Well... being a Cisco bigot J, I'll throw in the ASA. You can do everything on your list except for the last two bullet points with the base license (even on the 5505 if you wanted). Actually, you *can* filter based on malicious web traffic and get user by user reports, but it becomes cumbersome the more you do. I'd recommend Websense or N2H2 or even an Ironport for the user by user reporting and web content filtering if you're looking to do a lot. Or, to keep it all in one device, you can load up an ASA 5510 with the Content Security blade (CSC-SSM10) to get the filtering/reporting you're after. That will cover Anti-Virus/Anti-Spam/Malware/URL Filtering/Reporting but does require a license bump. Or, just stick with the basic ASA and use OpenDNS.
Hope this helps! Aaron T. Rohyans Senior Network Engineer CCIE #21945, CCSP, CCNA, CQS-Firewall, CQS-IDS, CQS-VPN, ISSP, CISP, JNCIA-ER DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected] <mailto:[email protected]> http://www.dpsciences.com/ From: Doige, Clayton [mailto:[email protected]] Sent: Friday, January 30, 2009 10:36 AM To: NT System Admin Issues Subject: Firewall Recommendations Hi all, for the past few years we have used Watchguard Firewalls quite happily, but over the past few months the machines seem to be getting more problematic, and the problems mount with each successive firmware release. Some of the key functions that we require, over and above being a good firewall of course are below, and I am hoping you can share your opinions on what are the best and worst devices to get the job done? Features: * SSL VPN (needless to say really) * The ability to log in to an https page on the firewall: we have set the watchguard up so that it will not open ports until a user first logs in to the firewall via an https page * The ability to authenticate against active directory in the above scenario: we have a separate forest set up strictly for this purpose (allows the same firewall login across all of our sites this way) * The ability to report web traffic usage on a user by user basis, as opposed to machine IP Address * Some sort of web content filtering, both by type of file, and classic content types, such as gambling etc Many thanks in advance for any and all feedback Clayton Doige IT Project Manager CME Development Corporation T: 020 7430 5355 M: 07949 255062 E:[email protected] W:www.cetv-net.com ______________________________________________________________________ This electronic mail message and any attached files contain information intended for the exclusive use of the person(s) to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this message or its contents may be subject to legal restriction or sanction. If you have received this message in error, please notify the sender immediately by electronic mail and delete the original message and any attachments without retaining any copies. _____________________________________________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
