Re: Off most blacklists, now looking for hardware firewall

2008-10-03 Thread Angus Scott-Fleming 
On 2 Oct 2008 at 15:05, Holstrom, Don  wrote:

> Many thanks to this list. Sent me in the right direction, right away. I
> truly wish I could return the favor, but as a Master of None...
> 
> I would like to set up a hardware firewall outside of my router and its
> firewall. I'd like to keep the cost under $1,000. Way under if possible.
> I keep hearing about the Cisco PIX, but it seems costly. Is this
> Ironport I hear about also costly? Any other ideas? I really need to
> batten down the hatches...

IPCop running on an old PC, cost: one CD blank, one extra NIC. 
http://ipcop.org/, download the 4.1.20 ISO and the 4.1.21 patch.

--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+---+




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Off most blacklists, now looking for hardware firewall

2008-10-03 Thread Phil Brutsche 
I guess we're lucky to... the only time I've needed their support is
when a unit has truly gone bad... a very very rare occurance. We have a
dozen TZ 170s in service...

Andy Ognenoff wrote:
> I guess we're lucky then...I've never experienced a functional issue with
> any of our SonicWall products.  The comment about support, however, I can
> definitely concur with.  Late with responses and all
> "English"-as-a-second-language techs.

-- 

Phil Brutsche
[EMAIL PROTECTED]

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-03 Thread Andy Ognenoff 
I guess we're lucky then...I've never experienced a functional issue with
any of our SonicWall products.  The comment about support, however, I can
definitely concur with.  Late with responses and all
"English"-as-a-second-language techs.

 - Andy O.

>-Original Message-
>From: Erik Goldoff [mailto:[EMAIL PROTECTED]
>Sent: Thursday, October 02, 2008 5:43 PM
>To: NT System Admin Issues
>Subject: RE: Off most blacklists, now looking for hardware firewall
>
>That's completely unacceptable in a production product, especially one that
>is critical to security


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Erik Goldoff 
That's completely unacceptable in a production product, especially one that
is critical to security 

-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 02, 2008 4:34 PM
To: NT System Admin Issues
Subject: Re: Off most blacklists, now looking for hardware firewall

They frequently have growing pains when they introduce a new generation of
hardware with a major new software version. The NSA series is the "latest
and greatest" and unfortunately such things are to be expected.

We currently use a PRO 4060. When we got it in 2003 we had huge trouble with
spontaneous reboots and general weirdness when running the 2.2.x.y firmware.
We stuck with it though, and now it became a rock-solid machine when the
2.5.0.0 firmware came out. More general weirdness when 3.0.0.0 came out...
solved with 3.1.0.0 and 3.2.0.0.  
More general weirdness when 4.0 came out... solved with 4.0.1.0.

If you fast forward to 2010 and get a NSA2400 chances are you won't have any
problems.

James Kerr <[EMAIL PROTECTED]> previously uttered:

> LOL, I just went through two sonic walls NSA2400s in a month and 
> returned both, first one was defective from the box and the second I 
> ran into an issue and I needed some clarity from their tech support so 
> I opened a ticket. The helpdesk said someone would contact me within 1 
> day. 10 days later I finally got an email from someone but I had 
> already RMA the thing and ordered a Watchguard. Never again I tells ya!

-- 

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ No virus
found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.173 / Virus Database: 270.7.5/1703 - Release Date: 10/2/2008
7:46 AM


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Re: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Phil Brutsche 
They frequently have growing pains when they introduce a new  
generation of hardware with a major new software version. The NSA  
series is the "latest and greatest" and unfortunately such things are  
to be expected.

We currently use a PRO 4060. When we got it in 2003 we had huge  
trouble with spontaneous reboots and general weirdness when running  
the 2.2.x.y firmware. We stuck with it though, and now it became a  
rock-solid machine when the 2.5.0.0 firmware came out. More general  
weirdness when 3.0.0.0 came out... solved with 3.1.0.0 and 3.2.0.0.  
More general weirdness when 4.0 came out... solved with 4.0.1.0.

If you fast forward to 2010 and get a NSA2400 chances are you won't  
have any problems.

James Kerr <[EMAIL PROTECTED]> previously uttered:

> LOL, I just went through two sonic walls NSA2400s in a month and
> returned both, first one was defective from the box and the second I
> ran into an issue and I needed some clarity from their tech support so
> I opened a ticket. The helpdesk said someone would contact me within 1
> day. 10 days later I finally got an email from someone but I had
> already RMA the thing and ordered a Watchguard. Never again I tells ya!

-- 

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread James Kerr 
LOL, I just went through two sonic walls NSA2400s in a month and returned 
both, first one was defective from the box and the second I ran into an 
issue and I needed some clarity from their tech support so I opened a 
ticket. The helpdesk said someone would contact me within 1 day. 10 days 
later I finally got an email from someone but I had already RMA the thing 
and ordered a Watchguard. Never again I tells ya!






SonicWALLs get a bad rap, but they work well for me and my employer. A
SonicWALL TZ 190 is a sweet little box that runs $600-ish.


I like SonicWall too, we've got a Pro 2040 and a TZ190.  The TZ190 is 
really

nice but once you add support and GAV/IPS you're at the $1000 mark.

- Andy O.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~ 



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Andy Ognenoff 
>FortiNet has a good reputation, but they are almost as expensive as a
>Cisco. They're not lacking in the feature set department though. I've
>never used them myself.

I really like the FortiGate-60B for SOHO.

>SonicWALLs get a bad rap, but they work well for me and my employer. A
>SonicWALL TZ 190 is a sweet little box that runs $600-ish.

I like SonicWall too, we've got a Pro 2040 and a TZ190.  The TZ190 is really
nice but once you add support and GAV/IPS you're at the $1000 mark.

 - Andy O.





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Phil Brutsche 

Typo

I meant to put $1000 :)

Erik Goldoff <[EMAIL PROTECTED]> previously uttered:


ASA 5505 for under $100 ??? WHERE ? Or was that a type and you meant under
$1000 ???


--

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Chinnery, Paul 
I guess it depends on what you define as expensive. But for SOHO, Watchguard is 
nice. I've built a few vpn's to some Watchguard boxes and it was pretty easy.

-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 02, 2008 3:39 PM
To: NT System Admin Issues
Subject: RE: Off most blacklists, now looking for hardware firewall


If you think a PIX can get expensive you haven't seen an ASA yet!

"Chinnery, Paul" <[EMAIL PROTECTED]> previously uttered:

> Sorry, I didn't seen the earlier posts on this thread.  PIx can be   
> expensive depending on the options.  I'd suggest ASA or possibly   
> Watchguard.

-- 

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Erik Goldoff 
ASA 5505 for under $100 ??? WHERE ? Or was that a type and you meant under
$1000 ??? 

-Original Message-
From: Phil Brutsche [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 02, 2008 3:39 PM
To: NT System Admin Issues
Subject: Re: Off most blacklists, now looking for hardware firewall

If by router you mean a Linksys or DLink or Netgear or ... you are better
off just tossing it altogether.

You keep hearing about Cisco PIXes, but keep in mind that Cisco EOS'd (EOS =
End Of Sale) a year or two ago. They've been replaced with the ASA (Adaptive
security Appliance) line. The only ASA under $100 is the ASA 5505.

If you have your heart set on a PIX... these days the only way to get a PIX
is to get a used one. You should be able to get a used PIX 506E for under
$400, but I wouldn't go any lower than a 515/515E.

Always be aware that Cisco's reputation for quality stems from their IOS
routers and their switches, and doesn't necessarily extend to their other
product lines. It's not that they aren't reliable... it's that you can get a
firewall from another vendor with better performance and a superior feature
set for less money.

FortiNet has a good reputation, but they are almost as expensive as a Cisco.
They're not lacking in the feature set department though. I've never used
them myself.

SonicWALLs get a bad rap, but they work well for me and my employer. A
SonicWALL TZ 190 is a sweet little box that runs $600-ish.

Other vendors to look at: Netscreen, Watchguard. I know nothing about the
products though.

"Holstrom, Don" <[EMAIL PROTECTED]> previously uttered:

> I would like to set up a hardware firewall outside of my router and 
> its firewall. I'd like to keep the cost under $1,000. Way under if
possible.
> I keep hearing about the Cisco PIX, but it seems costly. Is this 
> Ironport I hear about also costly? Any other ideas? I really need to 
> batten down the hatches...

