Re: Small/Mid Firewall?
Definitely been in your shoes – my first SSG-5 is a little over a year and a half old now and setting that thing up was an experience to end all experiences. You may benefit from trying it on the command line – simple policies make a lot more sense written out. Also swing for Tier-2 support as the Tier-1 people vary wildly in quality. If you're still having problems make sure you try another firmware version for the device – I had ipsec issues with the client who got the device for about a month until I tried one of the later releases and then poof, all fixed overnight. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.commailto:b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Fri, 31 Dec 2010 12:41:35 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different “policies” and “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We’re not trying to do anything fancy and it’s taken more than 2 days to get it even half working and that’s with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we’ll like the Juniper…once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” but the VPN monitor lists it as “Active”. Ummm….o.k. This morning my day started with a phone call from one of the local users telling me they can’t even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com]mailto:[mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com]mailto:[mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums
RE: Small/Mid Firewall?
Looks like we've got it settled now - there are one or two little things. We'd like to be able to tweak the IPSEC tunnel to improve VOIP performance across it for example. But otherwise I think we've got it all working for the basic services. Definitely a LOT to learn though. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Tuesday, January 04, 2011 11:19 To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Definitely been in your shoes - my first SSG-5 is a little over a year and a half old now and setting that thing up was an experience to end all experiences. You may benefit from trying it on the command line - simple policies make a lot more sense written out. Also swing for Tier-2 support as the Tier-1 people vary wildly in quality. If you're still having problems make sure you try another firmware version for the device - I had ipsec issues with the client who got the device for about a month until I tried one of the later releases and then poof, all fixed overnight. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 31 Dec 2010 12:41:35 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer
Re: Small/Mid Firewall?
Use QoS for the VoIP. That should be easy enough to setup in the policy... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Tue, Jan 4, 2011 at 1:23 PM, Ben Schorr b...@rolandschorr.com wrote: Looks like we’ve got it settled now – there are one or two little things. We’d like to be able to tweak the IPSEC tunnel to improve VOIP performance across it for example. But otherwise I think we’ve got it all working for the basic services. Definitely a LOT to learn though. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Kramer, Jack [mailto:jack.kra...@ur.msu.edu] *Sent:* Tuesday, January 04, 2011 11:19 *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Definitely been in your shoes – my first SSG-5 is a little over a year and a half old now and setting that thing up was an experience to end all experiences. You may benefit from trying it on the command line – simple policies make a lot more sense written out. Also swing for Tier-2 support as the Tier-1 people vary wildly in quality. If you're still having problems make sure you try another firmware version for the device – I had ipsec issues with the client who got the device for about a month until I tried one of the later releases and then poof, all fixed overnight. Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 *From: *Ben Schorr b...@rolandschorr.com *Reply-To: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Date: *Fri, 31 Dec 2010 12:41:35 -0500 *To: *NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com *Subject: *RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different “policies” and “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We’re not trying to do anything fancy and it’s taken more than 2 days to get it even half working and that’s with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we’ll like the Juniper…once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” but the VPN monitor lists it as “Active”. Ummm….o.k. This morning my day started with a phone call from one of the local users telling me they can’t even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Erik Goldoff [mailto:egold...@gmail.com egold...@gmail.com] *Sent:* Friday, December 31, 2010 5:20 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. *Erik Goldoff* *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Ben Schorr [mailto:b...@rolandschorr.com] *Sent:* Friday, December 31, 2010 1:16 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? Well, to be fair **I** haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com
RE: Small/Mid Firewall?
