Firewall Appliances

Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
But SBS 2008 networks seem to be single-NIC networks thus exposing
all the SBS clients to the WAN interface.

This argues that some kind of firewall appliance is needed. For small
LANs (<10 clients) the cost of such an appliance can be a
deal-breaker.

Does anyone have recommendations about such appliances for small LANs?
Do they require subscriptions?
Do they require CAL-type licensing?

I've spent quite a bit of time looking into this and haven't wound up
knowing anything more than when I started. I need to understand real
operating costs of these devices.

All I'm seeing out there is a bunch of marketing slime.

TIA
--
BilBo

If your budget is really low you could consider using the free open source
Untangle on a low end P4 box.

Steve

"Bilbo fake rubbish.domain.org>" <wlp<fauxat> wrote in message
news:...
> Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
> But SBS 2008 networks seem to be single-NIC networks thus exposing
> all the SBS clients to the WAN interface.
>
> This argues that some kind of firewall appliance is needed. For small
> LANs (<10 clients) the cost of such an appliance can be a
> deal-breaker.
>
> Does anyone have recommendations about such appliances for small LANs?
> Do they require subscriptions?
> Do they require CAL-type licensing?
>
> I've spent quite a bit of time looking into this and haven't wound up
> knowing anything more than when I started. I need to understand real
> operating costs of these devices.
>
> All I'm seeing out there is a bunch of marketing slime.
>
> TIA
> --
> BilBo

On Thu, 22 Jul 2010 12:20:58 -0500, Bilbo
<wlp<faux>fake<at>rubbish.domain.org> wrote:

>Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
>But SBS 2008 networks seem to be single-NIC networks thus exposing
>all the SBS clients to the WAN interface.
>
>This argues that some kind of firewall appliance is needed. For small
>LANs (<10 clients) the cost of such an appliance can be a
>deal-breaker.
>
>Does anyone have recommendations about such appliances for small LANs?
>Do they require subscriptions?
>Do they require CAL-type licensing?
>
>I've spent quite a bit of time looking into this and haven't wound up
>knowing anything more than when I started. I need to understand real
>operating costs of these devices.
>
>All I'm seeing out there is a bunch of marketing slime.
>
>TIA



I think it depends what you're trying to block. If you're trying to
block viruses and spam then the Baracuda stuff is good, but expensive.
If you're just trying to prevent hacks then you should be fine with a
decent firewalled router - we use Cisco 877 units on all our SBS2008
sites, with NAT, and it's pretty robust when used with a good config.
These cost around £350.

Just my 2p.



Jim

In article <>, Bilbo says...
> Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
> But SBS 2008 networks seem to be single-NIC networks thus exposing
> all the SBS clients to the WAN interface.
>
> This argues that some kind of firewall appliance is needed. For small
> LANs (<10 clients) the cost of such an appliance can be a
> deal-breaker.
>
> Does anyone have recommendations about such appliances for small LANs?
> Do they require subscriptions?
> Do they require CAL-type licensing?
>
> I've spent quite a bit of time looking into this and haven't wound up
> knowing anything more than when I started. I need to understand real
> operating costs of these devices.
>
> All I'm seeing out there is a bunch of marketing slime.
>

I never install SBS, any version, without a firewall appliance, and I
don't mean one of those crappy NAT routers that pretends to be a
firewall.

Today, unlike 10 years ago, firewall appliances do so much more than
just detect attacks or filter, they often come with anti-spam, anti-
malware, content blocking, web filters, etc....

A reasonable firewall for a small company, that is hosting their own
email, will run about $1400, but a dirt cheap one would cost about $550
with the filtering services.

I buy WatchGuard because I've used about everything on the market and
they just seem to have it going right all these years. I have more than
80 different WG appliances in the field and a few of them are 7+ years
old and still working (although unsupported, end of lifed).

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

In article <>,
says...
>
> On Thu, 22 Jul 2010 12:20:58 -0500, Bilbo
> <wlp<faux>fake<at>rubbish.domain.org> wrote:
>
> >Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
> >But SBS 2008 networks seem to be single-NIC networks thus exposing
> >all the SBS clients to the WAN interface.
> >
> >This argues that some kind of firewall appliance is needed. For small
> >LANs (<10 clients) the cost of such an appliance can be a
> >deal-breaker.
> >
> >Does anyone have recommendations about such appliances for small LANs?
> >Do they require subscriptions?
> >Do they require CAL-type licensing?
> >
> >I've spent quite a bit of time looking into this and haven't wound up
> >knowing anything more than when I started. I need to understand real
> >operating costs of these devices.
> >
> >All I'm seeing out there is a bunch of marketing slime.
> >
> >TIA
>
>
>
> I think it depends what you're trying to block. If you're trying to
> block viruses and spam then the Baracuda stuff is good, but expensive.
> If you're just trying to prevent hacks then you should be fine with a
> decent firewalled router - we use Cisco 877 units on all our SBS2008
> sites, with NAT, and it's pretty robust when used with a good config.
> These cost around £350.
>
> Just my 2p.
>
>
>
> Jim

Most firewalls have anti-spam/anti-virus add-on services that are just
as effective as the Barracuda and a LOT cheaper.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

Hi Bilbo,

Leythos convinced me to try Watchguard products 3 - 4 years ago and now I
wouldn't use anything else. The granularity offered by these units is
fantastic and so easy to configure. With a full UTM Security Suite
(subscription based, price depending on model), you can block malware and
spam at the firewall which alone is worth the investment.

Colin.

"Bilbo fake rubbish.domain.org>" wrote:

> Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
> But SBS 2008 networks seem to be single-NIC networks thus exposing
> all the SBS clients to the WAN interface.
>
> This argues that some kind of firewall appliance is needed. For small
> LANs (<10 clients) the cost of such an appliance can be a
> deal-breaker.
>
> Does anyone have recommendations about such appliances for small LANs?
> Do they require subscriptions?
> Do they require CAL-type licensing?
>
> I've spent quite a bit of time looking into this and haven't wound up
> knowing anything more than when I started. I need to understand real
> operating costs of these devices.
>
> All I'm seeing out there is a bunch of marketing slime.
>
> TIA
> --
> BilBo
> .
>

In article <794459EF-9F49-46D1-95C4->,
says...
> Leythos convinced me to try Watchguard products 3 - 4 years ago and now I
> wouldn't use anything else.
>

Thanks - and just think, I even provide free support via Usenet or email
:-)

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

Thanks to all who replied. You've given me some food for thought.
I think I'll have to pilot some of these on my own server before doing
it for/to any of my clients.

Bilbo

On Thu, 22 Jul 2010 12:20:58 -0500, Bilbo
<wlp<faux>fake<at>rubbish.domain.org> wrote:

>Running SBS 2003 SP2 but am considering "upgrade" to SBS 2008.
>But SBS 2008 networks seem to be single-NIC networks thus exposing
>all the SBS clients to the WAN interface.
>
>This argues that some kind of firewall appliance is needed. For small
>LANs (<10 clients) the cost of such an appliance can be a
>deal-breaker.
>
>Does anyone have recommendations about such appliances for small LANs?
>Do they require subscriptions?
>Do they require CAL-type licensing?
>
>I've spent quite a bit of time looking into this and haven't wound up
>knowing anything more than when I started. I need to understand real
>operating costs of these devices.
>
>All I'm seeing out there is a bunch of marketing slime.
>
>TIA

--
BilBo

In article <>, Bilbo says...
> Thanks to all who replied. You've given me some food for thought.
> I think I'll have to pilot some of these on my own server before doing
> it for/to any of my clients.
>

You should not install a firewall app on a server that is not isolated
from the rest of the network, it's bad mojo to do so.

We have several small offices < 10 people, that still see the benefit of
having a secure office, anti-spam, web content filtering/blocking, and
additional security measures provided by Firewall Appliances.

Look into the WatchGuard products, they have them for very small offices
through large corporate solutions.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)