Knowledgebase

Portal Home > Knowledgebase > Articles Database > Firewall


Firewall




Posted by bigblockstudios, 11-29-2010, 02:33 PM
Hi; I'm just starting to move from a VPS to a co-lo & I need some help/suggestions choosing a firewall. Right now I Am considering the Watchguard XTM 505 [watchguard.com/products/xtm-5/overview.asp] but know really nothing about the unit other than the published specs. I will be moving approximately 180 sites to a new server, traffic is pretty light & while I don't really need any spam filtering/virus etc. IDS/IPS is attractive but really just 'firewall' is what I need. Running a firewall on the actual hosting box is not an option as far as I am concerned. So the unit is around $2000.00CDN, about my price point... Does anyone have any horror stories, good stories, better or more appropriate suggestions? -thanks -sean
Posted by writespeak, 11-30-2010, 12:35 PM
Let's see if someone can help you in Security & Tech. Lois
Posted by admin0, 11-30-2010, 02:18 PM
Own co-lo eh ? You can have another linux box, p1, celeron etc, 2 network cards, router => linux eth0 => linux eth1 => your server and run iptables You will get features and customization options that exceed any hardware firewalls. Alternatively, You can spend $50 USD and get a Mirkotik RouterBoard .. this model: http://routerboard.com/pricelist.php?showProduct=56 This is a tiny box, but this will do you routing, firewall, bandwidth management, layer7 filtering, web cache, reverse proxy, nat, route, mangle, qos .. eveything. We run ISPs with a few hundred customers with this small box. There, I just saved you $1900+
Posted by bigblockstudios, 11-30-2010, 02:37 PM
writespeak - thanks for moving the post, I didn't realize there was a S&T board. -thanks @admin0; I quickly considered a dedicated box, but threw the idea away, been down that road, it's more trouble than it's worth & would actually cost more than an appliance. the routerboard idea scares the heck out of me, no mention of concurrent sessions/connections in datasheet, ram is really low. I'm surprised it hasn't exploded on you. Anyway - the 2 main reasons I want to go with an appliance is ease of monitoring/maintenance & That magic 4 hour hardware replacement warranty.... the fact that this one is a software upgrade to go to the next model is just gravy. -sean
Posted by admin0, 11-30-2010, 03:20 PM
Hi, The reason I suggested that one is because you said light traffic. You can check routerboard 1000U or 1100U that can sustain gbps traffic, and do more than 500,000 packets per second, and still cost less than $500. Comes with GUI for ease of monitoring and maintenance, and apart from just firewall, gives you everything that would require a few servers and high end cisco to accomplish at that price point.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
ionCube upgrade (Views: 2096)
help - looking for a good hosting co. (Views: 611)
Need help in creating flash site (Views: 587)
are these scripts necessary for me ? (Views: 584)
email redundency? (Views: 626)