[itdiscuss] Firewalls

blloyd at buskercom.com blloyd at buskercom.com
Wed Nov 12 11:11:03 EST 2008 

I'm a little bit familiar with the Sonicwall interface because I managed
a 3Com SS3 Firewall for several years.  3Com just rebranded the
Sonicwall system.  I like their interface better than I do the
Watchguard.  I have also managed an Astaro firewall.  It can be a little
difficult to work with until you get used to the interface.  It does
seem to be very robust, though very expensive as well.

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Kevin Brunson
Sent: Wednesday, November 12, 2008 10:48 AM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Firewalls

 

The watchguard product line tries to meet offices that size with the
edge series, which is web managed.  But I am not a huge fan of the edge
series, since those firewalls need regular reboots or they start to
choke.   I would think an X550e would do everything you want, though,
including PPTP or SSL VPN built-in.  It can also handle VLANs, content
filter, Gateway AV/Spyware/Intrusion Protection, and spam filtering if
you want to go that route.  Of course if you are trying to get away from
watchguard, this is probably not very helpful.  

 

Let me also say that if you are used to watchguard configurations, then
going to a sonicwall with enhanced OS (needed to do VLANs and such)
would be a difficult transition.  The two products use a VERY different
philosophy when it comes to management and configuration.  You almost
have to unlearn some of what you did with the watchguard to do similar
things with the sonicwall and vice versa.  Not a criticism, just a
comment.  

 

 

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Wednesday, November 12, 2008 9:29 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Firewalls

 

You make a good point here.  As to the questions, here are my answers:

 

1.       About 25 office users for now.

2.       Yes and I would like to setup a PPTP server for VPN access.
The other possibility would be SSL VPNs.

3.       We don't have any remote offices.

4.       We have up to 3mbs.  Our ISP is Cbeyond.

5.        

a.       I have four VLANs that I want to make static routes for so I
can share resources to the Internet.

b.      I would like to consider some of the protection plug-ins that
some firewalls offer, depending on the expense.  It would be one more
component of a layered security model that I want to develop.

 

Thanks,

 

 

Bill Lloyd 
IT Manager

 

2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604
Fax:     770-417-1747
Cell:     404-379-6963

blloyd at buskercom.com

This email and any accompanying attachments may contain confidential and
proprietary information. If you are not the intended recipient, you are
requested to delete this entire communication immediately. Emails cannot
be guaranteed to be secure or free of errors or viruses. The sender does
not accept any liability or responsibility for any problems that may
result from emails you receive.

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Kevin Brunson
Sent: Wednesday, November 12, 2008 10:21 AM
To: 'IT Discussion Forum'
Subject: Re: [itdiscuss] Firewalls

 

Bill

I think a lot of people miss out on the advantages of having separate
management software.  With web-managed firewalls, you typically make one
change at a time, and then submit.  That makes it easy to see the
effects of one change, but difficult if you need to make large-scale
changes to a firewall.  For example, if you change ISPs and are issued
a new IP scheme.  With a sonicwall, you wait until you know the new link
is working, and then you go through and change the LAN addresses.  Then
you change the rules, routing tables, etc.  It might take you an hour or
more of downtime to get everything configured, depending on the
complexity of the ruleset, and then you just hope that everything is
working right.  

With a watchguard, you make a copy of your config file called "newISP",
make all the changes, get it just the way you want it, and when the ISP
says its go time, you save the new config file over and swap the cable.
Done.  

 

But I hate to get into a discussion of "what firewall should I use" when
I don't know much about the size and complexity of your network.  All of
this seems pretty fruitless until then.

 

1.        How many users?

2.       Do any work from home?

3.       Any remote offices that share server resources?

4.       How much bandwidth do you have?

5.       Any other info that seems relevant?

 

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of blloyd at buskercom.com
Sent: Wednesday, November 12, 2008 9:09 AM
To: discuss at itdiscuss.org
Subject: Re: [itdiscuss] Firewalls

 

I'm working to replace an old Watchguard that is no longer supported.
The main thing I don't like about it is that you have to load software
on a PC to manage the configuration.  I would much rather just login to
the device itself.  Have they changed that at all?

 

 

Bill Lloyd 
IT Manager



2567 Athens Hwy.
Gainesville, GA 30507
Phone: 770-417-1604
Fax:     770-417-1747
Cell:     404-379-6963

blloyd at buskercom.com

This email and any accompanying attachments may contain confidential and
proprietary information. If you are not the intended recipient, you are
requested to delete this entire communication immediately. Emails cannot
be guaranteed to be secure or free of errors or viruses. The sender does
not accept any liability or responsibility for any problems that may
result from emails you receive.

From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Jeffrey Thompson
Sent: Wednesday, November 12, 2008 9:58 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] Firewalls

 

Watchguard has done well for network firewall and web filter for me.

 

On Nov 12, 2008, at 9:32 AM, Lee, Jason wrote:

 

I think I would disappoint those around CITRT (Mainly Justin Moore) if I
didn't say Sonicwall's lineup has been rock solid and cost effective for
us.

 

- jason

 



Bill Lloyd
IT Manager

Busker Communications
2567 Athens Hwy.
Gainesville, GA  30507
Phone:  770-417-1604
Fax:       770-417-1747
Cell:    404-379-6963

blloyd at buskercom.com

This email and any accompanying attachments may contain confidential and proprietary information.  If you are not the intended recipient, you are requested to delete this entire communication immediately.  Emails cannot be guaranteed to be secure or free of errors or viruses.  The sender does not accept any liability or responsibility for any problems that may result from emails you receive.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://optimus.thompsonic.com/pipermail/discuss/attachments/20081112/21b17f54/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 14873 bytes
Desc: image001.jpg
URL: <http://optimus.thompsonic.com/pipermail/discuss/attachments/20081112/21b17f54/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bcilogo25.jpg
Type: image/jpeg
Size: 14873 bytes
Desc: not available
URL: <http://optimus.thompsonic.com/pipermail/discuss/attachments/20081112/21b17f54/attachment-0002.jpg>

More information about the discuss mailing list