Hi John, But look at the feature set (http://www.sonicwall.com/products/pro2040.html). All of what they promote are _router_ functions, not firewall function. Link fail over, multiple "security zones", NAT NAT NAT, Proprietary VPN client, "high performance" (not sure what they mean by that if the product pegs out at 200 Mbps). This is a NAT router, not a firewall. That's the point I tried to make in my article. If you have small biz, its nuts to spend this kind of money on a NAT router. Buy a $400 white box and put Sygate's Office Network software on it. Heck, it runs on any version of Windows. So $400 for the white box, $99 Win9x (or you could find it cheap in some places) and $200 for office network. That's 700 bucks and you get fail over for multiple ISPs, unlimited VPN connections, and all the rest the Sonicwall has to office. Beats $2700 for the same level of security and functionality. And it's a software platform on commodity hardware, so you're not hamstrung by the hardware vendor's massive margins on replace parts, or without a firewall while they get around to replacing the your unit with the fried RAM. Just go to Fry's or whereever, buy a new stick for a few bucks, and you're good to go. Tom Thomas W Shinder www.isaserver.org/shinder ISA 2004 Beta - Get it now! http://www.microsoft.com/isaserver/beta/default.asp ISA Server and Beyond: http://tinyurl.com/1jq1 Configuring ISA Server: http://tinyurl.com/1llp -----Original Message----- From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Sent: Wednesday, June 16, 2004 3:06 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: FYI: FW: [fw-wiz] Re: Home/SOHO "Firewall" Routers http://www.ISAserver.org > The thing is, "hardware" firewalls are pretty weak when it comes to true > firewalling. The hardware firewall fans are still thinking of "opening > ports" when the port based approach is no longer valid when it comes to > protecting the network. You need stateful application layer inspection, > strong user/group based authentication for all inbound and outbound > connections, and the ability to adapt to threats based on more than the > dumb*ss approach of "closing a port (like the moron ISP's are using to > DoS legitimate secure Exchange RPC connections by blocking TCP 135). Absolutely true. However, for a business that for whatever reason can not afford the costs associated with the top-o-the-line best firewall that ISA is, a dedicated hardware firewall is 2nd best, especially depending on what the usage will be. Example, I just replaced an aging SonicWall Pro at a client with a new SonicWall Pro 2040. For around $1.7K, they get an easy to administer solid firewall with VPNs and easy logging with out 3rd party software. For another $1K, they can get failover ISP and VPN support. This is a new feature, that if the primary line goes down, the remote units will automatticcly failover the active VPN tunnel to the secondary connection and the remote users never new that a problem occurred. To equip a ISA server with similar features will be closer $4.5K or better, and with a higher administration cost. Now, I think everyone here knows were I stand on ISA. It is simply the top-o-the-line firewall there is. However, you do not buy a Jaguar to pull a horse trailer around a cattle ranch in the winter time. Yes, I know a while back we were able to come up with a ISA box at a penny under $2K, but that was a basic model. John Tolmachoff Engineer/Consultant/Owner eServices For You ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist