Sign in with
Sign up | Sign in
Your question

Firewall Recommendation

Last response: in Networking
Share
Anonymous
a b 8 Security
May 11, 2004 12:01:37 PM

Archived from groups: comp.security.firewalls (More info?)

Hi everyone,

currently in the process of buying a new firewall for a company that used to
run a Watchguard III 700. Although they were very happy with the Firebox as
a firewall they were not very impressed with the VPN client... (users and
administrators). We need a small group of ppl (50) going out and 10 VPN
users coming in.

I would start by looking at the PIXes and maybe a Watchguard X again if I
get stuck... As this a small outfit, cost is important but I would like to
see what other ppl are using in similar situations.

Many thanks,

Jose
Anonymous
a b 8 Security
May 11, 2004 2:31:29 PM

Archived from groups: comp.security.firewalls (More info?)

In article <RT_nc.154$ua.21@newsr2.u-net.net>, j.armando@cucaracha.com
says...
> Hi everyone,
>
> currently in the process of buying a new firewall for a company that used to
> run a Watchguard III 700. Although they were very happy with the Firebox as
> a firewall they were not very impressed with the VPN client... (users and
> administrators). We need a small group of ppl (50) going out and 10 VPN
> users coming in.
>
> I would start by looking at the PIXes and maybe a Watchguard X again if I
> get stuck... As this a small outfit, cost is important but I would like to
> see what other ppl are using in similar situations.
>
> Many thanks,

There is nothing wrong with the 700, you don't have to use the MUVPN
cline, you can use PPTP for mobile users and it will perform great.

Outbound (from the trusted to some other place) doesn't have much to do
with the 700, it just passes it through to the outside.

What problems are you experiencing with the MUVPN client?

Are you configured, on your Trusted/Optional networks with an IP range
that is not duplicated by the remote users IP subnet?

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
May 11, 2004 4:19:22 PM

Archived from groups: comp.security.firewalls (More info?)

Thanks for your reply Leythos,

they have had legacy problems with Windows XP and outlook XP being very very
slow when Windows 2000 with Office 2000 worked far better. I think most ppl
blame it on Netbios/DNS resolutions...

J


"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b0a77797bb7ae8a98a528@news-server.columbus.rr.com...
> In article <RT_nc.154$ua.21@newsr2.u-net.net>, j.armando@cucaracha.com
> says...
> > Hi everyone,
> >
> > currently in the process of buying a new firewall for a company that
used to
> > run a Watchguard III 700. Although they were very happy with the Firebox
as
> > a firewall they were not very impressed with the VPN client... (users
and
> > administrators). We need a small group of ppl (50) going out and 10 VPN
> > users coming in.
> >
> > I would start by looking at the PIXes and maybe a Watchguard X again if
I
> > get stuck... As this a small outfit, cost is important but I would like
to
> > see what other ppl are using in similar situations.
> >
> > Many thanks,
>
> There is nothing wrong with the 700, you don't have to use the MUVPN
> cline, you can use PPTP for mobile users and it will perform great.
>
> Outbound (from the trusted to some other place) doesn't have much to do
> with the 700, it just passes it through to the outside.
>
> What problems are you experiencing with the MUVPN client?
>
> Are you configured, on your Trusted/Optional networks with an IP range
> that is not duplicated by the remote users IP subnet?
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
Related resources
Anonymous
a b 8 Security
May 11, 2004 4:22:35 PM

Archived from groups: comp.security.firewalls (More info?)

Another question would be: how do I use PPTP (Windows feature) with the
exported .wgx profiles?

J,


"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b0a77797bb7ae8a98a528@news-server.columbus.rr.com...
> In article <RT_nc.154$ua.21@newsr2.u-net.net>, j.armando@cucaracha.com
> says...
> > Hi everyone,
> >
> > currently in the process of buying a new firewall for a company that
used to
> > run a Watchguard III 700. Although they were very happy with the Firebox
as
> > a firewall they were not very impressed with the VPN client... (users
and
> > administrators). We need a small group of ppl (50) going out and 10 VPN
> > users coming in.
> >
> > I would start by looking at the PIXes and maybe a Watchguard X again if
I
> > get stuck... As this a small outfit, cost is important but I would like
to
> > see what other ppl are using in similar situations.
> >
> > Many thanks,
>
> There is nothing wrong with the 700, you don't have to use the MUVPN
> cline, you can use PPTP for mobile users and it will perform great.
>
> Outbound (from the trusted to some other place) doesn't have much to do
> with the 700, it just passes it through to the outside.
>
> What problems are you experiencing with the MUVPN client?
>
> Are you configured, on your Trusted/Optional networks with an IP range
> that is not duplicated by the remote users IP subnet?
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
Anonymous
a b 8 Security
May 11, 2004 5:09:19 PM

Archived from groups: comp.security.firewalls (More info?)

In article <uI2oc.160$ua.140@newsr2.u-net.net>, j.armando@cucaracha.com
says...
> Another question would be: how do I use PPTP (Windows feature) with the
> exported .wgx profiles?

You don't, why would you need them. You assign the users a user name,
password (at the box), and then tell them the IP/DNS information and
it's done. All you have to do is configure user rules that permit access
to what you want to let them access (or an ANY rule for PPTP/IPSEC
users). You can even enter the PPTP group in the NAT rules to let them
surf the web while VPN'd into the office.

As for XP, I run XP on all my workstations and laptops and don't see any
performance difference between XP and 2000. I did change the PERFORMANCE
settings in XP to BEST PERFORMANCE and not BEST APPEARANCE.

One other thing, Windows 2000 will run reasonably well with 128MB of RAM
(I didn't say anything about the apps), but XP needs about 114MB just to
sit idle. If you don't have at least 256MB in your XP computers (512MB
being the sweet spot) then you should consider upgrading them.

One last thing - it's easier to follow a thread when you reply below the
previous post, look at it as just adding your text at the bottom.

Let me know if you need anything else.


--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
May 11, 2004 6:37:32 PM

Archived from groups: comp.security.firewalls (More info?)

Thanks Leythos


"Leythos" <void@nowhere.com> wrote in message
news:MPG.1b0a9a8427fe165198a52c@news-server.columbus.rr.com...
> In article <uI2oc.160$ua.140@newsr2.u-net.net>, j.armando@cucaracha.com
> says...
> > Another question would be: how do I use PPTP (Windows feature) with the
> > exported .wgx profiles?
>
> You don't, why would you need them. You assign the users a user name,
> password (at the box), and then tell them the IP/DNS information and
> it's done. All you have to do is configure user rules that permit access
> to what you want to let them access (or an ANY rule for PPTP/IPSEC
> users). You can even enter the PPTP group in the NAT rules to let them
> surf the web while VPN'd into the office.
>
> As for XP, I run XP on all my workstations and laptops and don't see any
> performance difference between XP and 2000. I did change the PERFORMANCE
> settings in XP to BEST PERFORMANCE and not BEST APPEARANCE.
>
> One other thing, Windows 2000 will run reasonably well with 128MB of RAM
> (I didn't say anything about the apps), but XP needs about 114MB just to
> sit idle. If you don't have at least 256MB in your XP computers (512MB
> being the sweet spot) then you should consider upgrading them.
>
> One last thing - it's easier to follow a thread when you reply below the
> previous post, look at it as just adding your text at the bottom.
>
> Let me know if you need anything else.
>
>
> --
> --
> spamfree999@rrohio.com
> (Remove 999 to reply to me)
Anonymous
a b 8 Security
May 12, 2004 3:11:55 AM

Archived from groups: comp.security.firewalls (More info?)

In article <%G4oc.161$ua.160@newsr2.u-net.net>, j.armando@cucaracha.com
says...
> Thanks Leythos

Let me know if this worked out for you.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
a b 8 Security
May 12, 2004 10:25:59 AM

Archived from groups: comp.security.firewalls (More info?)

Jose:

So, from your description, do I take it to mean that you will be using
the firewall as an endpoint, with traffic being encrypted for all
machines behind it? (You're not going to have 50 s/w VPN clients
going out are you?)

What will the external clients be using on their end?
What kind of VPN throughput will you need?

PIXen are great, but for less money you could get a Sonicwall,
Netscreen or Zywall. I prefer the latter two. With a bit of tweaking
and testing, you'll get good reliability in terms of keeping up
tunnels.

Dave




On Tue, 11 May 2004 08:01:37 +0100, "Jose Armando"
<j.armando@cucaracha.com> wrote:

>Hi everyone,
>
>currently in the process of buying a new firewall for a company that used to
>run a Watchguard III 700. Although they were very happy with the Firebox as
>a firewall they were not very impressed with the VPN client... (users and
>administrators). We need a small group of ppl (50) going out and 10 VPN
>users coming in.
>
>I would start by looking at the PIXes and maybe a Watchguard X again if I
>get stuck... As this a small outfit, cost is important but I would like to
>see what other ppl are using in similar situations.
>
>Many thanks,
>
>Jose
>
!