Re: Small office firewall/vpn/security appliance

"CCMiami" <nospam@modeldriven.org> wrote in message
news:fGeZe.29808$dm.25937@lakeread03...
> We are setting up a new office network and would like some
> advise/experience on firewalls. I have looked at the messages but am
> still confused :)
>
>
>
> Today we have a single external connection (business cable 2/4) but may
> want to expand with a backup. There will be 2-3 externally visible
> servers with their own IP and a small LAN - 15 users. We need VPN access
> (10 licenses) to the servers for external users. We will probably set up
> the internal lan using a "store" router for NAT but could also use the
> firewalls NAT. We would like (of course) as much protection as we can
> get - including intrusion, VP. The degree of "inspection" on the firewall
> is important but it is hard to see around the marketing. I expect to set
> up some wireless, but using a separate access point - we will also set up
> a "guest" wireless (possibly outside the firewall). We also want to make
> sure we can still use applications - FTP, Netmeeting, etc.
>
>
>
> It is even hard to tell what these things really cost when you get the
> protection packages. I have listed what I THINK they cost. Questions I
> have are;
>
> - Stability -> Very Stable
>
> - Degree of protection -> AV signiture set is an in the wild (not a bad
> option as the Netscreen AV kills the CPU with its "full" set), IPS is
> good, antispyware is good
>
> - Speed -> if you turn all services on combined throughput can drop to
> around 5-10Mbps
>
> - Expected life/upgrades -> I would expect a new model out next year
>
> - Support for multiple IP addresses and routing -> OPT port, get the
> Enhanced OS if you can
>
> - Real cost -> Bundle is good, it includes Gateway AV, IPS, Antispyware,
> Content Filtering, and Viewpoint Reporting. GAV/IPS/AS, CF require 2nd
> year renewals
>
> - Complexity to admin (Tech users but no dedicated support) - Easy, nice
> GUI, enhanced OS is a bit daunting to newbies because it does so much
>
> - Marketplace position - Top of this segment
>
> - Support - pretty good (that bundle includes 1 Year 8x5)
>
>
> SonicWALL TZ 170 25-Node Comprehensive Gateway Security Bundle $750 (May
> be more hidden $)
>
> -- But it looks like VPN clients are $$30/each, so ad $300! < BIG NOTE:
> Sonicwalls GVPN Clients are licensed to the firewall and CONCURRENT
> licenses, not seat based. So if you have 10 users but only 3 at one time
> will be using the VPN you only need 3 licenses (but can install it as much
> as you like).
>
> -- Hints of stability problems. -> They had some minor issues with 3.0
> early on, 3.1 is very stable.
> -- Market leader? Yup. Only real competition is Juniper/Netscreen &
> Fortigate. They are having problems expanding their IPS on the 5GTs, the
> CPU can't handle it. Their gateway AV absolutely kills the CPU, no
> antispyware, and to go fully zoned is bloody expensive. Fortigates in the
> crap because the stole some of their code, they got spanked in court. The
> 1st Gen of the model you listed crapped out when you enabled AV and they
> are going backwards fast. Fortinets long term $$$$ stability is in
> question. Neither Cisco or Checkpoint get off the starting grid with their
> lack of features.

>
Received on Sat Oct 15 04:35:35 2005