Network Hardware Firewall.

Forum Moderators: open

Message Too Old, No Replies

Network Hardware Firewall.

I have no idea if I need one

Roxster

7:56 pm on Aug 20, 2006 (gmt 0)

I have 7 pc's in my business, and they all need protection. 3 of the main pc's have the norton antivirus suite, but the others don't or have minimum antivirus only.
Will replacing my network switch with a sonicwall that has 27 ports keep me safe with a firewall and antivirus without bogging my computers down?
The 27 port is to leave room for future growth since the step down has 8 i believe. However I never owned one before so my knowledge is limited.

jtara

5:30 am on Aug 21, 2006 (gmt 0)

I don't see any need to replace your switch. Firewalls that have multiple Ethernet ports are just a convenience for those that don't already have a switch. Get one that has a single "trust" and "untrust" port, stick with the switch you already have, and save some money.

Roxster

11:09 pm on Aug 21, 2006 (gmt 0)

Thanks for the advice. So rather than spending 700ish, i can spend 80ish on one for the same quality? I liked the switch because it will be one less piece of hardware plugged in, but I see the point now. Will adding the firewall hardware slow me down a lot? Or will it be rather un-noticable? Thanks for the help.

By the way can you post a few models I should consider that will be both a firewall and a antivirus?

jtara

3:54 am on Aug 22, 2006 (gmt 0)

I don't think that anti-virus in the firewall is such a great idea. It SOUNDS great - not having to install anti-virus software on each PC. The downside is that typically the firewall has to store the entire file being downloaded within the firewall. This eats firewall memory, limits the size of downloads, and is inconvenient for users. It can be a costly subscription, to boot.

I am unfamiliar with SonicWall's products. (I use and have used Juniper/Netscreen products myself.) So I can't comment on specific models. I would compare specs, in terms of number of open connections, number of packets/second, etc. to make sure you are getting something appropriate for your application. For general Internet access within a company (as opposed to hosting websites) the requirements are pretty minimal. 7 PCs performing typical Internet access is probably way less than even a SINGLE busy webserver.

I did do a quick check on the SonicWall website. Not sure exactly what model you had in mind, but I do see that some of the products in the "Pro" series offer the ability to put each port on the switch in a seperate security zone. That's an advantage, but I can't really think of much use for that feature in a typical business scenario.

If you run a business that is very security-concious internally, then this would be a useful feature. You could firewall different departments from each other.

(As an example, I worked at Callaway Golf a few years ago at the time that they were starting their golf ball operation. One needed a special badge to enter the golf ball development area, or be accompanied at all times by a golf ball employee. They would have loved this feature!)

Here's one gotcha to watch out for - look out for optional extras! Most firewalls have optional software licensing and subscriptions that can add-up to a bundle if you are not careful - the options can cost much more than the basic device. Determine just what you need in advance, and compare apples with apples. (Note that in firewall parlance, a "user" is not necessarily a "user". You may not need a license for as many users as you have computers, or you may need a license for more than you have - for example if you intend to set-up VPN tunnels. Check carefully what the manufacturer considers a "user."

jtara

5:10 am on Aug 22, 2006 (gmt 0)

An additional thought on anti-virus: anti-virus on your firewall won't protect you from viruses introduced via a floppy disk, CD, DVD, etc.

I once worked at a place where a virus spread like wildfire throughout the entire business. Turned out the culprit was a driver disk from a local PC vendor who went from PC to PC upgrading the video driver.

Oh, this was at a nuclear power plant. Really.

carguy84

6:46 am on Sep 4, 2006 (gmt 0)

^^ exactly, a firewall based anti-virus solutions is a good thing only for making sure each PC is running an AV solution. Some firewalls can do deep packet inspection, but expect your internet connection to slow down some if you enable this(and don't buy one of the upper end models).