RE: FYI: FW: [fw-wiz] Re: Home/SOHO "Firewall" Routers
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 16 Jun 2004 10:03:07 -0500
Hi John,
But look at the feature set
(http://www.sonicwall.com/products/pro2040.html). All of what they
promote are _router_ functions, not firewall function. Link fail over,
multiple "security zones", NAT NAT NAT, Proprietary VPN client, "high
performance" (not sure what they mean by that if the product pegs out at
200 Mbps). This is a NAT router, not a firewall. That's the point I
tried to make in my article. If you have small biz, its nuts to spend
this kind of money on a NAT router.
Buy a $400 white box and put Sygate's Office Network software on it.
Heck, it runs on any version of Windows. So $400 for the white box, $99
Win9x (or you could find it cheap in some places) and $200 for office
network. That's 700 bucks and you get fail over for multiple ISPs,
unlimited VPN connections, and all the rest the Sonicwall has to office.
Beats $2700 for the same level of security and functionality. And it's a
software platform on commodity hardware, so you're not hamstrung by the
hardware vendor's massive margins on replace parts, or without a
firewall while they get around to replacing the your unit with the fried
RAM. Just go to Fry's or whereever, buy a new stick for a few bucks, and
you're good to go.
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA 2004 Beta - Get it now!
http://www.microsoft.com/isaserver/beta/default.asp
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, June 16, 2004 3:06 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: FYI: FW: [fw-wiz] Re: Home/SOHO "Firewall"
Routers
http://www.ISAserver.org
> The thing is, "hardware" firewalls are pretty weak when it comes to
true
> firewalling. The hardware firewall fans are still thinking of "opening
> ports" when the port based approach is no longer valid when it comes
to
> protecting the network. You need stateful application layer
inspection,
> strong user/group based authentication for all inbound and outbound
> connections, and the ability to adapt to threats based on more than
the
> dumb*ss approach of "closing a port (like the moron ISP's are using to
> DoS legitimate secure Exchange RPC connections by blocking TCP 135).
Absolutely true. However, for a business that for whatever reason can
not
afford the costs associated with the top-o-the-line best firewall that
ISA
is, a dedicated hardware firewall is 2nd best, especially depending on
what
the usage will be.
Example, I just replaced an aging SonicWall Pro at a client with a new
SonicWall Pro 2040. For around $1.7K, they get an easy to administer
solid
firewall with VPNs and easy logging with out 3rd party software. For
another
$1K, they can get failover ISP and VPN support. This is a new feature,
that
if the primary line goes down, the remote units will automatticcly
failover
the active VPN tunnel to the secondary connection and the remote users
never
new that a problem occurred.
To equip a ISA server with similar features will be closer $4.5K or
better,
and with a higher administration cost.
Now, I think everyone here knows were I stand on ISA. It is simply the
top-o-the-line firewall there is.
However, you do not buy a Jaguar to pull a horse trailer around a cattle
ranch in the winter time.
Yes, I know a while back we were able to come up with a ISA box at a
penny
under $2K, but that was a basic model.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Other related posts:
