be able to work well with up to 100 (growing network).

One unique aspect about our network is that our web and email servers are off-site and there are no publicly accessed systems anywhere. So our network is really an extremely large home network. I think this would greatly simplify configuration issues.

Other requirements:
Work with T1 connection.
Need VPN clients for both Mac and PC.
should be able to be administered remotely.
Would be good if a system can be accessed by PC Anywhere (routable IP).

This is just a project on the backburner right now, but I would like to get early research and info soon so when it's time to buy, I can go ahead and order. So if anybody can give me opinions about the different brands and what would be best for my network, it would be great.

Thanks!

 

[JimInKS]

We have a network that sounds almost exactly like yours. I have a Watchguard Firebox 700.

It has no max user restrictions (I think they recommend less than 200 users) and includes VPN (which I haven't used yet). Has a good management interface (but it requires a dedicated windows app). I think it can be administered remotely but I have never used this either.

It has some nice monitors, I can watch bandwidth utilization, see a snapshot of user access, and get quite a few reports out of it. It is rack mountable and is a pretty red color!

This is my first "real" firewall so I don't really have anything to compare it to, but I am satisfied with it.

 

[ftechguy]

That firebox looks good. I'll just have to check out it's vpn capability--thanks!

anybody out there with experience with sonicwall??

 

[AjayM]

I've been using Sonicwall's for the past 3 or so years with good success. They are a snap to setup, in your case you could probably have it up and protecting in a matter of 5-10 minutes. The performance is good on them, so no worries about the misguided network slowdown by putting a firewall in. Security is good as well, I've never had a successful breach (knock on wood) yet, but that is more up to how you setup the firewall (again it's easy with them), and they are active with firmware releases to fix bugs, etc.

On the VPN side I don't know if they have a Mac client, which may be the downside. There are 2 VPN solutions, one is just a software client that allows home computers/laptops connect through VPN to the "other side" of the firewall. You can also use any of the VPN capable Sonicwall boxes and then you could have a full/real 2-way VPN.

As to remote access, using something like PC Anywhere is possible through the firewall, but I'd setup the firewall to VPN through and then PC Anywhere from there. The level of security differences between just using PC Anywhere and using it through just about any well setup VPN are HUGE. Ditto for remote access, I'd never setup a network to have firewall admin access from outside without some level of security to protect it. In a small office setup I'd VPN in and then go admin the firewall.

As to choices, a few years ago I faced the same thing and I had narrowed it down to some of the same choices. I first ruled out any software based firewalls, mostly due to cost (buying a server, OS, and firewall software) and administration (having to worry about OS security on top of firewall security in terms of patches, etc). For the needs I had I was basically ready to go with the Firebox or the Sonicwall, I only made the choice based on a recommendation from a friend of mine. Honestly you probably wouldn't go wrong with any in your list.

Andrew