I have been looking at a router/firewall upgrade to an "internet security appliance" (ISA) for a small business to expand capavility for remote VPN access, VoIP, NAT/PAT, multi host DMZ, support for desktop videoconferencing configurations, etc. Net search points to Sonicwall, ZyXEL/Zywall and on high end Cisco.. . So far Zywall 70 seems closest fit to functions/features allowing some room for user growth. Any comments/suggestions on experiences with ISAs? Thanks iun advance for any comments.
Brock
Brock Wolfe ______________________________________ Expect problems and eat them for breakfast. -- Alfred A. Montapert (American Author) ______________________________________
A PIX 501 is between $774 and $1249 depending on users (low end is 10, upper is unlimited, 50 is $1099). That's list, you should be able to easily get 30% off from a reseller.
I haven't worked with the PIX in a while, but I believe all the models support the same features, it's just a matter of capacity and interfaces. There's only one software image for all the devices.
The nice thing about dealing with Cisco is that their support is amazing. I have yet to run into an organization with better support.
Sean
On Tue, 8 Feb 2005, Brock Wolfe wrote:
I have been looking at a router/firewall upgrade to an "internet security appliance" (ISA) for a small business to expand capavility for remote VPN access, VoIP, NAT/PAT, multi host DMZ, support for desktop videoconferencing configurations, etc. Net search points to Sonicwall, ZyXEL/Zywall and on high end Cisco.. . So far Zywall 70 seems closest fit to functions/features allowing some room for user growth. Any comments/suggestions on experiences with ISAs? Thanks iun advance for any comments.
Brock
Brock Wolfe ______________________________________ Expect problems and eat them for breakfast. -- Alfred A. Montapert (American Author) ______________________________________
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
I'd strongly discourage you from SonicWall. Specifically, I have had +10 of their TZ170 and older SOHO2 & SOHO3 models die on me since this summer. There are definitely quality issues there. I think their higher end units are decent, though.
The Firebox from WatchGuard are supposedly pretty decent.
Sean A. Walberg said:
A PIX 501 is between $774 and $1249 depending on users (low end is 10, upper is unlimited, 50 is $1099). That's list, you should be able to easily get 30% off from a reseller.
I haven't worked with the PIX in a while, but I believe all the models support the same features, it's just a matter of capacity and interfaces. There's only one software image for all the devices.
The nice thing about dealing with Cisco is that their support is amazing. I have yet to run into an organization with better support.
Sean
On Tue, 8 Feb 2005, Brock Wolfe wrote:
I have been looking at a router/firewall upgrade to an "internet security appliance" (ISA) for a small business to expand capavility for remote VPN access, VoIP, NAT/PAT, multi host DMZ, support for desktop videoconferencing configurations, etc. Net search points to Sonicwall, ZyXEL/Zywall and on high end Cisco.. . So far Zywall 70 seems closest fit to functions/features allowing some room for user growth. Any comments/suggestions on experiences with ISAs? Thanks iun advance for any comments.
Brock
Brock Wolfe ______________________________________ Expect problems and eat them for breakfast. -- Alfred A. Montapert (American Author) ______________________________________
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean A. Walberg sean@ertw.com http://www.ertw.com _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- The Seed Organization
I've heard that the products from FortiNet are really good (http://www.fortinet.com/), good as a router, does vpn and that kinda stuff, and also does antivirus stuff. I've never used one, but from what i've hard from people who use them, and from the presentation at IPAM's security conference last year, I was very impressed.
Theo
Spencer Kuziw wrote:
I'd strongly discourage you from SonicWall. Specifically, I have had +10 of their TZ170 and older SOHO2 & SOHO3 models die on me since this summer. There are definitely quality issues there. I think their higher end units are decent, though.
The Firebox from WatchGuard are supposedly pretty decent.
Sean A. Walberg said:
A PIX 501 is between $774 and $1249 depending on users (low end is 10, upper is unlimited, 50 is $1099). That's list, you should be able to easily get 30% off from a reseller.