-- 

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
<http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~ No virus
found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.173 / Virus Database: 270.7.5/1703 - Release Date: 10/2/2008
7:46 AM


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Phil Brutsche 

If you think a PIX can get expensive you haven't seen an ASA yet!

"Chinnery, Paul" <[EMAIL PROTECTED]> previously uttered:

Sorry, I didn't seen the earlier posts on this thread.  PIx can be   
expensive depending on the options.  I'd suggest ASA or possibly   
Watchguard.


--

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

Re: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Phil Brutsche 
If by router you mean a Linksys or DLink or Netgear or ... you are  
better off just tossing it altogether.

You keep hearing about Cisco PIXes, but keep in mind that Cisco EOS'd  
(EOS = End Of Sale) a year or two ago. They've been replaced with the  
ASA (Adaptive security Appliance) line. The only ASA under $100 is the  
ASA 5505.

If you have your heart set on a PIX... these days the only way to get  
a PIX is to get a used one. You should be able to get a used PIX 506E  
for under $400, but I wouldn't go any lower than a 515/515E.

Always be aware that Cisco's reputation for quality stems from their  
IOS routers and their switches, and doesn't necessarily extend to  
their other product lines. It's not that they aren't reliable... it's  
that you can get a firewall from another vendor with better  
performance and a superior feature set for less money.

FortiNet has a good reputation, but they are almost as expensive as a  
Cisco. They're not lacking in the feature set department though. I've  
never used them myself.

SonicWALLs get a bad rap, but they work well for me and my employer. A  
SonicWALL TZ 190 is a sweet little box that runs $600-ish.

Other vendors to look at: Netscreen, Watchguard. I know nothing about  
the products though.

"Holstrom, Don" <[EMAIL PROTECTED]> previously uttered:

> I would like to set up a hardware firewall outside of my router and its
> firewall. I'd like to keep the cost under $1,000. Way under if possible.
> I keep hearing about the Cisco PIX, but it seems costly. Is this
> Ironport I hear about also costly? Any other ideas? I really need to
> batten down the hatches...

-- 

Phil Brutsche
[EMAIL PROTECTED]


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Erik Goldoff 
You don't say what size network you're trying to protect, nor how you use
the network.  You could get something like a Juniper/Netscreen NS-5 series
for in the $500 range if I remember correctly ... Although they're about to
discontinue that line for a new model (but that may make the price lower on
existing stock)  Something a bit less might do like the Netgear FVS series,
all depends on your needs 

-Original Message-
From: Holstrom, Don [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 02, 2008 3:05 PM
To: NT System Admin Issues
Subject: Off most blacklists, now looking for hardware firewall

Many thanks to this list. Sent me in the right direction, right away. I
truly wish I could return the favor, but as a Master of None...

I would like to set up a hardware firewall outside of my router and its
firewall. I'd like to keep the cost under $1,000. Way under if possible.
I keep hearing about the Cisco PIX, but it seems costly. Is this Ironport I
hear about also costly? Any other ideas? I really need to batten down the
hatches...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
  ~ No virus
found in this incoming message.
Checked by AVG - http://www.avg.com
Version: 8.0.173 / Virus Database: 270.7.5/1703 - Release Date: 10/2/2008
7:46 AM


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

RE: Off most blacklists, now looking for hardware firewall

2008-10-02 Thread Chinnery, Paul 
Sorry, I didn't seen the earlier posts on this thread.  PIx can be expensive 
depending on the options.  I'd suggest ASA or possibly Watchguard.

-Original Message-
From: Holstrom, Don [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 02, 2008 3:05 PM
To: NT System Admin Issues
Subject: Off most blacklists, now looking for hardware firewall


Many thanks to this list. Sent me in the right direction, right away. I
truly wish I could return the favor, but as a Master of None...

I would like to set up a hardware firewall outside of my router and its
firewall. I'd like to keep the cost under $1,000. Way under if possible.
I keep hearing about the Cisco PIX, but it seems costly. Is this
Ironport I hear about also costly? Any other ideas? I really need to
batten down the hatches...

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~