Advice a good hardware firewall [closed]

Which firewall would you advice to use to meet following 1Gb line and most anti hacking modules. Price range 10k-15k$.

3 years warranty on site, full support online.

About modules, i don't know what role antivirus has in firewalls because this firewall gonna be used for IIS applications but definitely against DDOs types of attacks... Not good enough to say more.

Thanks...


This question still needs more details if you expect actual suggestions for specific solutions. But I think you should be able to answer this one on your own with some more research. Cisco, Juniper, FortiNet, SonicWall, etc will all have a solution that fit your needs. The speed and number of WAN links you're trying to protect is going to be the biggest factor in sizing the unit, aka what model you need. Beyond that it's going to boil down to price and features that you need for all your requirements.

I personally prefer FortiGate units from FortiNet over the Cisco ASA's but it's a personal preference. I've never used the Juniper solutions so I can't speak on those but I've heard good things about them.

This is a little OT, but don't get lazy on hardening the IIS server or application just b/c it's behind a firewall. Everyone loves to jump to the conclusion that the security check box is checked b/c they have a firewall but it just takes one misconfiguration to get past your security. Also IDS/IPS systems are not 100% affective and have to be configured properly for your environment or you'll get a lot of noise from them.


I wouldn't bother with a black box solution. I'd go for an x86 cheap box with SmoothWall or IPCop, and three network cards to cover your incoming, outgoing and DMZ requirements.


You probably need to specify more. Packets per second? How much VPN traffic? Juniper or Cisco can be alternatives. If you don't know exactly what you need, you should probably turn to a consultancy firm to get help evaluating it and candidate hw firewalls.

As mention earlier, a Linux or BSD based firewall could very well do this pretty cheap. (Actually run two plus CARP for high availability).


1Gbit is not enough to give you an answer. You need to share with us if it will handle VPNs, if so how many. What type of data would you be pressing? Small packets, big packets etc. Depending which features you need, such as IPS/IDS and VPN performance you need a very big firewall to cope, think ASA5580 or cisco 6500 with FWSM.

But you need to supply a more detailed description of what your needs are.


Nokia IP290
(source: nokia.co.jp)

Our corporate network has Nokia IP290, which is really easy to mantain and it's bulletproof. Highly recommended. Cost was about 4.5k$ (tax incl.) with 1 year subscription.

Datasheet with specs is here.