Firewall Recommendation Time

[Nikumba]

Our support contract for our Cyberoam firewalls is due in June, I know is only 5 months away but potentially changing firewalls can be time consuming.

We currently have an active/passive pair of Cyberoam CR1500ia which is one of their top tier products as we use to host our eCommerce platform internally, this has since been moved to Rackspace.

As such we probably do not need such large firewalls, so we are looking at alternatives, now the obvious choice would be to move over to Cisco ASA's but we have also been looking at the Dell SonicWall firewalls.

We have approx 20 site-to-site VPN's, end user VPN's are done by another appliance.

Most traffic outbound will be standard office web traffic and email, along with video feeds out to our content delivery partners, traffic to Rackspace is handled by a dedicated link so does not come near the firewall.

We currently have DMZ, LAN, WAN and Wireless sections on our firewall, mapped to network ports on the actually firewall then cabled to the DMZ switches or to the wireless controllers so this is something we will need to bare in mind.

We are waiting on pricing to re-new out support but in the meantime interested to hear from others about what they would recommend, suggestions etc.

Thanks

Kimbie

 

[Nikumba]

Budget wise, until we get the renewal quote through the budget will be hard to pin down.

In terms of through put, we have a 1gb fibre line out to the internet currently throttled to 200Mb so we will need to in theory handle the full 1gb if we open it up.

We currently have zones, so the wifi zone, network cable goes from a port on the firewall to the wireless switch, and we have access rules. so the guest network can access the internet but not our LAN, the office one can access the LAN but not the internet as internet access is handled through our proxy server.

We will need at a min 20 site to site VPN's, which are capable of having multiple subnets on both the source and destination.

Client VPN's are handled by a Sonicwall VPN endpoint, so the firewall just fowards the traffic straight to that device so does not handle client VPN traffic so to speak.

Will have a look at Fortigate as not really familar with their kit, we are also looking at Watchguards, Baracuda.

One thing we have liked about looking at the SonicWalls and a few other things is there are less like traditional firewalls and more dynamic in how they handle things.

Kimbie

 

[Nikumba]

In terms of support, we would be doing the day to day running of the firewall, so rule setup, VPNs etc and then any issues be it hardware, software would be referred back to the 3rd party.