Hi, first post so let's see how friendly this forum is

Hmm, I need to install a firewall for about 10 computers that are all networked. These computers have rather sensetive data on them, so I wondered what are the best firewalls out there to protect them. The best thing is to give me a range of them and give me your favorite.

Thanks for any help.

1) How much do you want to spend?

2) Do you want a REAL firewall (stateful packet inspection) or a NAT (Network Addres Translation) router that gives you REASONABLE firewall protection? Do you already have a router?

<pre> \|/
jlanka (. .)
___________oOOo_(_(_)_)_oOOo___________
</pre><p>

I'm talking in the $200-300 (US) dollar range and am looking for a more serious firewall system, one that keeps the curious internet goer from my files. All my computers are divided between 3 routers. Also could you describe the diffrence between the two types of firewalls you just mentioned.

Thanks a lot for your help.

<P ID="edit"><FONT SIZE=-1><EM>Edited by lazicsavo on 09/30/04 11:39 AM.</EM></FONT></P>

NAT just hides the PC's on the LAN side of the router, it also doesn't let in any IP PORT that you don't explicitly configure.

SPI doesn't let in any port (like a NAT router) and it also examines every packet and decides if it is allowable based in a configurable ruleset.

See <A HREF="http://www.homenethelp.com/router-guide/features-firewall.asp" target="_new">this page</A> for more info

<pre> \|/
jlanka (. .)
___________oOOo_(_(_)_)_oOOo___________
</pre><p>

If you can afford it I would definatly invest in a Mini Pix from Cisco. They are very good firewalls for small networks that dont really need the high end Pix firewalls. They are more reasonable priced as well.

<A HREF="http://www.folken.net/myrig.htm" target="_new">My precious...</A>

folken, which model in particular is the mini pix? I'm looking at the <A HREF="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/index.html" target="_new">Cisco website</A> and I don't see "mini" referenced anywhere. I may be interested in one myself.

<pre> \|/
jlanka (. .)
___________oOOo_(_(_)_)_oOOo___________
</pre><p>

Sry, I have heard it called a minipix so long I almost forgot that cisco doesn't call it that
It is the PIX 501. I think you can get one for about $500 depending on your userload. The only thing that jacks the price is the user licenses.
I know that is a little out of the price range you had there but it is worth the extra money. I know several software companies that have one and it has been VERY reliable.
These things are avaliable on ebay for much less than $500 if you want to get one there. I don't think I would recommend that for a buisness but keep the possibility open.

<A HREF="http://www.folken.net/myrig.htm" target="_new">My precious...</A>

I can give you 3 recommendations

Hotbrick 401, 401VPN
Sonicwall TZ150
Fortigate 50A


All three are Bussiness Class and worlds ahead above Most any D-link Netgear or Linksys devices.

They do however each have totally different feature sets.

I prefer the Hotbrick. For a Basic Stateful packet Inspection, business class logging ability and Hardened firewall for an almost insane price. It won't start slowing down till you have near 20 users.

The Sonicwall TZ150 can do more, but it cost more, that and they throw inaccurate nubers around on throughput. If you don t use the advanced features it runs full speed, as you start to enable more features the unit get progressively slower.

The Fortigate 50A does even more and includes Antivirus detection. But the price goes hand in hand.


My company does bussiness will goverment defense contractors so security is taken seriously here, that said either of these three should do what your looking for.

You could choose Cisco but these days and at this price point there are better options.

Mackintire