Affordable firewalls

The first line of defense, for networks large or small, is typically the firewall — that aptly named barrier that is supposed to keep heat from unwanted intruders outside while allowing those within to go about their business normally.

Traditionally, firewalls have consisted of some combination of hardware and software that was powerful, flexible, and pretty much a pain to manage. That’s not a problem so long as your company can afford to dedicate people to the task, since it gives you ultimate control over your perimeter.

It can become tough, though, when IT budgets — and especially headcount — grow tighter, as has happened in recent years.

Hence the rise of the so-called firewall appliance. These all-in-one devices are supposed to make installing a reliable firewall simple. You just place the box at the fringe of the network, click through some configuration wizards, and presto! Instant security.

But do the products in this category really fulfill that promise? “Well, yes and no,” says Oliver Rist, InfoWorld Test Center senior contributing editor, who recently completed an evaluation of three typical models in “Firewall Free-for-All.”

Rist and his colleagues studied three appliances: the low-cost Ingate Firewall 1400 ($3,400) and Toshiba Magnia SG20 ($2,295), and the somewhat pricier Nokia IP380 ($9,995 before licenses). For comparison, they threw in a conventional router-firewall from Enterasys (the XSF-3250 Security Router, also $9,995 before licenses).

For sheer performance, nothing beat the traditional Enterasys, which is probably not surprising since it was the only device with Gigabit Ethernet. But among the three appliances, Rist found that the Toshiba offered the best price/power mix. “The Toshiba defended against attacks successfully, and it included e-mail support; virus, spam, and content filtering; and a fully functional VPN client — all with a slick user interface,” says Rist, an IT consultant based in Lake Success, N.Y., and regular InfoWorld tester.

Bottom line? “If you’re managing a financial services company with multiple redundant firewalls, then you should choose the router approach,” Rist says. “But if cost is an issue and security is a concern, but not the chief concern, then appliances are a good solution.”

Elsewhere in this issue, don’t miss our CTO Chad Dickerson responding to the reader comments that flooded in after his recent column arguing that successful IT departments lose visibility in the enterprise.

Please also check out Ed Foster’s article on the maddening license fees you may encounter after buying used IT equipment through auction sites such as eBay. Ed used to write a regular column, The Gripe Line, for this magazine and still writes The Gripe Line Weblog for infoworld.com and gripe2ed.com. This is his second story for InfoWorld since our redesign, and it’s a pleasure to have him back in the publication.