What makes a good firewall? 1

[tookawhile]

I'm trying found out the difference between, say a $200 firewall and $1000 firewall - if you only want good basic firewall for say a small business for 20 odd people and 1 WAN connection is really worth spending alot of money?

Say I had a simple Netgear firewall, like the ones you can buy in the stores, what basic features would it lack?

I may need the odd rule or 2, VPN for about 10 people, so do I need to spend alot $500 plus?

 

[robbym627]

I would say it would somewhat depend on what type of business you are using it for. How sensitive is the data the company has. I personally would not purchase a firewall that would be used in a residential application. I would spend the extra and get a firewall designed for business use. I personally have moved away from commercial firewalls and started building my own with the many linux distros out there and the minimal hardware requirements they have you can build exactly what you want without spending thousands of dollars.

 

[RCorrigan]

If for a Business Application, consider SONICWALL .... relatively cheap, runs Global VPN, has rules .... I use them !!!!!

HTH

<Do I need A Signature or will an X do?>

 

[tookawhile]

Ok.

We currently use a Netgear FVS328 but I have been offered an old Nokia IP650 - is it worth changing over to the Nokia IP650? It was good in it's day.

Thanks or the Sonicwall info.

If I buy a firewall appliance that also has AV protection etc (an all-in-one security appliance) would it then be Ok to not run any type of AV app on the desktops? I know I would lose local protection but is it a great risk?

 

[pgaliardo]

If I buy a firewall appliance that also has AV protection etc (an all-in-one security appliance) would it then be Ok to not run any type of AV app on the desktops? I know I would lose local protection but is it a great risk?

I would advise against it. I know 99.99% of viruses come from the outside world and e-mail now, but what about the remote chance that a user brings an infected document from home on a USB Drive or floppy (if they still exist).
We run a Firewall, Mail Security Device with Anti-Virus, a Corporate Edition Anti-Virus Program and local AV. I don't believe there is a such thing as overkill when it comes to security.

 

[tookawhile]

Thanks - good advice and taken onboard.

 

[tookawhile]

So...is the old Nokia IP650 worth hanging keeping?

 

[Stevehewitt]

Enterprise grade firewalls normally have additional features such as propper routing abilities, more flexibile rule options, support for networking protocols and most importnatly better intelligence such as SPI - which is critical for all but the smallest of home users.
Also items such as integration with 3rd parties such as using a RADIUS server, or even Active Directory - superb if the firewall is also a VPN endpoint. (Again, a lot of small ones don't support it.)

In terms of your Anti-Virus - I use the FortiGate line of products which has AV, and can also have web filtering, IDS and spam. We only use the AV and IDS - however I strongly, recommend it. That additional layer is a nice safety net. I like the fact that nearly all viruses that come my way get stopped at the gateway rather than the server / client.
Also very usefull if a client has a virus that the AV hasn't picked up - otherwise how do you know that it has a virus?

 

[tookawhile]

The FVS328 has SPI, VPN and the such like, but wondering if I should upgrade it.

Ideally, I would like one appliance that can do the lot, firewall, AV, VPN and RADIUS seems attractive can you recommend any make/models?

I would also like it to be firmware based, unlike the IP650.

 

[DC2006]

Hi, I would agree with pgaliardo and say that a distributed AV infrastructure is recommended. The recommendation would be to deploy AV on your desktops and servers regardless of whether the Firewall you purchase supports this capability or not. With regard to a Firewall device, I would recommend you take a look at the Juniper Netscreen range, for a small business like yourselves, take a look at the Juniper Netscreen 5 series. These offer Firewall, VPN and AV functionality. These are reasonably priced and do not have high maintenace costs like the Nokia's. With regard to a RADIUS server, I would recommend a built in RADIUS server such as Microsoft IAS which is free with Microsoft Windows or a Linux equivalent.

 

[paintballer]

If you want built in AV, Spam filter, web content filtering etc... Look into devices that claim to do "UTM" or Unified Threat Management", I support Fortinet devices which do this very well, but I don't do all the competing devices, so I can't say who's is better. Their prices are about middle of the road.

http://www.foritnet.com

 

[Spirit]

What makes a good firewall?

One that is monitored!

You can buy one for £20k but if its badly implimented and you don't get reports of what is going on with it then just don't bother and buy the cheapest one possible.

Whats the point of a burgalar alarm without a siren?

Iain