Results 1 to 9 of 9
Thread: Firewall Recommendation
-
04-08-2008, 08:19 PM #1Premium Member
- Join Date
- Mar 2004
- Posts
- 439
Firewall Recommendation
We are looking for a firewall for a future setup we are working on. Looking for something to put web servers behind, about 30 at first (about 50 Mbps) and growing from there. We would like to have some Ddos protection if possible, but devices for that can get quite high on price it seems.
Any recommendations? I've seen where alot recommend staying away from Watchguard. How about Cisco, Sonicwall, or others?NodePlex - Powerful and Customizable Dedicated Servers
Experienced Dedicated Server Hosting since 2003
EasyPro - Professional Website Builder
The tools and performance you need to build stunning websites
-
04-08-2008, 08:35 PM #2Web Hosting Evangelist
- Join Date
- Jul 2002
- Location
- New York, USA
- Posts
- 467
I personally like the Junipers SSG line.
Larry Ludwig
Empowering Media
HostCube - Proactively Managed Xen based VPSes
Empowering Media - The Dev Null Blog
-
04-08-2008, 08:36 PM #3Web Hosting Master
- Join Date
- Nov 2005
- Posts
- 3,944
Your not going to find very good DDOS protection (mitigation) with a Sonicwall from my understanding (if any). Your best bet is to find a provider who all ready has it, as it's not a cheap solution. Is there a reason you feel you need DDOS protection?
The thing about DDOS's is you need a giant pipe to be able to take it in and then filter it, if the attack is larger than your pipe, then it won't work out for you. Someone correct me if I'm wrong, but this is what I have gathered.
-
04-08-2008, 08:41 PM #4Web Hosting Evangelist
- Join Date
- Jul 2002
- Location
- New York, USA
- Posts
- 467
Depends upon the type of DDOS attack and the amount. Depending upon the size you may need to get your ISP(s) involved anyways.
There are DDOS attacks that can bring a server to it's knees yet doesn't use that much bandwidth. Depends upon how much protection you already have on the server itself. One advantage of hardware firewall is it makes the mgt centralized.Larry Ludwig
Empowering Media
HostCube - Proactively Managed Xen based VPSes
Empowering Media - The Dev Null Blog
-
04-14-2008, 03:05 PM #5Disabled
- Join Date
- Nov 2006
- Posts
- 43
For DDoS mitigation, Juniper itself recommeds. See here and here. So if you are looking for a hardware firewall that can compartmentalize the different web-servers, so that attack one one does not affect the others, IntruGuard is very cost-effective giving you both firewall and DDoS mitigation capability.
Sonicwall does not provide granular DDoS mitigation. SYN flood protection provided by most firewalls (including hardware firewall) is not enough to protect from sophisticated DDoS attacks that are originating these days from the east.
-
04-14-2008, 04:17 PM #6Managed Hosting Expert
- Join Date
- Jan 2004
- Location
- North Yorkshire, UK
- Posts
- 4,164
As has been mentioned you aren't going to get much in the way of DDoS protection from a low end unit, you'll be able to beat basic attacks such as syn flood, etc, but not high volume based ones.
That aside the Juniper SSG series are fantastic, the SSG140 is probably what you should be looking at. They are very well priced for their capability. We've got about 20 of them in production and they've been flawless.
Dan█ Dan Kitchen | Technical Director | Razorblue
█ ddi: (+44) (0)1748 900 680 | e: dkitchen@razorblue.com
█ UK Intensive Managed Hosting, Clusters and Colocation.
█ HP Servers, Cisco/Juniper Powered BGP Network (AS15692).
-
04-14-2008, 05:04 PM #7NetOps Guy
- Join Date
- Jan 2005
- Location
- San Francisco/Hot Springs
- Posts
- 991
If you're worried about DDOS and you don't have a huge budget - forget your own firewall.
Most DDOS will overwhelm the pipe you've got going in and you're done at that point.
I deploy the Juniper SSG and ISG line quite a bit, they work well. I'm not a huge fan of the Cisco ASA but they work fine too.AppliedOperations - Premium Service
Bandwidth | Colocation | Hosting | Managed Services | Consulting
www.appliedops.net
-
05-05-2008, 09:55 AM #8Web Hosting Master
- Join Date
- Nov 2005
- Posts
- 1,224
(Netscreen was acquired by Juniper)
Add my vote for Juniper firewalls. We've been using them for several years and are extremely satisfied.
-
05-05-2008, 12:49 PM #9Web Hosting Master
- Join Date
- Aug 2007
- Posts
- 6,884
SonicWall would be fine.
iHubNet Ltd - Premium Hosting Solutions 4 ALL
• Solid Support • Solid Equipment • Solid Network
Shared Hosting / Reseller Hosting / Managed Server
Matt A.