Port forward ? Create the port forward in the network interface VIP ( using an existing service, or create a custom service first ) Create a policy allowing that traffic port from anywhere external to the VIP done Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different “policies” and “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We’re not trying to do anything fancy and it’s taken more than 2 days to get it even half working and that’s with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we’ll like the Juniper…once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” but the VPN monitor lists it as “Active”. Ummm….o.k. This morning my day started with a phone call from one of the local users telling me they can’t even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower http://www.rolandschorr.com/ www.rolandschorr.com mailto:b...@rolandschorr.com b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower http://www.rolandschorr.com/ www.rolandschorr.com mailto:b...@rolandschorr.com b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
All of these vendors have a methodology that you have to get used to so you can see things as they see them. Unfortunately, many of them are hiring junior support people, so it's not surprising (although quite annoying) that there's some slow going there... *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 31, 2010 at 1:15 AM, Ben Schorr b...@rolandschorr.com wrote: Well, to be fair **I** haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, December 30, 2010 8:15 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Dec 30, 2010 at 10:01 PM, Ben Schorr b...@rolandschorr.com wrote: Update: We went with the Juniper SSG-5. I think we’re going to like it but good grief this thing is complicated! We’re having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, December 11, 2010 4:05 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Fortinet 50B Juniper SSG5 *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower – Flagstaff Office *2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com]mailto:[mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com]mailto:[mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile)http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Thanks Alex, we're waist deep in trying to figure out the already-purchased Juniper though so I don't really have the resources to devote to learning yet another solution. Maybe for the next one. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Alex Eckelberry [mailto:al...@sunbelt-software.com] Sent: Friday, December 31, 2010 11:12 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 12:42 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different policies and interfaces and zones. I'm exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We're not trying to do anything fancy and it's taken more than 2 days to get it even half working and that's with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we'll like the Juniper...once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the Home Screen says it's Inactive/Unused but the VPN monitor lists it as Active. Ummmo.k. This morning my day started with a phone call from one of the local users telling me they can't even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 31, 2010 5:20 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I agree with Andrew ... I've been configuring the Juniper 'screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 31, 2010 1:16 AM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions
Re: Small/Mid Firewall?
I'll tell you what. I'll become your Juniper expert and open vast new horizons for your practice. I went to grad. school in AZ, so I don't really want to live in Flagstaff. I spent 8 years in LA after grad school, so that's out too. Hey, look what's left. Honolulu! I'm in! On Fri, Dec 31, 2010 at 1:19 PM, Ben Schorr b...@rolandschorr.com wrote: Thanks Alex, we’re waist deep in trying to figure out the already-purchased Juniper though so I don’t really have the resources to devote to learning yet another solution. Maybe for the next one. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Alex Eckelberry [mailto:al...@sunbelt-software.com] *Sent:* Friday, December 31, 2010 11:12 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? For a nice free SME firewall, I might look at Smoothwall express http://www.smoothwall.org/ Alex *From:* Ben Schorr [mailto:b...@rolandschorr.com] *Sent:* Friday, December 31, 2010 12:42 PM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? Well I think part of the frustration is that appears that to create a simple port forward that sends all incoming traffic on a specific port to an internal server (for example) requires 17 different “policies” and “interfaces” and “zones”. I’m exaggerating a bit, yes, but the Juniper seems very powerful and ridiculously complex. We’re not trying to do anything fancy and it’s taken more than 2 days to get it even half working and that’s with more than an hour of a Juniper support engineer remoting into it and working on it themselves. The old SnapGear 580s (before McAfee bought SnapGear at least) could be set up for this in 15 minutes or so. Even a newbie could figure out how to set up a basic port forward fairly quickly. I suspect we’ll like the Juniper…once we get a thousand pages or so deeper into the documentation and figure out how to actually make the damned thing do anything useful. We have one IPSEC tunnel created with it (created by the Juniper engineer). The dashboard on the “Home” Screen says it’s “Inactive/Unused” but the VPN monitor lists it as “Active”. Ummm….o.k. This morning my day started with a phone call from one of the local users telling me they can’t even get on the web. Good grief. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Erik Goldoff [mailto:egold...@gmail.com] *Sent:* Friday, December 31, 2010 5:20 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? I agree with Andrew … I’ve been configuring the Juniper ‘screens for years now, including the 5GT and SSG 5 that replaced it. Granted, the Juniper is very different from a Cisco PIX/ASA firewall, and different from Checkpoint. I wonder if extensive knowledge of some other brand of firewall is what is causing your minions problems with the Juniper. *Erik Goldoff*** *IT Consultant* *Systems, Networks, Security * ' Security is an ongoing process, not a one time event ! ' *From:* Ben Schorr [mailto:b...@rolandschorr.com] *Sent:* Friday, December 31, 2010 1:16 AM *To:* NT System Admin Issues *Subject:* RE: Small/Mid Firewall? Well, to be fair **I** haven’t looked at it yet myself. It’s been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he’s spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I’ve still got 2200 more pages of the manual to read so… Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Thursday, December 30, 2010 8:15 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http
RE: Small/Mid Firewall?
