Results 1 to 9 of 9
  1. #1

    Firewall Recommendation

    We are looking for a firewall for a future setup we are working on. Looking for something to put web servers behind, about 30 at first (about 50 Mbps) and growing from there. We would like to have some Ddos protection if possible, but devices for that can get quite high on price it seems.

    Any recommendations? I've seen where alot recommend staying away from Watchguard. How about Cisco, Sonicwall, or others?
    NodePlex - Powerful and Customizable Dedicated Servers
    Experienced Dedicated Server Hosting since 2003
    EasyPro - Professional Website Builder
    The tools and performance you need to build stunning websites

  2. #2
    Join Date
    Jul 2002
    Location
    New York, USA
    Posts
    467
    I personally like the Junipers SSG line.
    Larry Ludwig
    Empowering Media
    HostCube - Proactively Managed Xen based VPSes
    Empowering Media - The Dev Null Blog

  3. #3
    Join Date
    Nov 2005
    Posts
    3,944
    Your not going to find very good DDOS protection (mitigation) with a Sonicwall from my understanding (if any). Your best bet is to find a provider who all ready has it, as it's not a cheap solution. Is there a reason you feel you need DDOS protection?

    The thing about DDOS's is you need a giant pipe to be able to take it in and then filter it, if the attack is larger than your pipe, then it won't work out for you. Someone correct me if I'm wrong, but this is what I have gathered.


  4. #4
    Join Date
    Jul 2002
    Location
    New York, USA
    Posts
    467
    Quote Originally Posted by devonblzx View Post
    The thing about DDOS's is you need a giant pipe to be able to take it in and then filter it, if the attack is larger than your pipe, then it won't work out for you. Someone correct me if I'm wrong, but this is what I have gathered.
    Depends upon the type of DDOS attack and the amount. Depending upon the size you may need to get your ISP(s) involved anyways.

    There are DDOS attacks that can bring a server to it's knees yet doesn't use that much bandwidth. Depends upon how much protection you already have on the server itself. One advantage of hardware firewall is it makes the mgt centralized.
    Larry Ludwig
    Empowering Media
    HostCube - Proactively Managed Xen based VPSes
    Empowering Media - The Dev Null Blog

  5. #5
    Quote Originally Posted by empoweri View Post
    I personally like the Junipers SSG line.
    For DDoS mitigation, Juniper itself recommeds. See here and here. So if you are looking for a hardware firewall that can compartmentalize the different web-servers, so that attack one one does not affect the others, IntruGuard is very cost-effective giving you both firewall and DDoS mitigation capability.

    Sonicwall does not provide granular DDoS mitigation. SYN flood protection provided by most firewalls (including hardware firewall) is not enough to protect from sophisticated DDoS attacks that are originating these days from the east.

  6. #6
    Join Date
    Jan 2004
    Location
    North Yorkshire, UK
    Posts
    4,164
    As has been mentioned you aren't going to get much in the way of DDoS protection from a low end unit, you'll be able to beat basic attacks such as syn flood, etc, but not high volume based ones.

    That aside the Juniper SSG series are fantastic, the SSG140 is probably what you should be looking at. They are very well priced for their capability. We've got about 20 of them in production and they've been flawless.

    Dan
    █ Dan Kitchen | Technical Director | Razorblue
    █ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
    █ UK Intensive Managed Hosting, Clusters and Colocation.
    █ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).

  7. #7
    Join Date
    Jan 2005
    Location
    San Francisco/Hot Springs
    Posts
    991
    Quote Originally Posted by Dimension4 View Post
    We would like to have some Ddos protection if possible, but devices for that can get quite high on price it seems.
    If you're worried about DDOS and you don't have a huge budget - forget your own firewall.
    Most DDOS will overwhelm the pipe you've got going in and you're done at that point.

    I deploy the Juniper SSG and ISG line quite a bit, they work well. I'm not a huge fan of the Cisco ASA but they work fine too.
    AppliedOperations - Premium Service
    Bandwidth | Colocation | Hosting | Managed Services | Consulting
    www.appliedops.net

  8. #8
    Join Date
    Nov 2005
    Posts
    1,224
    (Netscreen was acquired by Juniper)

    Add my vote for Juniper firewalls. We've been using them for several years and are extremely satisfied.

  9. #9
    Join Date
    Aug 2007
    Posts
    6,884
    SonicWall would be fine.
    iHubNet Ltd - Premium Hosting Solutions 4 ALL
    Solid Support Solid Equipment Solid Network
    Shared Hosting / Reseller Hosting / Managed Server
    Matt A.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •