<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Great Walls of Fire!

Published on
10,683 Points
3,983 Views
7 Endorsements
Last Modified:
Approved
Community Pick
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-point wireless. It didn’t seem to make a lot of sense to me to have a fancy high end firewall at the main office, then basically open up a back door to it by leaving a cheap one in place at the satellite office.

Tell me more ... no seriously
Whilst shopping around for a decent firewall at a reasonable price I found a common theme with the sales pitch. The emphasis seemed to be on the brand name and jargon. Then about halfway down the page in tiny print, that seems to get tinier every year now, they put the actual specs.

After you think you have found a real bargain, you find out in the tiny print at the bottom of the page that it only allows 5 users or some ridiculously low number. I would think that a highly valuable morsel of data like that would be right under the pretty picture of the product.

The cost of it all
Another annoying thing not uncommon to network hardware and software is the lack of a price tag on a lot of stuff. I guess it follows the old adage that "if you have to ask how much it costs, you can’t afford it" ... or some such nonsense. But I like knowing how much things cost in order to fairly compare similar products. Cost is a big factor to most businesses.

The people who are buying these things have their big boys pants already and are aware that such things cost a fair amount of money.

Is it too much to ask that they tell me what something costs without having to talk to some salesperson for sometimes up to 20 minutes? Most of the time the salespeople don’t actually know anything about the technical details of what they are selling.

Notice to companies that are trying to pry money from my tight fist – tell me how much it is when I ask and don't try to give me something like convoluted TCO (Total Cost of Ownership) sales pitch stuff or I will move on to the next one on the list. Trust me, I know how to do math on my own, I don't need a salesperson to educate me.

Doesn't impress me much
Another thing I should tell people that want to sell me a firewall, or any other high end computer stuff on the internet, it doesn't impress me when a site looks like it was made in 1997 as a college kid’s website class homework, nor does a ton of flash navigation. If I feel like I fell into a worm hole and ended up at the beginning of the internet tubes or like I just popped a video game into my console, I am not sticking around to decipher your site.

The basics
These are the things that I need to know in order to make an informed decision about a firewall. The sort of things should never be hidden at the bottom of the page in tiny print, nor should I have to call someone to find out.

1. How many concurrent users can it support with the default licensing that comes with the product. If it is unlimited, that is a big selling point. If it only comes with 5 user licenses, I need to know how much additional ones cost, or how little they cost (see, this could be a selling point too).

2. The cost of the device. It is a key part of the decision making process.

3. The number of physical WAN and LAN connections it supports. Though it may not seem like it , it is important to know how many ports are on the device so you know how much control you can have on your network with just the one device, also if you have or plan on having a secondary internet connection as a failover or for certain ports / IPs.

For example, my main server room has 2 internet connections, DSL and cable. The DSL one is solely for the use of the Exchange Server, except in the case of one or the other connections being down, then the firewall switches everything to the one that is up, then back when the connection is restored. If I had to replace that one for whatever reason, it would be very important to me to know that the new device had 2 WAN plug ins and could handle 2 connections with failover.

4. What sort of stuff can it do e.g.,;
        a. Can I manage the individual LAN ports or is that part just a simple switch?
        b. Can it be setup relatively easily with failover on the WAN connections?
        c. Does it come with at least setup support or does that cost extra?

Basically anything that will cost me money will play into Total Cost of Ownership and finding these things out shouldn't be hard or painful.

My end result
I spent days straining my eyes from reading small print and practically getting brain damage from trying to figure out  nearly indecipherable sites. I even broke down and called a salesperson or three to hear a mangled version of what I just read on their site, only to get sticker shock at the end of a long and sometimes painful sales pitch.

After all that, I decided that all I needed was a fairly simple firewall solution, so I ended up buying a refurbished 1U Compaq Proliant rack server for $250 and loaded it with the free open source Smoothwall firewall. That took me a few hours and was a minor headache, but nothing compared to the headache I endured when dealing with vendors that were more interested in selling to me than talking to me.

Even if vendors won't change their ways, I hope this helps you ask the right questions and get what you want without eyestrain or brain damage.  
 
7
Comment
Author:Bob Stone
10 Comments
LVL 76

Expert Comment

by:Alan Hardisty
Voted helpful.
0
LVL 38

Expert Comment

by:younghv
Goodness Gracious, this is good stuff!!!
(No one under 50 will know WTH I'm talking about.)
:)

Another 'use it now' Article - thanks for putting it together.

"Yes" vote above.
0
LVL 6

Expert Comment

by:montezz
Voted Helpful
Author - I completely agree. You need an unbiased, knowledgeable reseller. Unfortunately, talking directly to vendors is a nightmare. We use CDWG.
0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

LVL 4

Expert Comment

by:Sean_D76
You just need a consultant that's been around the block long enough to have tinkered with the major brands and isn't too entrenched with one of the other.  That being said, few of them are perfect.  Sonicwall is very reasonably priced but I question there longevity. A good Netscreen will last you forever but are a little expensive for the features they provide.  I like your Smoothwall solution, used to run that home for years and years until a friend turned me onto pfSense.  Since your obviously not afraid to setup and run a software firewall you should definitely check out pfSense.  Its BSD based, has really effective QoS, is rock solid, and full featured.
0

Expert Comment

by:ITGUY57
A little late to the party, but your insight has been very helpful.
0
LVL 9

Author Comment

by:Bob Stone
Glad to hear that it has been helpful. Thanks =o)
0

Expert Comment

by:cc_sam
this is very helpful
0
LVL 6

Expert Comment

by:SkykingOH
In my opinion if you ended up spending $250.00 on an EOL server to run your firewall you were never serious about the endeavor.

This is exactly why enterprise gear is not sold as a commodity.

All of the major vendors sell their equipment through highly qualified channel partners.  Anything else is grey market.  These partners will insure that the equipment is installed properly and performing to specification.

IMHO choosing a channel partner is more important than the actual hardware that is being installed.  

Do you not have a relationship with a vendor partner?  

It's easy to bash on Cisco, Juniper et al.  To say the least they set high barriers to entry.

If you got what you wanted out of the recon gear and Open Source firewall more power to you, however it carries significant business risks since no entity is accountable for the product.  

0
 

Administrative Comment

by:younghv
SkykingOH:
You may feel free to offer your "opinion" on the technical merits of an Article, but please do not comment on the intent of the Author.

Perhaps you should consider submitting an Article of your own to fully express your technical advice.

younghv
Page Editor
0
LVL 9

Author Comment

by:Bob Stone
I do have a relationship with several vendors and have with numerous vendors in the past. Unfortunately vendors require you to go through a reseller. When I deal with a reseller most generally it is one of them making me jump through hoops repeatedly, seemingly for their amusement at times. Resellers come and go all the time. The superstar reseller who could get anything fast, cheap, and easy last year is out of business now.

As for dealing directly with vendors, that doesn't happen because they don't want to talk to peon IT people like me. I can't even renew enterprise AV without finding a new reseller (again) because the one I used last year bounces every email and the phone is routed to operator that tells me they vacated the offices 6 months ago with no forwarding.  

I currently have several Cisco firewalls and a very nice (read: damn expensive) SonicWall firewall. I have had appliances by Juniper, Avaya and a few other obscure names only an old school IT person would recognize. The fact that I used recon hardware and OpenSource software to seal a potential hole in a remote office doesn't mean I used bubble gum and baling wire. Contrary to what big name vendors think, experienced IT people can build their own stuff that actually works. Also  OpenSource doesn't mean it is like Swiss cheese that any script kiddie can poke into. It wasn't that long ago that Cisco firewalls had a huge TCP vulnerability that allowed numerous break-ins.

Truth is, nothing is 100% safe, and anyone who thinks that a shiny nameplate makes you safe is a fool.

0

Featured Post

Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

Join & Write a Comment

When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
I've published three five-minute Experts Exchange video Micro Tutorials that describe terrific features in an excellent, free PDF product called PDF-XChange Editor: How to rotate pages in a PDF with free software (https://www.experts-exchange.com…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month