hutchingsp
August 19th, 2007, 09:37 AM
Appreciate the forum is geared towards software, but I'm struggling to find more suitable forums tbh. Anyway..
I'm looking for a device to put at the edge of our network.
I would want it to do the following:
Act as a basic source/dest/protocol/action firewall to allow packets in and out to/from our servers.
Have a minimum of 2 DMZ ports.
Allow the internal and DMZ interfaces to work in either NAT or Route mode (selectable per interface).
Have some sort of URL filtering via an external database i.e. Surfcontrol CPA/ISS
Have the means to add/exclude entire domains from this filtering.
Some level of IDS.
A/V would be nice but not essential.
Hardware appliance.
The basic scenario is that outbound access for our LAN users would be handled by a proxy server on the LAN, so for outbound traffic (i.e. concurrent users) all this device would ever see would be the external IP of the proxy, as well as any traffic coming from our DMZ's.
The internet connection will be 100mbps, though I anticipate average usage to be low, and bursty i.e. low average but when someone wants to download a large file it'll burst to as fast as we can get it.
Because of this, and the fact that it won't have to handle connections from hundreds of of LAN machines I'm hoping to be able to look at a fairly low end box.
So far I've been looking (on paper) at:
Juniper SSG 140
Sonicwall 2040 and 3060
Checkpoint VPN-1 Edge
ISS Proventia MX1004
Secure Computing Sidewinder 110
But of course there are many manufacturers out there.
I'd appreciate comments and suggestions.
I'm looking for a device to put at the edge of our network.
I would want it to do the following:
Act as a basic source/dest/protocol/action firewall to allow packets in and out to/from our servers.
Have a minimum of 2 DMZ ports.
Allow the internal and DMZ interfaces to work in either NAT or Route mode (selectable per interface).
Have some sort of URL filtering via an external database i.e. Surfcontrol CPA/ISS
Have the means to add/exclude entire domains from this filtering.
Some level of IDS.
A/V would be nice but not essential.
Hardware appliance.
The basic scenario is that outbound access for our LAN users would be handled by a proxy server on the LAN, so for outbound traffic (i.e. concurrent users) all this device would ever see would be the external IP of the proxy, as well as any traffic coming from our DMZ's.
The internet connection will be 100mbps, though I anticipate average usage to be low, and bursty i.e. low average but when someone wants to download a large file it'll burst to as fast as we can get it.
Because of this, and the fact that it won't have to handle connections from hundreds of of LAN machines I'm hoping to be able to look at a fairly low end box.
So far I've been looking (on paper) at:
Juniper SSG 140
Sonicwall 2040 and 3060
Checkpoint VPN-1 Edge
ISS Proventia MX1004
Secure Computing Sidewinder 110
But of course there are many manufacturers out there.
I'd appreciate comments and suggestions.