[itdiscuss] Firewalls
Kevin Brunson
kevinb at highergroundtech.com
Wed Nov 12 11:26:24 EST 2008
I agree with the sonicwall interface, assuming you are talking about the older version. In the last 2 years or so they moved to a completely different interface. I like the old one significantly more than I like the new one. But the new one uses the same basic philosophy as the Astaro, so if you know the Astaro, you know what to expect from the Sonicwall.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Wednesday, November 12, 2008 10:11 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Firewalls
I'm a little bit familiar with the Sonicwall interface because I managed a 3Com SS3 Firewall for several years. 3Com just rebranded the Sonicwall system. I like their interface better than I do the Watchguard. I have also managed an Astaro firewall. It can be a little difficult to work with until you get used to the interface. It does seem to be very robust, though very expensive as well.
Bill Lloyd
IT Manager
[cid:image001.jpg at 01C944B1.1CF358E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Kevin Brunson
Sent: Wednesday, November 12, 2008 10:48 AM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Firewalls
The watchguard product line tries to meet offices that size with the edge series, which is web managed. But I am not a huge fan of the edge series, since those firewalls need regular reboots or they start to choke. I would think an X550e would do everything you want, though, including PPTP or SSL VPN built-in. It can also handle VLANs, content filter, Gateway AV/Spyware/Intrusion Protection, and spam filtering if you want to go that route. Of course if you are trying to get away from watchguard, this is probably not very helpful.
Let me also say that if you are used to watchguard configurations, then going to a sonicwall with enhanced OS (needed to do VLANs and such) would be a difficult transition. The two products use a VERY different philosophy when it comes to management and configuration. You almost have to unlearn some of what you did with the watchguard to do similar things with the sonicwall and vice versa. Not a criticism, just a comment.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Wednesday, November 12, 2008 9:29 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Firewalls
You make a good point here. As to the questions, here are my answers:
1. About 25 office users for now.
2. Yes and I would like to setup a PPTP server for VPN access. The other possibility would be SSL VPNs.
3. We don't have any remote offices.
4. We have up to 3mbs. Our ISP is Cbeyond.
5.
a. I have four VLANs that I want to make static routes for so I can share resources to the Internet.
b. I would like to consider some of the protection plug-ins that some firewalls offer, depending on the expense. It would be one more component of a layered security model that I want to develop.
Thanks,
Bill Lloyd
IT Manager
[cid:image001.jpg at 01C944B1.1CF358E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Kevin Brunson
Sent: Wednesday, November 12, 2008 10:21 AM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Firewalls
Bill
I think a lot of people miss out on the advantages of having separate management software. With web-managed firewalls, you typically make one change at a time, and then submit. That makes it easy to see the effects of one change, but difficult if you need to make large-scale changes to a firewall. For example, if you change ISPs and are issued a new IP scheme. With a sonicwall, you wait until you know the new link is working, and then you go through and change the LAN addresses. Then you change the rules, routing tables, etc. It might take you an hour or more of downtime to get everything configured, depending on the complexity of the ruleset, and then you just hope that everything is working right.
With a watchguard, you make a copy of your config file called "newISP", make all the changes, get it just the way you want it, and when the ISP says its go time, you save the new config file over and swap the cable. Done.
But I hate to get into a discussion of "what firewall should I use" when I don't know much about the size and complexity of your network. All of this seems pretty fruitless until then.
1. How many users?
2. Do any work from home?
3. Any remote offices that share server resources?
4. How much bandwidth do you have?
5. Any other info that seems relevant?
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Wednesday, November 12, 2008 9:09 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Firewalls
I'm working to replace an old Watchguard that is no longer supported. The main thing I don't like about it is that you have to load software on a PC to manage the configuration. I would much rather just login to the device itself. Have they changed that at all?
Bill Lloyd
IT Manager
[cid:image001.jpg at 01C944B1.1CF358E0]
2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604
Fax: 770-417-1747
Cell: 404-379-6963
blloyd at buskercom.com
This email and any accompanying attachments may contain confidential and proprietary information. If you are not the intended recipient, you are requested to delete this entire communication immediately. Emails cannot be guaranteed to be secure or free of errors or viruses. The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Jeffrey Thompson
Sent: Wednesday, November 12, 2008 9:58 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Firewalls
Watchguard has done well for network firewall and web filter for me.
On Nov 12, 2008, at 9:32 AM, Lee, Jason wrote:
I think I would disappoint those around CITRT (Mainly Justin Moore) if I didn't say Sonicwall's lineup has been rock solid and cost effective for us.
- jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20081112/4655ba5a/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 14873 bytes
Desc: image001.jpg
Url : http://optimus.thompsonic.com/pipermail/discuss/attachments/20081112/4655ba5a/attachment-0001.jpg
More information about the discuss
mailing list