General discussion

Hardware Firewall Solution needed, about 25 computers

I need a good hardware firewall solution for my 25 computer office network, running mostly windows xp home or pro, with a server running server 2003. Main focus is on price, hopefully less than or around $200-300. Needs NAT, port forwarding, SPI, and any other useful firewall features. Is Smoothwall Corporate Server the way to go, or what other firewalls can you suggest, even if it is a firewall integrated into a router?

Discussion is locked
Reply to: Hardware Firewall Solution needed, about 25 computers
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Hardware Firewall Solution needed, about 25 computers
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
The best

That I can think of anyway, would be a well configured OpenBSD box acting as a firewall. Wouldn't need to be anything special. Probably some old throw away Pentium 233 would handle the job just fine. Catch is, being able to find someone who can write all the firewall rules and such. Linux would also work quite well, though probably not quite as secure as OpenBSD, which is developed with security in mind above all else.

Otherwise, I'm sure there are plenty of decent enterprise class routers out there that'd do the trick. The sticker price would probably be more than the cost of an old Pentium box off eBay, and the hourly rate charged by someone to install and configure OpenBSD for you. The upshot here is that the power consumption would be considerably less, so it might be cheaper if you take into account ancillary costs like the increase in the utility bill due to power consumption. Then again, the old beancounter adage ought to be considered: A dollar today is worth more than a dollar tomorrow. If you go this route, just make sure you get a model with at least a 30-port switch (to give you room to grow) in it.

Aside from something like Linux or OpenBSD, I wouldn't personally trust any other software firewall at all. Especially one running on Windows. Once someone gets past the firewall (and make no mistake, they will if they want to) they have to contend with the operating system of whatever the firewall is running on. It's a lot easier to strip down a copy of Linux or OpenBSD to the barest of essentials than it is Windows, leaving far fewer opportunities for someone to get a foothold in your internal network.

None of this is a sure thing, it's important to note. What you'll do, is eliminate the bulk of the would be hackers who rely on automated probe programs, and only have to contend with those that have some actual skill. The sort who usually won't bother you unless you bother them first. However, a firewall is generally only as good as the rules written for it to follow. So be sure to follow the "only what's needed" policy, and open ONLY those ports that are absolutely needed to conduct business. Asking that question is a good way to help weed out people who are paper certified in security, as opposed to people who actually are worth hiring.

- Collapse -
(NT) (NT) look at Cisco brand

CNET Forums