I haven't worked with the PIX in a while, but I believe all the models support the same features, it's just a matter of capacity and interfaces. There's only one software image for all the devices.
The nice thing about dealing with Cisco is that their support is amazing. I have yet to run into an organization with better support.
Sean
On Tue, 8 Feb 2005, Brock Wolfe wrote:
I have been looking at a router/firewall upgrade to an "internet security appliance" (ISA) for a small business to expand capavility for remote VPN access, VoIP, NAT/PAT, multi host DMZ, support for desktop videoconferencing configurations, etc. Net search points to Sonicwall, ZyXEL/Zywall and on high end Cisco.. . So far Zywall 70 seems closest fit to functions/features allowing some room for user growth. Any comments/suggestions on experiences with ISAs? Thanks iun advance for any comments.
Brock
Brock Wolfe ______________________________________ Expect problems and eat them for breakfast. -- Alfred A. Montapert (American Author) ______________________________________
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean A. Walberg sean@ertw.com http://www.ertw.com _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- The Seed Organization
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
I work for Qanda Networks, one of the Fortinet gold partners in Winnipeg. I've put them into healthcare, government, education and financial institutions with fairly good success.
They have soho boxes starting at around $500-700, I believe, all the way up to Chassis based solutions. They're hardware based antivirus/vpn/firewall/ips using their own "FortiASIC".
Their VPN is easier to setup for most people than PIX or IOS, and the FG-60 does 19-20Mb/s 3DES or AES-128/256 where a PIX 501 or 1711/12 does 3-5 depending on algorithm, I believe.
If you have any questions about them you can contact me on or off list, or by phone at 204-255-2595.
Also, I was at IPAM for that presentation last year, and if you wanted a presentation for MUUG I could probably arrange it.
Cheers.
--- Michael J. Dikkema, CCNP, CCIP Senior Systems Engineer - Qanda Networks mjd@moot.ca
On Tue, 8 Feb 2005, Theodore wrote:
I've heard that the products from FortiNet are really good (http://www.fortinet.com/), good as a router, does vpn and that kinda stuff, and also does antivirus stuff. I've never used one, but from what i've hard from people who use them, and from the presentation at IPAM's security conference last year, I was very impressed.
Theo
Spencer Kuziw wrote:
I'd strongly discourage you from SonicWall. Specifically, I have had +10 of their TZ170 and older SOHO2 & SOHO3 models die on me since this summer. There are definitely quality issues there. I think their higher end units are decent, though.
The Firebox from WatchGuard are supposedly pretty decent.
Sean A. Walberg said:
A PIX 501 is between $774 and $1249 depending on users (low end is 10, upper is unlimited, 50 is $1099). That's list, you should be able to easily get 30% off from a reseller.
I haven't worked with the PIX in a while, but I believe all the models support the same features, it's just a matter of capacity and interfaces. There's only one software image for all the devices.
The nice thing about dealing with Cisco is that their support is amazing. I have yet to run into an organization with better support.
Sean
On Tue, 8 Feb 2005, Brock Wolfe wrote:
I have been looking at a router/firewall upgrade to an "internet security appliance" (ISA) for a small business to expand capavility for remote VPN access, VoIP, NAT/PAT, multi host DMZ, support for desktop videoconferencing configurations, etc. Net search points to Sonicwall, ZyXEL/Zywall and on high end Cisco.. . So far Zywall 70 seems closest fit to functions/features allowing some room for user growth. Any comments/suggestions on experiences with ISAs? Thanks iun advance for any comments.
Brock
Brock Wolfe ______________________________________ Expect problems and eat them for breakfast. -- Alfred A. Montapert (American Author) ______________________________________
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- Sean A. Walberg sean@ertw.com http://www.ertw.com _______________________________________________ Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-- The Seed Organization
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
Roundtable mailing list Roundtable@muug.mb.ca http://www.muug.mb.ca/mailman/listinfo/roundtable
-
Brock Wolfe -
Michael J. Dikkema -
Sean A. Walberg -
Spencer Kuziw -
Theodore