SMB firewall options
-
@JaredBusch said in SMB firewall options:
@wrx7m said in SMB firewall options:
@scottalanmiller said in SMB firewall options:
Only things I use anymore...
- Ubiquit for nearly everything.
- Sophos if they demand UTM but don't have the resources for the good stuff.
- Palo Alto if they really need edge security.
What would you consider "the good stuff" that you would use instead of Sophos UTM?
Why do you mean? There are many pieces to an UTM.
The FOSS pieces are readily available individually.
I understand that there are many pieces to a UTM. That is why I am asking what, specifically, SAM considers the good stuff? The good stuff could mean brand, technology type or both.
-
@wrx7m said in SMB firewall options:
I understand that there are many pieces to a UTM. That is why I am asking what, specifically, SAM considers the good stuff? The good stuff could mean brand, technology type or both.
Juniper, WatchGuard, Checkpoint are usually considered the top contenders in UTM market...
but be prepared say a Junpier SRX5600 base model starts at $30,000.
Some of the check point models start at $150,000.
Watchguard is on the lowerend and I think their most expensive unit is only $50,000.
-
@Jason said in SMB firewall options:
@wrx7m said in SMB firewall options:
I understand that there are many pieces to a UTM. That is why I am asking what, specifically, SAM considers the good stuff? The good stuff could mean brand, technology type or both.
Juniper, WatchGuard, Checkpoint are usually considered the top contenders in UTM market...
but be prepared say a Junpier SRX5600 base model starts at $30,000.
Some of the check point models start at $150,000.
Watchguard is on the lowerend and I think their most expensive unit is only $50,000.
I've used/deployed quite a few(This was years ago) Whatchguard appliances, and I really hated the interface and more so, the support .. Wouldn't rate them as "Top Contender" ... Checkpoint & Juniper - Yes ...But, these are for Enterprise level ...
For 20 users or so, I'd stick with an all-in-one box (UTM) ... Sophos, Sonicwall, pfsense ... all would work, just as well
Say, anyone heard of worked with Crossbeam, in the past ... ? I don't think the brand/company exists anymore ... but just wondering ..
-
@wrx7m said in SMB firewall options:
@JaredBusch said in SMB firewall options:
@wrx7m said in SMB firewall options:
@scottalanmiller said in SMB firewall options:
Only things I use anymore...
- Ubiquit for nearly everything.
- Sophos if they demand UTM but don't have the resources for the good stuff.
- Palo Alto if they really need edge security.
What would you consider "the good stuff" that you would use instead of Sophos UTM?
Why do you mean? There are many pieces to an UTM.
The FOSS pieces are readily available individually.
I understand that there are many pieces to a UTM. That is why I am asking what, specifically, SAM considers the good stuff? The good stuff could mean brand, technology type or both.
Sorry, been away. "Good stuff" was referring to Palo Alto there.
-
@Veet said in SMB firewall options:
For 20 users or so, I'd stick with an all-in-one box (UTM) ... Sophos, Sonicwall, pfsense ... all would work, just as well
We've had bad luck with SonicWall. Unrealible, breaks things, hard to manage. If you are considering SonicWall, get Sophos instead.
-
@Veet said in SMB firewall options:
For 20 users or so, I'd stick with an all-in-one box (UTM) ... Sophos, Sonicwall, pfsense ... all would work, just as well
Sonicwall is crap.
Pfsense is not really a UTM, it's a firewall sure you can add some packages to it but it doesn't perform that well as a UTM.
-
@scottalanmiller said in SMB firewall options:
and, technology type or both.Sorry, been away. "Good stuff" was referring to Palo Alto there.
Palo Alto does not make true UTMs they are all considered firewalls. We have them and they are great but they aren't classified as UTMs.
This is what Palo Alto themselves say about UTMs
The only value proposition a UTM provides is to collapse the traditional (broken) network security infrastructure into a single box as a cost savings mechanism.
-
@Jason said in SMB firewall options:
@Veet said in SMB firewall options:
For 20 users or so, I'd stick with an all-in-one box (UTM) ... Sophos, Sonicwall, pfsense ... all would work, just as well
Sonicwall is crap.
Pfsense is not really a UTM, it's a firewall sure you can add some packages to it but it doesn't perform that well as a UTM.
And isn't meant to, it's meant to be a strong firewall / router. The thing that makes it so good is the incredible performance of the FreeBSD network stack and the pf firewall component of that. The other stuff is just random add-ons, generally not a good thing on a router.