That is what all the girls back in high school used to tell me! blush Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Small/Mid Firewall? You are the man, Webster! :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Especially when they needed help with citrix issues :-) Typed frustratingly slowly on my BlackBerry® wireless device -Original Message- From: Webster carlwebs...@gmail.com Date: Fri, 31 Dec 2010 15:32:18 To: NT System Admin Issuesntsysadmin@lyris.sunbelt-software.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.comSubject: RE: Small/Mid Firewall? That is what all the girls back in high school used to tell me! blush Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Small/Mid Firewall? You are the man, Webster! :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Unfortunately, Citrix's first product (which I used) didn't come out until 15 years after I was out of HS. IBM PC was 6 years after HS. First handheld calculators (6 functions IIRC) came out my sr. yr. and only cost $295. I used a slide ruler (with the uber cool slide on belt attachment) all thru HS. Webster From: Rankin, James R [mailto:kz2...@googlemail.com] Subject: Re: Small/Mid Firewall? Especially when they needed help with citrix issues :-) _ From: Webster carlwebs...@gmail.com Subject: RE: Small/Mid Firewall? That is what all the girls back in high school used to tell me! blush Webster From: Andrew S. Baker [mailto:asbz...@gmail.com] Subject: Re: Small/Mid Firewall? You are the man, Webster! :) ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Update: We went with the Juniper SSG-5. I think we're going to like it but good grief this thing is complicated! We're having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, December 11, 2010 4:05 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Fortinet 50B Juniper SSG5 ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
I am sure ASB is available for a nice consulting fee to assist! J Webster From: Ben Schorr [mailto:b...@rolandschorr.com] Subject: RE: Small/Mid Firewall? Update: We went with the Juniper SSG-5. I think we're going to like it but good grief this thing is complicated! We're having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Dec 30, 2010 at 10:01 PM, Ben Schorr b...@rolandschorr.com wrote: Update: We went with the Juniper SSG-5. I think we’re going to like it but good grief this thing is complicated! We’re having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower *www.rolandschorr.com b...@rolandschorr.com *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Saturday, December 11, 2010 4:05 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Fortinet 50B Juniper SSG5 *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower – Flagstaff Office *2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
You are the man, Webster! :) *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Thu, Dec 30, 2010 at 10:03 PM, Webster carlwebs...@gmail.com wrote: I am sure ASB is available for a nice consulting fee to assist! J Webster *From:* Ben Schorr [mailto:b...@rolandschorr.com] *Subject:* RE: Small/Mid Firewall? Update: We went with the Juniper SSG-5. I think we’re going to like it but good grief this thing is complicated! We’re having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Well, to be fair *I* haven't looked at it yet myself. It's been in the hands of two of my junior people; at least one of whom is generally very capable and has deployed several other firewall/routers of other vendors in the past. But he's spent the better part of all day trying to get the Juniper working and finally has resorted to having Juniper tech support remote in and try to get it working. Apparently even the Juniper support person has spent quite a bit of time wrestling with it to only mixed results. It gives me some pause that even a Juniper support engineer would struggle with getting this unit configured. But I've still got 2200 more pages of the manual to read so... Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, December 30, 2010 8:15 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Really? IPSec VPNs are one of the easiest things to configure on those devices. In fairness, however, I've been using Netscreen devices since Feb 2000, so that might simply be familiarity talking. The VPN wizard is very straightforward ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Thu, Dec 30, 2010 at 10:01 PM, Ben Schorr b...@rolandschorr.com wrote: Update: We went with the Juniper SSG-5. I think we're going to like it but good grief this thing is complicated! We're having to open a tech support incident with Juniper just to get the IPSEC VPN configured. The manuals we downloaded for it are almost 2300 pages long! I look forward to getting up to speed on this device, it does seem very capable. Just a learning curve like an alp. J Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Saturday, December 11, 2010 4:05 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Fortinet 50B Juniper SSG5 ASB (My XeeSM Profile) http://XeeSM.com/AndrewBaker Exploiting Technology for Business Advantage... On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
The hardest part of the ASA was getting a handle on the remote access/VPN setup correctly. At least for me. The rest was much easier than with the PIX 515. Jon On Sun, Dec 12, 2010 at 12:30 AM, VIPCS vi...@stny.rr.com wrote: Jeffrey would not recommend any (rebranded) Linksys routers. We have had two clients that insisted on using Linksys routers, and it took many hours to work out all the problems with them (one was an office of four people, and the other was an organization of 25 people). Among other things, the VPN capability is terrible, and took two days and assistance from Linksys to even reach a point where it was barely usable. The second client (who needed the VPN capability) installed a Sonic firewall (with VPN capability) and has been very happy with that. The Linksys routers are now being used solely as wireless access points, and even being used just as WAPs, they can be somewhat temperamental. The true Cisco routers (PIX and ASA) are solid devices, although Jeffrey has had limited experience with them, and they do require another level of competency to configure. Sincerely, Jeffrey and Mary Jane Harris VIPCS -- *From:* RS [mailto:rich...@gmail.com] *Sent:* Friday, December 10, 2010 3:43 PM *To:* NT System Admin Issues *Subject:* Re: Small/Mid Firewall? Have a gander at the Cisco (used to be Linksys-branded) RV042, RV082 and RV016. On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower – Flagstaff Office * 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin * * * * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Point of clarification.Actually the entire PIX line is not end of support... yet. PIX 501, 506E, 515E last day of support (as long as you have an active Smartnet subscription) is July 27, 2013. PIX 506 515 (both without the E designation) were no longer supported as of early/mid 2009. I know this because I had all of these in my environment (except the 515E) until this past summer. Now my environment is pure ASA 5510/5520. Much better appliance, IMHO. Jonathan L. Raper, MCSE Thumb-typed from my HTC Incredible (and yes, it really is) Droid. Please excuse brevity any misspellings. - Reply message - From: Phil Brutsche p...@optimumdata.com Date: Fri, Dec 10, 2010 7:54 pm Subject: Small/Mid Firewall? To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Ixnay on any sort of PIX, they were end of sale years ago and hit end of support last summer. The current-day replacement is the ASA. The equivalent to the PIX 501 is the ASA 5505. Like it or not, IPv6 is a feature any sort of network infrastructure equipment MUST have; it is also another thing that puts a nail in the coffin of any PIX less than a 515 (IPv6 was added in 7.0 code which is only supported on the 515 and up). An ASA 5505 can do dual WAN, but with one caveat: you need the Security Plus license on it. An ASA 5505 with Security Plus is $1k-ish. Other options: Cisco IOS security routers, model #s 1811 or 891. They are both $800-ish new. The 891 replaces the 1811, which will be end of sale in April/May. On 12/10/2010 3:26 PM, Raper, Jonathan - Eagle wrote: PIX 501 is in the price range but can’t do dual WAN. (It is also EOL, with EOS coming in 2013) Can’t remember if 5505 can do dual WAN (my smallest ASA is a 5510). ASA 5520 is WY out of his (stated) price range. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
Watchguard XTM21 or 22 based on throughput. Failover, Load balancing, Routing, IPSEC, PPTP, SSL VPN's, Web based or application based, you can get all the addons for filtering, web, av, spam if you want. With the fireware pro option to make it failover capable you are at like 550.00, I get them from esecurity2go.com, haven't found anywhere cheaper and you can call and get a live person. Been using WG for years with very little issues. Fortinet and Juniper are great products as well. Greg Sweers CEO ACTS360.comhttp://www.acts360.com/ P.O. Box 1193 Brandon, FL 33509 813-657-0849 Office 813-758-6850 Cell 813-341-1270 Fax From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 10, 2010 3:21 PM To: NT System Admin Issues Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
We resell the Instagate 400 all the time. Supports failover/Dual WAN, IPSec VPN, and runs around $300 base and like $60 for the Dual WAN option. Jay From: Jay Dale [jd...@unetek.com] Sent: Friday, December 10, 2010 2:40 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? www.esoft.comhttp://www.esoft.com Jay Dale Senior Systems Administrator c:832.373.7883 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 2:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.commailto:b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: • IPSEC PPTP (or L2TP) VPN support • Dual WAN capability with load-balance/failover. • Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower – Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
That's what we put in our remote offices. We use a Palo Alto at the HQ. From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Friday, December 10, 2010 1:03 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? +1 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 12:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
How do you like the Palo Alto? We have an eval unit and are seriously considering it. On 12/11/10, Martin Blackstone mblackst...@gmail.com wrote: That's what we put in our remote offices. We use a Palo Alto at the HQ. From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Friday, December 10, 2010 1:03 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? +1 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 12:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
We don't really want to roll our own - for one thing that site may have PCI compliance issues and it would be a real headache to try and explain a self-built solution to an auditor. Thanks to all for their suggestions, though, you've given me some good items to evaluate! I think we're leaning towards the Juniper but we'll look around. Best wishes and aloha, Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower www.rolandschorr.com b...@rolandschorr.com -Original Message- From: Matthew W. Ross [mailto:mr...@ephrataschools.org] Sent: Friday, December 10, 2010 5:01 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Cheap PC, 3 network cards, pfsense (or one of the many other software- based firewalls). Rock solid, cheap, upgradeable, support available. I have been looking at one of these to do something simular, plus some storage for a small office all in one box: http://www.newegg.com/Product/Product.aspx?Item=N82E16859105905 --Matt Ross Ephrata School District - Original Message - From: Ben Schorr [mailto:b...@rolandschorr.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 10 Dec 2010 12:20:54 -0800 Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt- software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
I love it. It gives you great reporting in to exactly what people are doing. Where they are going, how long, how much bandwidth, etc. You can easily block about any application without worrying about back doors, etc. Facebook, block. Done. -Original Message- From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Saturday, December 11, 2010 10:55 AM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? How do you like the Palo Alto? We have an eval unit and are seriously considering it. On 12/11/10, Martin Blackstone mblackst...@gmail.com wrote: That's what we put in our remote offices. We use a Palo Alto at the HQ. From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Friday, December 10, 2010 1:03 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? +1 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 12:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Excellent. Thanks. Where did you find the 'how long'? That's the main thing I haven't been able to recreate from our Websense reports. Are you using it to decrypt ssl sessions? Does the HA work as advertised? Kind of tough to test that with only one eval unit. On 12/11/10, Martin Blackstone mblackst...@gmail.com wrote: I love it. It gives you great reporting in to exactly what people are doing. Where they are going, how long, how much bandwidth, etc. You can easily block about any application without worrying about back doors, etc. Facebook, block. Done. -Original Message- From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Saturday, December 11, 2010 10:55 AM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? How do you like the Palo Alto? We have an eval unit and are seriously considering it. On 12/11/10, Martin Blackstone mblackst...@gmail.com wrote: That's what we put in our remote offices. We use a Palo Alto at the HQ. From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Friday, December 10, 2010 1:03 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? +1 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 12:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Fortinet 50B Juniper SSG5 *ASB *(My XeeSM Profile) http://XeeSM.com/AndrewBaker *Exploiting Technology for Business Advantage...* * * On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower – Flagstaff Office *2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
You're going to love it. I'm not sure what particulars we have setup. The network guys only gave me reporting access. :) Ill check out the reporting more on Monday and let you know. I'm really new to it. We have only had it a month. Ill also say this in all fairness, we are a PAN reseller, so we do eat our own dogfood. -Original Message- From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Saturday, December 11, 2010 2:00 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Excellent. Thanks. Where did you find the 'how long'? That's the main thing I haven't been able to recreate from our Websense reports. Are you using it to decrypt ssl sessions? Does the HA work as advertised? Kind of tough to test that with only one eval unit. On 12/11/10, Martin Blackstone mblackst...@gmail.com wrote: I love it. It gives you great reporting in to exactly what people are doing. Where they are going, how long, how much bandwidth, etc. You can easily block about any application without worrying about back doors, etc. Facebook, block. Done. -Original Message- From: Kevin Lundy [mailto:klu...@gmail.com] Sent: Saturday, December 11, 2010 10:55 AM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? How do you like the Palo Alto? We have an eval unit and are seriously considering it. On 12/11/10, Martin Blackstone mblackst...@gmail.com wrote: That's what we put in our remote offices. We use a Palo Alto at the HQ. From: Jacob [mailto:ja...@excaliburfilms.com] Sent: Friday, December 10, 2010 1:03 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? +1 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 12:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Sent from my mobile device ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana
RE: Small/Mid Firewall?
