I'm moving a couple of servers to a colo and was wondering what you would recommend for a hardware firewall to sit in front of them? Is it fine to just get the cheapest Cisco/Fortigate/Juniper/whatever firewall? I don't need anything fancy, pretty much just port forwarding.
Asked
Active
Viewed 1,575 times
3
-
related question: http://serverfault.com/questions/122271/best-firewall-product-for-hosting-housing-environment – jishi Feb 10 '11 at 14:17
4 Answers
2
Here's an example for some criteria you'll want to consider when selecting a firewall in the scenario you described:
- Feature set - Make sure it'll perform your immediate and potential future purposes.
- Performance - Co-location generally provides good network connectivity and throughput. Make sure the device you pick will handle the anticipated loads you'll be capable of.
- Form factor - You're paying to put equipment here, the smaller the equipment, the more you can pack in.
- Management - Some devices offer features that make remote management easier, and give you tools in the event you find yourself unable to access it.
I imagine the brand names you've mentioned would have models capable of what you're asking. Most likely it would come down to performance and management of the equipment.
mcmeel
- 526
- 2
- 6
1
I would not get the cheapest firewall. You need to look at your requirements such as throughput, active connections, security, vpn requirements and more. If it needs to be cheap I would recommend setting up a separate linux box as the firewall using iptables. If there is budget for a firewall but you need something small consider the cisco asa 5505(smaller than 1U), or if you need something with more requirements consider the 5510 or 5520 which are rack mountable. The cisco firewalls have a gui interface and after initial setup can be relatively easy to manage.
pablo
- 3,020
- 1
- 18
- 23
-
Thanks, I have been looking at the ASA5505, just wondering if I was heading down the right path. – Jon Tackabury Feb 09 '11 at 22:23
-
The 5505 is a nice product, and may be enough. However, since it's a desktop form factor, you'll want to buy a rack mount kit. – Scott Pack Feb 10 '11 at 04:45
1
You are probably looking at "wasting" at least 1U of rack space for this firewall.
I would not buy a consumer-grade cheapie firewall.
The Juniper Netscreen SSG5 would probably meet your needs, but it is a paperback size format and doesn't come with rack arms (that I recall). The first "rackable" SSG is the SSG140, but that's not quite so cheap -- definitely overkill for your application here.
If you can figure out a way to mount it neatly, the SSG5 would almost certainly be sufficient.
David Mackintosh
- 14,223
- 6
- 46
- 77
-
1I believe the SSG5 and SSG20 both have 1u rackmount kits available. – Doug Luxem Feb 10 '11 at 14:59
0
Alternatively - get a Mikrotik RB1100 and see how far it lasts (50mbit for smallish packets was on the table by someone running game servers).
It is CHEAP and has a TON of features in RouterOS. Uses very little power, too.
Then later you can upgrade to something more powerfull if needed. Again, the RB1100 is CHEAP to start with.
TomTom
- 50,857
- 7
- 52
- 134