Choosing a firewall for hosting servers

Hi everyone,

At the moment I am using a Windows 2003 server with ICS enable to all network access to the Internet. However, I have other servers which I would like to make accessible to the Internet, so I am looking to upgrade my firewall.

Can anyone recommend a good firewall that can allow you to host servers easily and provide good control over what internal networks users can access on the Internet?

I've already found Kerio WinRoute Firewall, but I would like to compare it with other products.

Any ideas would be appreciated...

I've used Astaro Linux firewall before, and it seemed fairly good.

Note that this is a dedicated Linux firewalling distribution; you can't do anything else on the machine that it's installed on (which is, in essence, the whole point of a firewall).

Although it looks good, I've never really used Linux before and setting it up could cause problems for me!

The installation is straightforward; from then on, everything is administered via a web-based control panel. Astaro also provide technical support via phone for their paying customers.

I think I might give it a try then - thanks alexgreg

If you would like a Windows solution and do not mind to spend a little money ($1500 - $5000 depending on number of internal users) then I would recommend Symantec Enterprise Firewall.

I use it to protect our network and it does a very good job plus it is very robust in the configurations it can handle.

Rigas

Sorry Rigas - way, way out of my budget!

I would not run a firewall on a PC for several reasons mainly not only do you have to keep up on your firewall patches you have to keep up on the OS vulnerabilities and every other app running on it ( example Microsoft RPC or Linux with SSH vulnerabilities ). I would use ( and do ) a Cisco PIX 501 it costs around $350.00 U.S. and is a very strong firewall and VPN ( can use 3DES with MD5 or sha hashing ) . very hard to beat. if you are running DSL or cable it will replace your router if T1 or such you will need a router infront of it.. The fixup protocols are awsome for example with a PIX running SMTP fixup protocol it will * out all info from your mail server which is kool. telnet to your mail server once on port 25 it will tell everyone the OS your server is running the mail server patch level and if very bad setup will let people do VRFY on it.

Thanks - I might look into that.

Perhaps the most obvious question left out was is it a hardware or software solution that you need? (Next) What is your budget? Is the said solution compatible with your other programs e.g antivirus, email, file, print servers? Then do a search and get an informed opinion.

Thanks guys - I think I am going to follow juniperr and look at the Cisco firewall.

It is an appliance which is why I recommend them so there is no compatibilty issues with all that you listed. I have installed these in about 20 corporate environments for my clients they work great.

If ya need any help configuring the PIX send me a private message.

Thanks!

I'm researching some products but I think I'll eventually go with the Astaro Firewall based on the feedback I've gotten thus far.