|
Posted by Bradd W. Szonye on April 15, 2005, 6:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I'm planning to expand my home/hobby network from a small gateway-server
setup to a larger, more secure screened-network architecture, and I
would like advice on firewall gear. My requirements:
- Minimal space, noise, and power consumption
- Stability and reliability (no lock-ups, no corruption, no hassle)
- Reasonable cost for home/hobby use ($500 is OK, but $5,000 is not)
- Firewalled routing from perimeter network (DMZ) to trusted network
- Support for both full routing and NAT routing
A three-homed routed with WAN, LAN, and DMZ ports is OK, so long as it
supports filtered routing in both directions between LAN and DMZ. A
traditional two-router setup is also OK, so long as the initial cost
stays well under $1,000 and the power consumption is very low.
Here's what I've been considering so far, with approximate costs. Please
add your own comments, and feel free to recommend other equipment that
meets my requirements.
Watchguard Firebox X5 ($300 + $100/year): At first, this three-homed
router looked ideal. Unfortunately, its configuration is not flexible
enough for my needs. For example, you can choose to permit routing from
the DMZ network to the LAN, but you can't just open a single port (e.g.,
for mail routing) -- the DMZ->LAN firewall is all-or-nothing. That means
I'd need two routers, which is pushing my budget limits.
SonicWALL TZ 170 ($350 + $100/year): This is another three-homed router.
I think it'll do everything I need, but I couldn't tell from the manuals
(which I found confusing, even though I'm good at reading manuals). I've
heard a lot of positive comments about SonicWALL, but a few users have
complained of poor stability and support in the TZ line. I'd appreciate
more data.
SonicWALL TZ 170 Wireless ($550 + $100/year): As above, plus wireless
networking. Seems overpriced, unless the wireless features are a lot
better than what you can get from a Linksys receiver. Is the combo
worthwhile, or should I buy a separate receiver?
Cisco SOHO 91 ($250 + $100/year): If I understood the spec sheets
correctly, this is a two-homed router, so I'd need two of them. I know
very little about this box.
D-Link DFL-200 ($250): Another three-homed router. I have very little
information about it so far, except some rumors that it's OEMed from a
reputable high-end firewall maker. I haven't had time to read the manual
yet.
Small-form-factor computer ($600): I've also considered building a
firewall computer on a Shuttle platform. The higher cost and power
consumption would mandate the three-homed approach, since two routers
would be too expensive. The major problem here is getting three Ethernet
adapters into a Shuttle box, since they only have one built-in port and
one PCI slot.
Reconfigured server ($50 + much labor and risk): I'm planning to retire
my existing server; with just a couple of extra parts, I could turn it
into a dedicated firewall/router instead. Unfortunately, it also means
that I can't switch to the new network setup seamlessly. I expect a lot
more risk and hassle with this approach.
--
Bradd W. Szonye
http://www.szonye.com/bradd
|
|
Posted by Leythos on April 15, 2005, 7:09 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Fri, 15 Apr 2005 18:52:48 +0000, Bradd W. Szonye wrote:
>
> Watchguard Firebox X5 ($300 + $100/year): At first, this three-homed
> router looked ideal. Unfortunately, its configuration is not flexible
> enough for my needs. For example, you can choose to permit routing from
> the DMZ network to the LAN, but you can't just open a single port (e.g.,
> for mail routing) -- the DMZ->LAN firewall is all-or-nothing. That means
> I'd need two routers, which is pushing my budget limits.
You should call them - I've installed about 100 Firebox units in the last
two years, none of the X5, so I can't say for sure, but I've always been
able to create custom IP:Port to IP:Port rules through the LAN/DMZ on
their SOHO units, same with their larger units.
Call and ask them specifically about this.
Also, where did you get the idea that it won't work?
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by BradReeseCom on April 16, 2005, 6:06 pm
If you were Registered and logged in, you could reply and use other advanced thread options
You may wish to investigate "Security" of the Cisco Solution Designer:
http://www.ciscowebtools.com/sa2/child/1.0/index.asp
Sincerely,
Brad Reese
BradReese.Com Cisco Resource Center
Toll Free: 877-549-2680
International: 828-277-7272
Website: http://www.BradReese.Com
|
| Similar Threads | Posted | | INTO FREE COMPUTER GEAR? FREE SAMSUNG 17" LCD Monitor NO TRICKS-NO SCAM-NO PURCHASE! | February 22, 2005, 1:53 pm |
| List of SOHO firewall routers that can do whitelisting | January 14, 2007, 7:30 pm |
| how to setup linksys dsl router with Sonicewall SOHO 2 firewall? | November 22, 2004, 1:14 pm |
| Firewall Advice | August 10, 2004, 9:15 pm |
| Need firewall advice | November 11, 2004, 12:26 pm |
| Network Firewall Advice | November 21, 2005, 12:54 pm |
| need advice on h/ware firewall | November 3, 2007, 9:48 am |
| Firewall Selection Advice | November 4, 2007, 1:04 am |
| Firewall exception list advice | March 11, 2005, 2:02 pm |
| Firewall/Website Publishing Advice? | April 21, 2005, 6:12 pm |
|
XML site map