Has anyone had any experience with these? We are looking at firewalling our high-end clients, but the costs are a factor:
Cisco PIX 515R single configuration is $2850 install and $1100 per month.

The Cisco PIX are pretty decent to work with. They are also very inexpensive as I think Cisco is trying to catch up in the market (they kind of missed the boad).

You won't go wrong with the PIX, but those prices are really high.

Bandwidth is an issue when putting a firewall in front of a customers server. If they're not over 10Mbps sustained I would
go with a Cisco PIX 506 or a Netscreen5. Netscreen should be about $900.00 and PIX should be about $1300.00 to buy. Install is not that much depending on what level of security you are looking for. Whatever you do don't pay all that money when you don't have to.:stickout

Thanks for the pointers. This company pointed to managed firewall services.. I.E. they handle everything. Is there really that much to do when managing a firewall??? Up to this point, embarassingly enough, we've used software firewalls on the servers.

Drew

That is still a very high price to manage a firewall (for example, we change $150-$350/mo for firewall management with unlimited policy changes). Most firewalls are very easy to manage an monitor.

Originally posted by drewnick

Is there really that much to do when managing a firewall??? Up to this point, embarassingly enough, we've used software firewalls on the servers.


Firewall vendors like Cisco and Checkpoint try to make it easy for your to manage and monitor your firewall. Whether or not you manage it, or outsource it really depends on how confident you are in your ability to control rulesets, and track down attackers.

The biggest problem I have seen with companies that handle their own monitoring is that when an attack occurs, they do not kow what to do.

If you are going to monitor the firewall yourself, make sure you create a security plan with step by step instructions that need to be followed in the event of an attack. This way you will not have to worry about your third shift accidentally deleting log files needed to track down an attacker, or something like that.

It is for that reason that I will likely outsource it. It will allow us to focus our limited staff on customer service.

Regards,
Drew

uuallan, right as usual :) but you have to admit that a properly set-up firewall is very low maintance. I mean very low! Plus, they are very easy to set-up and configure once you understand what a firewall really is.

Originally posted by RackMy.com
uuallan, right as usual :) but you have to admit that a properly set-up firewall is very low maintance. I mean very low! Plus, they are very easy to set-up and configure once you understand what a firewall really is.

I completely agree, unless you have a PITA customer like myself who constantly wants you to open weird ports like CVS and Webmin, just so I can play around with different tools :).

But for most organizations, once you esetablish a firewall policy, as well as a policy for updating the rulesets, the firewall itself is fairly low maintenance.

Customer... PITA...., Never :) LOL

I think we will try an unmanaged configuration and see how it goes. It's always worth a shot. I appreciate you guys' input.

Drew

Good luck and let us know how it goes!