Bossman says we need a physical firewall. We've got only 12 folks in the office and most of use are on wireless. I know that a typical router should be good enough but Bossman doesn't want to risk the liability. So I was looking the this Watchguard XTM 26.

Curious to know if this will replace my wireless router? It never mentions the word router in any description but it looks just like one and i just wanna know if I'd be wrong in assuming it could replace my Netgear plug & play (for the most part, I got a guy who can configure it correctly, I'm just the one who's got to buy it).

http://www.watchguard.com/products/xtm-2/compare.asp?p1=xtm25&p2=xtm26

quote:

---

physical firewall

---

***k it! Let's burn this bish down!

IMO Watchguards are horrible.

You pay a yearly maintainance fee, and if you call for support, they want you to upgrade to the latest firewall. They are the only company that I know that says a reboot to the firewall is the fix if it locks up.

I stick with Cisco or just get a DD-WRT capable router.

If you went with Cisco, i'd suggest a ASA5505 with the unlimited user license and smartnet.

Second for Watchguard sucks.

My IT company is a Sonicwall shop, well sell them to almost all our clients. I'm very happy with them. Granted they work off licenses, too (for certain features), but they're nice I think.

However they're a bit pricey, especially for a 12 person office. I'd agree with Sling Blade and recommend an ASA5505. Of course the Cisco isn't as easy to program as some other ones. The ADSM UI is a little more technical than a lot of them out there, so if you're not somewhat familiar with Cisco devices, and networking concepts, configuring one can be a bit daunting.

Honestly though, you'd be perfectly fine with a Netgear ProSafe Firewall, but who knows if that's enough "physical firewall" for your boss.

I perfer juniper/netscreen for small office for fw/vpn over cisco asa. For diy I prefer pfsense over dd-wrt. The pfsense guys are in austin but I have never had to use their commercial support it just works. The reality is unless you generate a tailored rule set and actually monitor the logs a firewall generates you are not much better off than what a consumer grade nat router provides. Linksys belkin netgear and all the other brands routers are not firewalls their only protection is a side effect of them doing network address translation. Depending on what your business is you probably sjould be looking for ids/ips also. Also if you use Wireless you should be using at a minimum of wpa2 and 802.1x access control.
Or if your data is sensitive in the least hire a professional the potential liability from diy is not worth the business risk.

OP: most routers already have a firewall in place.

What 'problem' is your boss trying to solve?

If he wants to prevent anonymous outside access, you are likely already protected. If he wants content filtering, then you need to look at sonicwall, baracuda networks, etc...

I would go with something like Untangle...ideal for a small office.
http://www.untangle.com/