It sounds like the reason you want one firewall is to avoid another point of failure. It also sounds like you're trying to plug a mid-range piece of networking equipment into low end equipment (DSL modem, maybe a cheap switch/hub previously). High end Sonicwall firewalls will do everything you want and more. I don't know about the particular model you are considering, though. It's nice to decompose everything down into fewest points of failure, but you're going to make the configuration of the single firewall very complex - the type of setup you're describing is non-trivial, and the configuration of a firewall to do everything you want (especially when the two main jobs of the firewall are orthogonal) means that you are merely trading one type of failure and complexity for another. This doesn't even touch the subject of whether you really should have your firewall doing double duty as your router as well. For instance, if the new sonic fails, both your website and internal access die. As you are also under a budget, you might reconsider your previous plan and simply replace your current setup with better equipment in the same configuration. In an office where I had to manage a few IPs coming from a DSL modem, the modem itself had the switch built in so I didn't need the switch/hub that failed in your setup, but I did have to set up two separate firewall/routers, one with NAT for internal operations, and one that opened a few ports for a server. I did at one point have it all going through a single firewall/nat/router appliance, but traded it out for redundancy and ease of configuration (Also I was leaving the company within a year of needing to reconfigure the network, and didn't want them to have to hire an expert just to maintain it). When you get to the mid to high end in networking, most companies (cisco, sonic, etc) want big bucks for support - you really have to know their equipment or have a network engineer come and do it for the complex situations. So... you might be better off choosing to go with mid-range stuff you know how to deal with. And, while this is unlikely in your case, keep in mind that some friends/experts who offer free advice and help would rather tell you something is not possible than tell you that it can work but they aren't available to help. If Sonic and several acquaintences say, "It should work" and one trusted friend/expert says "it won't work" then it sounds like you've got your work cut out for you Good luck! -Adam On 1/7/08, James Newton wrote: > I'm still trying to get a good professional hardware firewall to replace the > two separate Linksys units I have. > > Everybody was telling me to buy a Sonic unit, and I have now got management > approval to actually put out around $800 for one, but I just heard from an > experienced IT guy that it won't do what I want. > > We have ONE DSL modem that serves up TWO IP addresses. > > I need ONE firewall that can mange BOTH IP's with different internal > networks and port configurations. One for the web / email server and another > for the users machines / exchange / vpn / etc... > > I could purchase TWO Sonics, but then I have to have a hub between the DSL > modem and the two firewalls, which ands another point of failure... > > ...and it was exactly that which caused slow access to the site this > weekend: The little Netgear 4 port hub that I had between the DSL modem and > the two Linksys units failed. > > Ok, here is the real reason: I used the failure of the hub to pound the need > for a professional firewall home to management. "If we had just purchased > the Sonic wall I asked for months ago, this would not have happened, because > there would be no little hub in-between". If I now have to come back and ask > for two firewalls and a new hub, it's going to make me look stupid. > > Everything I could find on the sonic wall web site made me believe that they > could manage two separate internal networks, but this guy should know; he > sets them up for a living. And he says he doesn't believe it can be done. > > James Newton: PICList webmaster/Admin > mailto:jamesnewton@piclist.com 1-619-652-0593 phone > http://www.piclist.com/member/JMN-EFP-786 > PIC/PICList FAQ: http://www.piclist.com > > > -- > http://www.piclist.com PIC/SX FAQ & list archive > View/change your membership options at > http://mailman.mit.edu/mailman/listinfo/piclist > -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Moving in southeast Michigan? Buy my house: http://ubasics.com/house/ Interested in electronics? Check out the projects at http://ubasics.com Building your own house? Check out http://ubasics.com/home/ -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist