Hardware firewall for SME?

[amaze]

Hi,

We have around 40-50 people within the facility, however only around 15-20 users will be users the internet. Security is important so we want to upgrade to a hardware firewall when we move. We currently have 2 x ADSL. The firewall should obviously we very robust, secure and feature rich (i.e. content flitering, internet blocking etc).

Can anyone recommend a suitable firewall?

Thanks

 

[netcloud]

As security is a concern to you then Checkpoints "safeatoffice" (it won't let me use the at symbol I'm afraid) appliances are very good value for the SME. You can use checkpoints secure VPN client with them as well for remote workers. I believe they support up to around 100 users.

 

[mke]

If the routers you are using are suitable for the task of networking so many people in a business environment, you should be perfectly safe provided you configure them properly. What type of routers are you using? What kind of network are they (or is it) serving?

Alternatively, you could set up a Linux PC as a firewall with all of the features and safety your heart may desire. PM if you need help with it.

 

[leemason]

Have a look at the Billion range of firewalls. Have a look at the BiGuard S6000 which provides full SSL VPN facilities and a host of other features including Dual WAN feeds with auto-failover and load balancing. http://www.billion.uk.com/product/biguard/biguards6000.htm. If that's a bit too rich for you the S20 is also excellent.

 

[KM-Tiger]

Alternatively, you could set up a Linux PC as a firewall with all of the features and safety your heart may desire.

Yes, or get someone else to set it up for you. As mke says the possibilities are endless, and changeable if your requirements change.

One possibility would be to use it also as an MTA to reject and filter Spam before mail is passed to your internal server(s).

 

[Paul Kelly ICHYB]

remember, a hardware firewall is something that runs specific software, an appliance - there are several pieces of (free/OSS) that can do a great job (as good as most appliances) and you only need modest hardware (a 5 year old PC would do the job!).

Have a look at:
IPcop
Smoothwall
Endian
m0n0wall

 

[leemason]

Smoothwall as got to be one of the best Open Source firewalls: http://www.smoothwall.org/. Really excellent.

 

[Deleted member 34610]

If you want a 'solution in a box' I've heard good things about Watchguard, but as always budget is key here. If you have a budget, what is it? Open source solutions are good, but will require you having someone who can set it up for you, or you have to pay someone to do it, which you need to weigh up when comparing it with commercial solutions.

 

[noidea]

consultant, leemason good on you both for mentioning open source I recommend smoothwall...

 

[mke]

Seconded (thirded? fourthed?) on Smoothwall. Good software. Good company.

Budget shouldn't be a factor for a network that size, when assessed against risk. Either a competent systems engineer for a Linux box or router, or a third party app such as Smoothwall will be peanuts in comparison to the month on month, year on year "licence" fee for a proprietary app as compared with a (usually inferior and risky) "commercial", for which read "proprietary, expensive and behind the risk" offering.

As consultant has said, a 5 year old PC could do the job, or a business level router such as Cisco, Draytek Vigor (2820 series advised here, avoid 2800) or 2Wire. Don't risk your data behind a domestic level router.

And as KM-Tiger says, Linux box with added MTA and Spamassassin, you're in connection heaven.

 

[Paul Kelly ICHYB]

following on from other comments, whether it is an expensive appliance or open source solution, if it is set up wrong, it could end up being a brick!

Any IT person with medium experience should be able to set it up and it should then be a case of letting it do its job, with minor review/updating, if any!

 

[noidea]

Most hardware firewall solutions have an integrated linux system of some kind and are built with small amounts of RAM and small processor... it is all you need, so sticking open source on an old PC or buying a really cheap new system would work wonders and could mean as others have suggested you could also stick spam assassin etc. on it and virus checker... maybe even squid! (though you should have a lot of RAM for squid)

As said above any system that is poorly configured is terrible. So expect a day or testing or whatever to tune the settings right.

 

[24x7 Exchange]

I recommend the Cyberguard range of SME firewalls. When I ran an IT support business we implemented these everywhere. They were hardware based on open source linux which meant that they were as powerful as anything else out there but much cheaper. And they were so flexible. You don't have to pay for additional VPN licenses etc and they support every type of VPN service that exists. Definitely worth evealuating

 

[Ukfatboy]

Obviously there are a number of security vendors out their that will supply a hardware appliance. Obvious choices are :-

Sonicwall
Watchguard
Cisco

etc.

Nearly all these vendors will charge for the appliance AND an annual licence/upgrade/support fee AND will charge for additional functionality like vpn , url filtering etc.

Have a look at which is an open source Unified Threat Management Solution ( paid support available ) It will run on X86 platform . just Google it.

Lots of our clients use it with a great deal of success.

____________________________________________

OCM Networks , Proactive ICT Support and Management

 

[Deleted member 34610]

Budget shouldn't be a factor for a network that size, when assessed against risk.

Have to disagree, budget is ALWAYS a factor in any company regardless of size (speaking as an ex-IT Manager). The trick is to measure the liklihood of a security incident, the impact of any possible incident, and invest an appropriate amount of resource (money, staff etc.) to the project to combat the problem.

I also think to describe all commercial products as poor value for money is a bit of a generalisation. If open source was the best way to go for all businesses, why would commercial products still exist? Open source solutions still require skill to install, skill to administer, still require updating as new threats develop, and are still vulnerable to hardware failure as their commercial counterparts (if not more so, if people use 5 year old PC's for a business critical system).

I'm not anti open source, I love it, I think the Bonded ADSL Linux Boot CD from Upstream Internet is an excellent example of open source value. But it's not necessarily the holy grail for all businesses.

 

[noidea]

because....

commercial = marketing + product = money

open source, has been around from the start but it is only fairly recent that more and more people have actually realised what open source means... If it wasn't for the successes for the likes of mozilla/firefox, linux and apache web server it would still be that unknown.

Commercial products are products that make money, therefore they market the products which brings awareness of existence etc. then make money then pour some profits into more marketing and so on... because open source is in effect free software there isn't that budget to make people aware of it. Open Source pretty mcuh got where it has just by word of mouth alone.

 

[mke]

If it wasn't for the successes for the likes of<-snip->, linux and apache web server

there wouldn't be an internet of the type we know in the first place and we would not be discussing issues of mutual interest on forums like this one.

Richard, in essence I agree with you. But for the protection the OP is talking about, most practical solutions are ridiculously cheap within context. Unless, of course, someone is asking for silly money or offering an OTT solution. Actually, re-reading what I wrote, it's not very clear is it?

Lots of us make our livings out of Open Source. The most widely known applications are superb. They are free in the sense of to use, but not in the sense of free beer. If you have the expertise, it's already cost you at least time to learn. If you don't, you need to buy it in, a definite financial cost.

Let the arguments rage about which is cheapest. Longer term, total cost of ownership without enforced licence fees, arbitrary software changes and "updates" and even enforced hardware changes of far too many proprietary offerings certainly gives OS a very clear head start.

Add to that the freedom to develop in your own direction without being locked in to one system that won't work with anything else really does add significantly to the already high quality of the OS offering.

As said elsewhere, it's just plain daft to put any system in a mission critical capacity, open or proprietary, without the requisite expertise to support, run and maintain it, even if that is only via a remote support arrangement.