Hardware Firewall

doggs · 9 Dec 2009 at 15:17

I'm looking for a hardware firewall for a business with around 75 users. We have a couple of remote users.

Any suggestions or recommendations?

Phemo · 9 Dec 2009 at 15:49

Juniper SSG or SRX series

#Chri5# · 9 Dec 2009 at 16:48

SonicWall NSA 2400 (or higher).

lixxus · 9 Dec 2009 at 17:20

try pfsense. they have just recently released their new firewall version 1.2.3

Sin_Chase · 9 Dec 2009 at 17:28

I have a funny feeling the OP wants an appliance as opposed to building a Linux box and configuring it as a firewall.

doggs · 9 Dec 2009 at 17:52

Thanks for the replies.

Yep, Sin Case is right. We currently use a Linux box with Smoothwall, but now looking to get an appliance.

The SonicWall NSA 2400 looks like the sort of thing we're after. Had been looking at the ZyXEL ZyWALL USG 300, anyone used these?

Sin_Chase · 9 Dec 2009 at 17:57

We use SonicWalls and I never have any issues with them. Never need rebooting, nice and tidy GUIs and just work.

derfderfley · 9 Dec 2009 at 18:37

Cisco ASA5505, if you only have a couple of remote users it would we worth setting up the anyconnect RA vpn rather than the traditional ipsec RA vpn.

philjohn · 9 Dec 2009 at 19:03

The Draytek business stuff is ok, fairly inexpensive too (DrayTek 3300V Firewall which has 4 wan ports, up to 200 concurrent encrypted VPN tunnels, firewall etc. can be had for about £350).

paradigm · 9 Dec 2009 at 19:17

Sin_Chase said:
We use SonicWalls and I never have any issues with them. Never need rebooting, nice and tidy GUIs and just work.

Whereas I'd say the complete opposite. The way its rules and policies work is just backwards, the interface is complete guff, and whilst you can telnet to it, the CLI is that random it is hard to get to grips with unlike cisco kit.

I can't wait to get rid of our Sonicwall PRO 3060. Worst non-consumer piece of networking hardware I've ever had the displeasure to use.

bigredshark · 9 Dec 2009 at 19:45

Juniper, no argument. Pro's will prefer the SRX as it's a JUNOS box, but the ScreenOS based SSG series will suit small business better.

I wouldn't touch many other firewalls, ASA is still a really exasperating product just as the PIX was, it's not a terribly powerful product, it uses different concepts to most firewalls and it's not particularly intuitive. Sonicwall/Watchguard I still regard as toy firewalls, they might be OK for small business but find me a enterprise which uses them. An honourable mention for Fortigate who make some interesting boxes but the GUI and command line both disagree with me. Checkpoint still have real pedigree and are powerful boxes but I can't think of a reason you'd use them in a new install out of preference.

And those are pretty much the only serious players that come to mind...

Depending on your bandwidth and other needs, I'd say a SSG20/SSG140 would do you fine (SSG20 is small but I've seen bigger organisations than 75 users use them very successfully as edge firewalls, SSG140 should definitely do).

#Chri5# · 9 Dec 2009 at 21:30

paradigm said:
Whereas I'd say the complete opposite. The way its rules and policies work is just backwards, the interface is complete guff, and whilst you can telnet to it, the CLI is that random it is hard to get to grips with unlike cisco kit.

I can't wait to get rid of our Sonicwall PRO 3060. Worst non-consumer piece of networking hardware I've ever had the displeasure to use.

Interested to know what upsets you with the NAT policies and rules?

Is the 3060 your only kit? Things have moved on with the NSA appliances.

BRS, what do you class 75 users as? That's SMB in my book. Gartner have SonicWall, Fortinet and Watchguard as the leaders in their Magic Quadrant for SMB firewalls/UTM.

http://www.gartner.com/technology/media-products/reprints/sonicwall/vol3/article1/article1.html

ethos · 9 Dec 2009 at 21:44

Def work having a look at the Watchguard Firebox X-Core E-series:

http://www.watchguard.com/products/core-e/compare.asp?p1=x1250e&p2=x750e&p3=x550e

bigredshark · 9 Dec 2009 at 22:03

#Chri5# said:
Interested to know what upsets you with the NAT policies and rules?

Is the 3060 your only kit? Things have moved on with the NSA appliances.

BRS, what do you class 75 users as? That's SMB in my book. Gartner have SonicWall, Fortinet and Watchguard as the leaders in their Magic Quadrant for SMB firewalls/UTM.

http://www.gartner.com/technology/media-products/reprints/sonicwall/vol3/article1/article1.html

Small business in my book, I've no doubt they do well because they're cheap and have a spec sheet which says they do everything on earth. That doesn't mean they do many (or any) of those things particularly well unfortunately. It bothers me they have no penetration of the enterprise space (compared to the bigger names) where people tend to have more of a clue, that's not coincidence I fear.

Juniper have a big chunk of the high end market and it's the same software running on the base SSG and SRX products that's running the top end $1m units, they've got some pedigree.

Now part of this is me being a network snob and regarding anything other than my chosen few providers as not serious contenders and makers of toy equipment. But I design high end networks for a living and there's good reasons and a lot of experience behind my choices of providers.

My advice is Juniper as a first choice but Fortigate are worth a look too, maybe Cisco if you have previous Cisco experience and get on with their firewalls...

None of that's to say there aren't people with Sonicwall's who have no problems at all, just personally I wouldn't touch them...