 |
 |
I have about 8 servers in my department that I want to protect using a hardware firewall. The department needs a hardware firewall priced between 700-1000, maybe a little more. Does anyone use a hardware firewall? Which ones do you recommend? Thanks Andrew McCormack ************************************************************************************* Andrew, I don't think you'll get much firewall for your budget unless it's used. We bought a pretty low-end one from WatchGuard (Firebox III Model 700) a couple years ago and it was about $3000 for the hardware and the software licenses necessary to run it. Since you are running servers behind it, you probably don't want the SO-HO type units that are meant to protect one or two machines. There are some ongoing costs for support, both hardware and software that you would probably want to get to keep yourself protected, whichever one you settled on. As someone has already pointed out to you, the number of interfaces is important. The more interfaces you have the more flexibility you have in being able to divide up the types of machines you are trying to protect. For instance, our Firebox has 3 interfaces. One we used as the interface to the external network (i.e. Campus Network), and the others we set up one for a "DMZ" which would have public computers behind it (web or email, e.g.), and the other was for "secure" servers (SQL, File, Print) that only our office needed access to. So, the more interfaces you have the more you can control who has access to what. You will also need some sort of switch for each interface going "behind" the firewall so you can connect more than one computer to it. In our case we needed 2 of them. The other things you need to consider are bandwidth and CPU speed. Obviously more of both is better, but how much can you afford? What kind of servers are you protecting and how does this affect bandwidth use? What traffic will have to go through them and how often? What bandwidth are you using now without one? (ACNS can give you an idea of that from the traffic through your router). Do you need failover capability or can you live with it being down for a few hours or days while you get it replaced if it fails? We have been pricing out a new one, and the Netscreen models mentioned are going to run you much more than $1000. You might want to check with the folks over at ACNS and see what they have to say. I've found them pretty easy to work with and they will certainly take the time to help you figure out what you need. Scott Smith Human Resource Information Systems