Jeffrey would not recommend any (rebranded) Linksys routers. We have had two clients that insisted on using Linksys routers, and it took many hours to work out all the problems with them (one was an office of four people, and the other was an organization of 25 people). Among other things, the VPN capability is terrible, and took two days and assistance from Linksys to even reach a point where it was barely usable. The second client (who needed the VPN capability) installed a Sonic firewall (with VPN capability) and has been very happy with that. The Linksys routers are now being used solely as wireless access points, and even being used just as WAPs, they can be somewhat temperamental. The true Cisco routers (PIX and ASA) are solid devices, although Jeffrey has had limited experience with them, and they do require another level of competency to configure. Sincerely, Jeffrey and Mary Jane Harris VIPCS _ From: RS [mailto:rich...@gmail.com] Sent: Friday, December 10, 2010 3:43 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Have a gander at the Cisco (used to be Linksys-branded) RV042, RV082 and RV016. On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif sacore:empty.gif ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
We use a small ASA here for each of our 3 locations. Each location connects back to the main office via a hardware site-to-site VPN. Dont know if it's got all your requirements, especially the dual-WAN. From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 10, 2010 3:21 PM To: NT System Admin Issues Subject: Small/Mid Firewall? Whats everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. Theyve been using a SnapGear SG580 at their central location but it died this morning. Needs: IPSEC PPTP (or L2TP) VPN support Dual WAN capability with load-balance/failover. Preferably under $800 We looked at the NetGear ProSafe line but were wondering if theres anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.commailto:b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower – Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
ASA can to Dual WAN, but only as failover last I checked. We use to do use it for that until we put in a link balancer. -Original Message- From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] Sent: Friday, December 10, 2010 2:24 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? We use a small ASA here for each of our 3 locations. Each location connects back to the main office via a hardware site-to-site VPN. Don't know if it's got all your requirements, especially the dual-WAN. From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 10, 2010 3:21 PM To: NT System Admin Issues Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
www.esoft.comhttp://www.esoft.com Jay Dale Senior Systems Administrator c:832.373.7883 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 2:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.commailto:b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.commailto:ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Have a gander at the Cisco (used to be Linksys-branded) RV042, RV082 and RV016. On Fri, Dec 10, 2010 at 3:20 PM, Ben Schorr b...@rolandschorr.com wrote: What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ *Roland Schorr Tower – Flagstaff Office *2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin # # # # ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
I have SMB clients like that using primarily one of two firewall lines Juniper Netscreen 5-GT / SSG-5 Cisco PIX 501 / ASA 5505 ( larger law firm using 5520 ) Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 10, 2010 3:21 PM To: NT System Admin Issues Subject: Small/Mid Firewall? What’s everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They’ve been using a SnapGear SG580 at their central location but it died this morning. Needs: · IPSEC PPTP (or L2TP) VPN support · Dual WAN capability with load-balance/failover. · Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there’s anything better? Not a huge fan of SonicWall and their “pay per user” model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower – Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
+1 From: Kramer, Jack [mailto:jack.kra...@ur.msu.edu] Sent: Friday, December 10, 2010 12:25 PM To: NT System Admin Issues Subject: Re: Small/Mid Firewall? Juniper SSG-5 Jack Kramer Computer Systems Specialist University Relations, Michigan State University w: 517-884-1231 / c: 248-635-4955 From: Ben Schorr b...@rolandschorr.com Reply-To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: Fri, 10 Dec 2010 15:20:54 -0500 To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: . IPSEC PPTP (or L2TP) VPN support . Dual WAN capability with load-balance/failover. . Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Small/Mid Firewall?