-
@Jason said in SMB firewall options:
@scottalanmiller said in SMB firewall options:
and, technology type or both.Sorry, been away. "Good stuff" was referring to Palo Alto there.
Palo Alto does not make true UTMs they are all considered firewalls. We have them and they are great but they aren't classified as UTMs.
This is what Palo Alto themselves say about UTMs
The only value proposition a UTM provides is to collapse the traditional (broken) network security infrastructure into a single box as a cost savings mechanism.
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM. -
@scottalanmiller said
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM.BTW, at MC you mentioned $10K as an entry point to PA.
We have the PA-200 and it was less than $3K.
And like $1.2K ongoing a year for subscriptions, support, etc..
-
@scottalanmiller said in SMB firewall options:
@Veet said in SMB firewall options:
For 20 users or so, I'd stick with an all-in-one box (UTM) ... Sophos, Sonicwall, pfsense ... all would work, just as well
We've had bad luck with SonicWall. Unrealible, breaks things, hard to manage. If you are considering SonicWall, get Sophos instead.
Over here, Sophos technical support sucks bigtime ... same issue with WatchGuard ...
Infact,years back, we pushed a lot of Watchguard UTMs .. When Watchguard started-off, the support was pretty decent .. Over time, it just went to the dogs , which is when we shifted to Sonicwall (this was before Sophos made an entry) ...We've faced very few issues with Sonicwall, and whenever we did, the tech support was always great ...
We deployed quite a Sophos appliances (SG series mostly), in the recent past, and we did face quite a few issues , but thats okay ... What is NOT okay, is the lackluster support ... Terrible !! One of the worst support, I've seen in recent times .. It's rather unfortunate, when a good product is marred by poor support ...
-
@BRRABill said in SMB firewall options:
@scottalanmiller said
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM.BTW, at MC you mentioned $10K as an entry point to PA.
We have the PA-200 and it was less than $3K.
And like $1.2K ongoing a year for subscriptions, support, etc..
Wish ours was that cheap.
-
@BRRABill said in SMB firewall options:
@scottalanmiller said
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM.BTW, at MC you mentioned $10K as an entry point to PA.
We have the PA-200 and it was less than $3K.
And like $1.2K ongoing a year for subscriptions, support, etc..
Not so bad!
-
@BBigford we use Peplink BPL-ONE-CORE. Its been pretty nice and their support has been great. We have ~65 users total
-
@Jason said in SMB firewall options:
@BRRABill said in SMB firewall options:
@scottalanmiller said
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM.BTW, at MC you mentioned $10K as an entry point to PA.
We have the PA-200 and it was less than $3K.
And like $1.2K ongoing a year for subscriptions, support, etc..
Wish ours was that cheap.
The PA-200 is probably way under powered for you, though!
-
@BRRABill said in SMB firewall options:
@scottalanmiller said
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM.BTW, at MC you mentioned $10K as an entry point to PA.
We have the PA-200 and it was less than $3K.
And like $1.2K ongoing a year for subscriptions, support, etc..
Damn, that's what I paid for Sonicwall years ago.
-
@BBigford said in SMB firewall options:
@zuphzuph said in SMB firewall options:
Untangle.
You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense...
-
@zuphzuph said in SMB firewall options:
@BBigford said in SMB firewall options:
@zuphzuph said in SMB firewall options:
Untangle.
You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense...
Don't feel bad @zuphzuph - I installed Untangled at two NPOs and and if I could have found a small enough PC to run it at home years ago I would have. However - I was 'coerced' into not doing so and that it was a bad idea.
I have a UBNT ERL here at home now, I know one Untangled box I installed has been pulled, as it's now in the scrap pile here at home. Since it was hardware I had bought personally, they gave it back to me (minus the drives).
There are times though I still would like to have one running, just for giggles..
-
@Dashrender said in SMB firewall options:
@BRRABill said in SMB firewall options:
@scottalanmiller said
Partly why I like PA so much
But they do more than a traditional firewall, less then a "full" UTM.BTW, at MC you mentioned $10K as an entry point to PA.
We have the PA-200 and it was less than $3K.
And like $1.2K ongoing a year for subscriptions, support, etc..
Damn, that's what I paid for Sonicwall years ago.
You could have had a PA!!
Actually realized that the PA offices in Texas are very close to my house. Drove past them last night.
-
Like I said, the specs aren't the best for large places, but for us, way more than adequate.
Specs of the PA-200:
Firewall throughput 100 Mbps
Threat prevention throughput 50 MbpsIt's like anything ... yes, I could do it myself, but considering the importance, and what a great job they do, for me it was a good business decision.
