I know Cisco makes some great stuff, especially their PIX line of firewalls. The problem is they are expensive. I'm looking for something that will filter out DoS attacks (if possible), and such. Would need to be rackmountable, as this is for a colo enviroment. Thanks

Look at either a PIX or a Netscreen, both have some DoS filtering capabilities, and both are very good firewalls.

Netscreen's cost are listed below

5xp - 10 user - $495
5xp - Unlimited - $995

5xt (4 port switch) - 10 user - $695
5xt (4 port switch) - Unlimited - $1195

Joe

Don't mean to sound stupid but what's the meaning of "users".

Originally posted by interactive:

Don't mean to sound stupid but what's the meaning of "users".

The number of physical machines behid the firewall. Each machine counts as a "user".

Actually users in regards to netscreen has to do with VPn users. It has nothing to do with machines.

Originally posted by jbiz718:

Actually users in regards to netscreen has to do with VPn users. It has nothing to do with machines.

Yea, Joe is right. Sorry, not enough sleep today...its that way for both the Netscreen and the PIX.

Whose Joe?

Originally posted by jbiz718:

Whose Joe?

You, don't you remember :D.

I would checkout sonicwall gear too. www.sonicwall.com. They have some good pricing and support much more conncurrent connections than the NetSceens. We run two of their higher end firewalls in redundant pair and they work great.

Allan

I sometimes forget.

Hello:

You can not really go wrong with the Cisco PIX 501, while NetScreen and some other companies have descent firewalls we have been using the PIX 501 for quite some time for single server protection. The price can get below $500.00 if you opt for the lower end service agreement and the maximum price would be about $650 with the 24X7(replacement) service agreement in place.

I think also it depends what you are using it for.

The netscreen 5xp and 5xt have limitations on sessions and what not. I imagine the Cisco Pix's do as well.

A upgrade to a netscreen 25 or 50 starts getting steep.

Actually users in regards to netscreen has to do with VPn users. It has nothing to do with machinesActually it has to also do with the number of IPs behind the firewall. On the 10 user version, if you put more than 10 IPs behind it it will start dropping sessions.