UTMs

[York]

Hi Everyone,

Thought this was better suited for this forum rather than the Network forum since this is much more of an enterprise question! We're currently going through a process of getting a 1Gbps bearer and 100Mbps backup put in place.

Initially we're likely to have 300-500Mbps activated, but its quite possible within the next couple of years that we'll be growing beyond that and so we're looking at new UTM options.

Currently we use a Juniper SRX240 with IPS and AV scanning subscriptions, but I'm not sure if the SRX650 is the best option to go to as it's AV scanning speeds (according to the datasheet) cap out at around 350Mbps.

I've spoken to a few sales people and we've currently been suggested Palo Alto, FortiNet and Astaro. The Astaro would be running on HP servers, while the other two are appliances (PA-4020 or a FortiGate-1000C).

I was just wondering if anyone had any hands on experience with them, how they compared to the Juniper SRX range and if there's anything else anyone would recommend is worth looking at?

 

[York]

Not a fan of PA/FortiNet - Astaro can't comment on.

Were upgrading our old Nokia CheckPoint to one of their new 2012 models, I'd recommend looking at them (They don't have the bad problems some of the UTM-1s had, they are better like the older Nokias). The ONLY caveat is that you have to cluster them (you don't but I wouldn't run them without it) - we had some problems with some clients that would have taken them out of action for a while but the clustering worked so well and it makes them much easier to work with on a day-to-day basis

- GP

Have to say Checkpoint wasn't someone I'd considered. We use them for our laptop encryption so will have to have a look at their appliances. How easy to use do you find them? Any suggestions for a good reseller?

Currently running a PA2020 and two PA500s. I've also got a Fortinet 40C about to go into a branch site. Palo Altos have been great, especially PANOS v4 has had a few nice tweaks such as the addition of native kerberos real-time authentication for AD.
The Fortinet interface is less user friendly imo, but the boxes themselves are very good. They also offer a few features not on the PAs, like web caching which might be useful if you're on 95th Percentile billing

How'd you rate the PA's vs the Fortigates? How hard are the two CLIs/GUIs to master? Any particular gotchas with either unit?