Firewall solution?

**cookie_monster** · 12th March 2008, 07:43 PM

Our LEA will soon provide us with an incoming IP for some TS or Citrix connections so we need a firewall box.

Anyone here running Cisco kit? I've been looking at the Cisco ASA 5505 and was wondering if anyone is using one.

http://www.pcpro.co.uk/reviews/96040...-asa-5505.html

http://www.cisco.com/en/US/products/...omparison.html

We'll be allowing a limited number of incoming TS connections and maybe a few connections to our intranet. We only have a 10Meg incoming connection so i can't see it being under massive load.

I notice that it is bundled with 2 SSL connection licences so i assume you have to buy extra (is this the case)

Better suggestions?

Cheers.

**FN-GM** · 12th March 2008, 07:48 PM

have you considered smoothwall? From what i have been told its very good.

**Geoff** · 12th March 2008, 08:04 PM

I use a linux box running shorewall. However I will be looking at the smoothwall offering to see if it does what I want.

**cookie_monster** · 12th March 2008, 08:30 PM

I'm open to options. I have some Linux skills but there is a possibility that i won't be around much longer and i don't want to leave the school managing with something that i've lashed together.

I've haven't looked at smoothwall for a while i might take another look.

**raufdean** · 12th March 2008, 09:03 PM

Don;t know how much you want to spend, but have a look at a Netscreen 5GT.:-

http://www.pcwb.com/catalogue/item/NETSCR31

I've used various netscreens over the years. Pretty easy to configure, but very versatile if you need them to be.

Rauf

**john** · 12th March 2008, 09:05 PM

Smoothwall should be worth a good look at, or how about using an off the shelf wirewall / router device that has a WAN port such as one of the Netgears or Drayteks?

**Joedetic** · 12th March 2008, 09:24 PM

Other open source options to consider are pfSense and m0n0wall. Both based on the BSD kernel as opposed to the Linux kernel.

As the others have already mentioned Smoothwall is a good contender. Another Linux based offering would be IPCop.

But yes an ASA or a PIX will do the job, and having used both I personally prefer working on ASAs but it's just preference. You might wish to consider whether a Cisco device is necessary when it might well be full of features you're not going to use, when a custom built box would do the job for a lot lower cost.

**cookie_monster** · 12th March 2008, 09:36 PM

I can see what you're saying Joe i guess you just get that feeling of reliability from a Cisco box i'm sure smoothwall is a pretty good solution so i might give it a look.

Any hardware recommendations?

Anyone using Smoothwall to allow and secure incoming TS connections?

Cheers.

**Ryan** · 12th March 2008, 09:51 PM

Semi-decent PC with ISA Server on it?

**Ric_** · 12th March 2008, 09:58 PM

@cookie_monster: Your concerns about your Linux skills disappearing are well raised. If you go down the Smoothwall route, you can go for the UTM appliance which provides a user-friendly interface and support for bother the hardware and software.

**CyberNerd** · 12th March 2008, 10:02 PM

Your concerns about your Linux skills disappearing are well raised.

I disagree, if he puts in a Cisco box they advertise the job with cisco experience, if he puts in a linux box they advertise for linux experience.

Anyone using Smoothwall to allow and secure incoming TS connections?

not yet, currently we have a linux box doing it - but we have a schoolguardian which is only doing proxy filtering. We plan on moving the linux firewall over to smoothwall.

**Ric_** · 12th March 2008, 10:10 PM

Originally Posted by CyberNerd

I disagree, if he puts in a Cisco box they advertise the job with cisco experience, if he puts in a linux box they advertise for linux experience.

In an ideal world, yes... you and I both know that this is a school though! Either way, it would add an extra £10k to the pay

**torledo** · 12th March 2008, 10:47 PM

Originally Posted by cookie_monster

Our LEA will soon provide us with an incoming IP for some TS or Citrix connections so we need a firewall box.

Anyone here running Cisco kit? I've been looking at the Cisco ASA 5505 and was wondering if anyone is using one.

http://www.pcpro.co.uk/reviews/96040...-asa-5505.html

http://www.cisco.com/en/US/products/...omparison.html

We'll be allowing a limited number of incoming TS connections and maybe a few connections to our intranet. We only have a 10Meg incoming connection so i can't see it being under massive load.

I notice that it is bundled with 2 SSL connection licences so i assume you have to buy extra (is this the case)

Better suggestions?

Cheers.

You can purchase a ASA 5505 vpn bundle that comes with 10 ssl vpn licenses and supports up to 50 fw users. That's essentially a base configuration for the 5505. It'll probably be enough for what you need, the 5505 is entry-level and so doesn't have the prformance or some of the advanced features of the more expensive models i.e no virtual firewall feature with the 5505.

Really depends on you're budget....but i'd recommend an ASA or one of the entry-level checkpoint firewalls.

**cookie_monster** · 13th March 2008, 11:10 AM

I know a couple of local companies that have people who are familiar with Cisco kit so in an emergency they could help out neither support Linux solutions. Attracting skilled IT workers around here has been an issue in the past and asking for Linux skills as well might limit our choice even more.

@ torledo, I was looking at a ASA 5505 but i'm thinking the 25 user limit might be an issue at some point. I might take a look at checkpoints offerings.

We plan on moving the linux firewall over to smoothwall.

I thought Smoothwall was a Linux based solution.

Cheers.

**JamesC** · 13th March 2008, 11:13 AM

Id like to recommend IPCop

LinkBack

Thread Tools

Search Thread

Firewall solution?

Similar Threads

Server 10.4 firewall

2 networks, 1 firewall

no firewall etc

Windows Firewall

Thread Information

Users Browsing this Thread

Posting Permissions