I'm currently in the position of deciding on purchasing a new firewall..
Here's what's happening:
* We're going to switch from a slow ADSL line to a leased line.
* We've purchased a bunch of iphones and want to use them to connect to our exchange server over the internet via a vpn (big plus of astaro)
At the moment i'm undecided. Between a newer version of the GB1000 (our current firewall) the GB2000 or an Astaro firewall. The big bonus of the GB2000 is that configuration can essentially be copied across from the old one with only the VPN configuration being an issue.
Break down.
GB2000:
Much more expensive than an Astaro firewall
Relatively easy configuration (moving from a GB1000 to 2000)
Support doesn't seem as extensive as Astaro (no support forum like here for example)
Is proven to me
Lacks documentation for iphone VPN
Astaro:
An unknown to me
Cheaper
Looks good
Seems to be decently well documented
Is being pushed for by my boss because of the lower cost
The problem as I see it with the Astaro is that it's totally different from what i'm used to, hence configuration issues.
For example, if I say have a router address range of 62.49.111.111/29 how do I go about a DMZ that is accessible from the local lan to the webserver in that dmz? For example a user types www.ourcoolwebsite.com will it be possible to configure astaro to direct the resolved domain traffic direct to the webserver in the dmz correctly? I've experimented with other firewalls in the past that could not do this.
For example we'll have a dmz with an ip address range of 172.16.0.1/24 and a local lan with a range of 192.168.0.1/24. When the user types www.ourcoolwebsite.com and it resolves to 123.123.123.123 the firewall will correctly redirect that traffic to the webserver in the dmz rather than trying to fetch it from the internet. Other things too, like for example the webserver being able to access a SQL server (port 1433/tcp) which is on the local lan. (say 192.168.0.2)
Advice is much appreciated.
This thread was automatically locked due to age.
