Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?

dave247

Hi guys. There was a post a while back where someone asked for suggestions to improve their network security. I got into a nice discussion/argument with Scott about UTMs, SonicWall and router/firewall stuff. Long story short, I've been slowly considering replacing my company's SonicWall an re-designing the whole security setup.

First, we are a small company of under 100 users, but we are also a financial institution, so security is especially critical. The admins before me had previously installed a SonicWall NSA 2400, which was later upgraded/replaced by a NSA 3600. Actually, we have two of these SonicWalls connected together for high hvailability/failover, but they act as one unit.

Currently, we have three WAN connections that connect to the SonicWall and that feeds our LAN and WLAN with Internet. We also use the SonicWall for static routes to a couple of 3rd party VPN routers. There are a boat-load of firewall rules and NAT policies which I have been slowly auditing. Many of them have turned out to be stagnant and no longer needed. Documentation here has been pretty bad so I'm making sure I've got all that cleared up before I make any big changes.

So far, I do like the SonicWall because of the simplicity of having everything in one device, but at the same time, I kind of hate it. It has an external security log analyzer system (called GMS Analyzer) which spits out custom reports, but displays information in the worst possible way, such that it's barely useful. I feel like I am pretty blind to any real security issues so I absolutely need something better in this area.

What I am after now is I would like to start considering some new hardware products/configurations that could be better for diving up the roles shared by the SonicWall.

So, can I get some suggestions on how I should be setting up the router/firewall & threat management pieces?

For clarity, here is a list of things we use the SonicWall for:

• Routing/NAT/Firewall (X1 LAN interface is our LAN's default gateway)
• Incoming WAN connections
• Wireless access management - (using SonicPoint APs)
• Gateway AV
• IDS/IPS
• SSLVPN
• Content filter
• Botnet filter
• Anti-spyware
• Security event analyzing & reporting

Note: we do also have regular antivirus running in our environment, as well as 3rd party email spam filtering, and a SIEM, so we don't just rely on the SonicWall for security.

dave247

or maybe I should just leave it as is, I don't know.

dafyre

Auditing the rules is never a bad idea!

If you're not experiencing performance issues, then why the push to change?

scottalanmiller

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

dave247

@dafyre said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Auditing the rules is never a bad idea!

If you're not experiencing performance issues, then why the push to change?

Well I just want to do things better if possible. Also, I need something that can put out better security reports.

dave247

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Additionally, if I were to switch to something like Palo Alta, do these devices have similar setup such as the SonicWall where I can directly connect our WAN modems? I'm looking at their racks now, it kinda looks like they do..

scottalanmiller

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Industry leader, they basically invented the UTM idea. Top enterprise player.

dave247

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Industry leader, they basically invented the UTM idea. Top enterprise player.

They look like they're a lot cheaper than SonicWall too..

scottalanmiller

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Industry leader, they basically invented the UTM idea. Top enterprise player.

They look like they're a lot cheaper than SonicWall too..

That's kinda crazy, lol.

Dashrender

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Industry leader, they basically invented the UTM idea. Top enterprise player.

They look like they're a lot cheaper than SonicWall too..

huh - that would be amazing if that's the case. Make sure you size it right for your situation.

dbeato

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Industry leader, they basically invented the UTM idea. Top enterprise player.

They look like they're a lot cheaper than SonicWall too..

What Sonicwall and Palo Alto are you comparing? The models might be the comparison for me.

dave247

@dbeato said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Keeping to the same basic strategy, I'd want Palo Alto in there. You can do the HA like the SonicWall, but far more secure and enterprise grade. The SonicWall is really an SMB device, which is fine as you are an SMB, but as a financial institution, I might be wanting something a little more serious.

I've heard you mention Palo Alto before. Any reason why you suggest them? (I will also do some research).

Industry leader, they basically invented the UTM idea. Top enterprise player.

They look like they're a lot cheaper than SonicWall too..

What Sonicwall and Palo Alto are you comparing? The models might be the comparison for me.

Well, I looked at prices on ebay (which I know is not the best place to do a comparison) but people tend to price things relative to how expensive they were or currently are worth. I should have just said that the Palo Alto hardware appears cheaper than the SonicWall hardware. I have no idea how much support or service subscriptions cost.

I know that our SonicWall NSA 3600 hardware was around $4,500 for each of the two units, then there was a subscription and maintenance cost which was probably a couple thousand combined. Not sure how much it costs to get support or subscriptions on the Palo Alta devices. Maybe it does cost more than SonicWall after all the other things that would need to be purchased. I have no bloody idea.

scottalanmiller

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Well, I looked at prices on ebay (which I know is not the best place to do a comparison) but people tend to price things relative to how expensive they were or currently are worth.

I don't know if that's true. Pricing on eBay are often insane. People asking $1,000 for a device worth $20 just because they hope that someone is confused.

coliver

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Well, I looked at prices on ebay (which I know is not the best place to do a comparison) but people tend to price things relative to how expensive they were or currently are worth.

I don't know if that's true. Pricing on eBay are often insane. People asking $1,000 for a device worth $20 just because they hope that someone is confused.

Also known as the Cisco model.

dave247

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Well, I looked at prices on ebay (which I know is not the best place to do a comparison) but people tend to price things relative to how expensive they were or currently are worth.

I don't know if that's true. Pricing on eBay are often insane. People asking $1,000 for a device worth $20 just because they hope that someone is confused.

hahahaha you're so right. I guess really, it was just a comparison starting point. Probably not a good idea, but it's the only way I could quickly get a $ figure.

scottalanmiller

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@scottalanmiller said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

@dave247 said in Suggestions on replacing UTM device (SonicWall) and rebuilding security systems?:

Well, I looked at prices on ebay (which I know is not the best place to do a comparison) but people tend to price things relative to how expensive they were or currently are worth.

I don't know if that's true. Pricing on eBay are often insane. People asking $1,000 for a device worth $20 just because they hope that someone is confused.

hahahaha you're so right. I guess really, it was just a comparison starting point. Probably not a good idea, but it's the only way I could quickly get a $ figure.

Yeah, I don't know who has MSRP on those.