The UTM Thread

Caged

Caged

Caged

Man of Honour
Joined
18 Oct 2002
Posts
26,570
It's time to discuss this particular buzzword. For people wanting a brief overview, UTM generally implies a product with features a step above a pure router or firewall - generally it will be a single-box solution that can handle QoS, VPN (client and site-to-site), web filtering, AV, etc., on top of the standard NAT/routing duties. A few devices are popping up aimed at the small to medium size business end of the market that also include wireless controllers but it's incredibly rare that anybody who is good at UTM boxes can also produce a decent AP - the only exception to this rule is Meraki, but that's not really a system where the appliance is also a wireless controller.

My experience lies mainly with Sonicwall and Meraki, neither of which I'm hugely happy with. The Meraki MX series are great until you start scratching the surface, and firewall rules quickly become unmanageable, and they really struggle to keep their documentation up to date with the product. I've heard good things about the new Sophos/Astaro boxes as well but not had a chance to use one yet. Hopefully the UI demo site doesn't do it justice.

Anybody got any Juniper experience?
 
What are your negatives on SonicWall?

I work for a SonicWall reseller, so obviously like them but I'm not blind for some of the shortcomings and foibles they have.

We've never really used the SonicWall APs, though I am currently reviewing our choice of AP (and associated management). Plenty of choice to say the least!
 
Good thread - I'm currently in the market for a UTM for a client deployment - mainly to block incoming virus/malware and for client VPN access.

I've been playing with the Sophos demo UI on their site - next step is to spin the free version up in a VM.

I do some work for another client that are a Fortinet house - the VPN client I use to connect to them is v stable and works well, but I don't know much more than that.

There are some good threads about this on Spiceworks - with a lot of people saying that Watchguards are a bit buggy.

This set of blog posts from someone searching for a replacement for Forefront TMG is pretty good - includes reviews for Untangle, SmoothWall Baracuda, Kemp and Sophos (which ultimately won) - although getting a bit out of date now:
https://www.winsec.nl/2013/01/16/securing-edge-post-tmg-world/
 
#Chri5# said:
What are your negatives on SonicWall?

I work for a SonicWall reseller, so obviously like them but I'm not blind for some of the shortcomings and foibles they have.

We've never really used the SonicWall APs, though I am currently reviewing our choice of AP (and associated management). Plenty of choice to say the least!
Click to expand...

I really dislike the granularity of the feature licensing approach of the Sonicwalls, when features that would generally go hand-in-hand are separate licensable features. That and the UI is pretty bad all things considered - it's powerful but the developers haven't quite worked out how to expose that power in a nice way. I've not tried the 5.9x firmware track yet but from what I've heard it's an attempt at a UI update but it's a mess of Dell and Sonicwall branding at the moment.

Little things like rules opening in a popup window, but reusing that same window so it's impossible to compare two side-by-side get really irritating.

Sonicpoints are terrible as well.
 
We use fortinet in house (from checkpoint last year) as the subs where getting stupid money.

Full HA active/passive firewalls.

So far soo good. Though with the checkpoint, it just sat there and rarely needed rebooting (once every 2-3 years)

With Fortinet updates its probably rebooted every 3months (no down it flips over to the other HA firewall)
 
nickcardwell said:
We use fortinet in house (from checkpoint last year) as the subs where getting stupid money.

Full HA active/passive firewalls.

So far soo good. Though with the checkpoint, it just sat there and rarely needed rebooting (once every 2-3 years)

With Fortinet updates its probably rebooted every 3months (no down it flips over to the other HA firewall)
Click to expand...

Can I ask what model device you have in place? Also is the pricing based on cost of device + subscription to features/support?
 
Fortinet and Cyberoam (now bought by Sophos so guessing they are the Sophos product?) are the only UTMs I've dealt with in the past, seem ok.

Only really deal with dedicated IPS stuff now though.
 
Sophos took over the Astaro range.

Their APs are actually very good, been running them for several months now.
 
neil_g said:
Sophos took over the Astaro range.

Their APs are actually very good, been running them for several months now.
Click to expand...

They top out at a 2 spatial stream dual-band n with inflexible mounting options and a requirement for PoE+, it doesn't look like they are taking that product range seriously at all.
 
jameshurrell said:
Can I ask what model device you have in place? Also is the pricing based on cost of device + subscription to features/support?
Click to expand...

We have just implemented a pair of 600c Fortigates as our gateway firewalls. Yeah you buy the device and then pay a subscription to get the AV, IPS features and updates etc. we won't be using the Web or Email features as we have other solutions in place.

They are so easy to use - the HA was setup in about 5 mins and the SSL VPN in about 20 despite me never having used one before.

I'm also impressed that we can use them to load balance to back end web servers. It wasn't seething we considered when we bought them but we will be using the functionality.
 
I saw the Sophos utm at a sophos conference in london a few years ago. It looked like a good product, i like the branch router feature. Basically you have a self contained box that you plug in at branch officers and these routers connect automatically to the main utm device and configure themselves with ipsec tunnels between them linking them up. Its completely automatic and looked so easy to set up.

I am not sure if pfsense falls under utm but it can do more than a firewall, av, web filtering, IDS, captive portal, ntop and much more.
 
Not really UTM I guess so may not be for this thread, but anyone using any of the bigger IPS kit from the likes of McAfee, Sourcefire, IBM etc?
 
We have just ordered up a couple of FortiNet 800C Appliances and a FortiAnalyzer.
They will be replacing a mixture of Checkpoint and TMG.

From what I have seen of the product in demo's etc, it looks like a good solution.
 
See if Softcat do the hardware or if they are just a software partner. They are great at everything else so I don't see why they wouldn't also be good for hardware.
 
Caged said:
They top out at a 2 spatial stream dual-band n with inflexible mounting options and a requirement for PoE+, it doesn't look like they are taking that product range seriously at all.
Click to expand...

mounting options are limited i agree. poe not so much of an issue as they supply their own power injectors.

Caged said:
See if Softcat do the hardware or if they are just a software partner. They are great at everything else so I don't see why they wouldn't also be good for hardware.
Click to expand...

yes softcat do the hardware too.
 
You must log in or register to reply here.
Back
Top Bottom