PIX 501 is in the price range but can't do dual WAN. (It is also EOL, with EOS coming in 2013) Can't remember if 5505 can do dual WAN (my smallest ASA is a 5510). ASA 5520 is WY out of his (stated) price range. Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians Associates, PA jra...@eaglemds.comBLOCKED::mailto:%20jra...@eaglemds.com www.eaglemds.comBLOCKED::http://www.eaglemds.com/ From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Friday, December 10, 2010 3:58 PM To: NT System Admin Issues Subject: RE: Small/Mid Firewall? I have SMB clients like that using primarily one of two firewall lines Juniper Netscreen 5-GT / SSG-5 Cisco PIX 501 / ASA 5505 ( larger law firm using 5520 ) Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: Ben Schorr [mailto:b...@rolandschorr.com] Sent: Friday, December 10, 2010 3:21 PM To: NT System Admin Issues Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.comhttp://www.rolandschorr.com/ b...@rolandschorr.commailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Cheap PC, 3 network cards, pfsense (or one of the many other software-based firewalls). Rock solid, cheap, upgradeable, support available. I have been looking at one of these to do something simular, plus some storage for a small office all in one box: http://www.newegg.com/Product/Product.aspx?Item=N82E16859105905 --Matt Ross Ephrata School District - Original Message - From: Ben Schorr [mailto:b...@rolandschorr.com] To: NT System Admin Issues [mailto:ntsysad...@lyris.sunbelt-software.com] Sent: Fri, 10 Dec 2010 12:20:54 -0800 Subject: Small/Mid Firewall? What's everybody recommending these days for the small/mid-sized firewall? I have a client with about 75 users scattered across three locations. They've been using a SnapGear SG580 at their central location but it died this morning. Needs: * IPSEC PPTP (or L2TP) VPN support * Dual WAN capability with load-balance/failover. * Preferably under $800 We looked at the NetGear ProSafe line but were wondering if there's anything better? Not a huge fan of SonicWall and their pay per user model. Ben M. Schorr Chief Executive Officer __ Roland Schorr Tower - Flagstaff Office 2700 S. Woodlands Village Blvd. Suite 300-371 Flagstaff, AZ 86001 928-377-5630 Fax: 808-533-3677 www.rolandschorr.com http://www.rolandschorr.com/ b...@rolandschorr.com mailto:b...@rolandschorr.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Small/Mid Firewall?
Ixnay on any sort of PIX, they were end of sale years ago and hit end of support last summer. The current-day replacement is the ASA. The equivalent to the PIX 501 is the ASA 5505. Like it or not, IPv6 is a feature any sort of network infrastructure equipment MUST have; it is also another thing that puts a nail in the coffin of any PIX less than a 515 (IPv6 was added in 7.0 code which is only supported on the 515 and up). An ASA 5505 can do dual WAN, but with one caveat: you need the Security Plus license on it. An ASA 5505 with Security Plus is $1k-ish. Other options: Cisco IOS security routers, model #s 1811 or 891. They are both $800-ish new. The 891 replaces the 1811, which will be end of sale in April/May. On 12/10/2010 3:26 PM, Raper, Jonathan - Eagle wrote: PIX 501 is in the price range but can’t do dual WAN. (It is also EOL, with EOS coming in 2013) Can’t remember if 5505 can do dual WAN (my smallest ASA is a 5510). ASA 5520 is WY out of his (stated) price range. -- Phil Brutsche p...@optimumdata.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin