Great Walls of Fire!

Published on
10,849 Points
7 Endorsements
Last Modified:
Community Pick
I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-point wireless. It didn’t seem to make a lot of sense to me to have a fancy high end firewall at the main office, then basically open up a back door to it by leaving a cheap one in place at the satellite office.

Tell me more ... no seriously
Whilst shopping around for a decent firewall at a reasonable price I found a common theme with the sales pitch. The emphasis seemed to be on the brand name and jargon. Then about halfway down the page in tiny print, that seems to get tinier every year now, they put the actual specs.

After you think you have found a real bargain, you find out in the tiny print at the bottom of the page that it only allows 5 users or some ridiculously low number. I would think that a highly valuable morsel of data like that would be right under the pretty picture of the product.

The cost of it all
Another annoying thing not uncommon to network hardware and software is the lack of a price tag on a lot of stuff. I guess it follows the old adage that "if you have to ask how much it costs, you can’t afford it" ... or some such nonsense. But I like knowing how much things cost in order to fairly compare similar products. Cost is a big factor to most businesses.

The people who are buying these things have their big boys pants already and are aware that such things cost a fair amount of money.

Is it too much to ask that they tell me what something costs without having to talk to some salesperson for sometimes up to 20 minutes? Most of the time the salespeople don’t actually know anything about the technical details of what they are selling.

Notice to companies that are trying to pry money from my tight fist – tell me how much it is when I ask and don't try to give me something like convoluted TCO (Total Cost of Ownership) sales pitch stuff or I will move on to the next one on the list. Trust me, I know how to do math on my own, I don't need a salesperson to educate me.

Doesn't impress me much
Another thing I should tell people that want to sell me a firewall, or any other high end computer stuff on the internet, it doesn't impress me when a site looks like it was made in 1997 as a college kid’s website class homework, nor does a ton of flash navigation. If I feel like I fell into a worm hole and ended up at the beginning of the internet tubes or like I just popped a video game into my console, I am not sticking around to decipher your site.

The basics
These are the things that I need to know in order to make an informed decision about a firewall. The sort of things should never be hidden at the bottom of the page in tiny print, nor should I have to call someone to find out.

1. How many concurrent users can it support with the default licensing that comes with the product. If it is unlimited, that is a big selling point. If it only comes with 5 user licenses, I need to know how much additional ones cost, or how little they cost (see, this could be a selling point too).

2. The cost of the device. It is a key part of the decision making process.

3. The number of physical WAN and LAN connections it supports. Though it may not seem like it , it is important to know how many ports are on the device so you know how much control you can have on your network with just the one device, also if you have or plan on having a secondary internet connection as a failover or for certain ports / IPs.

For example, my main server room has 2 internet connections, DSL and cable. The DSL one is solely for the use of the Exchange Server, except in the case of one or the other connections being down, then the firewall switches everything to the one that is up, then back when the connection is restored. If I had to replace that one for whatever reason, it would be very important to me to know that the new device had 2 WAN plug ins and could handle 2 connections with failover.

4. What sort of stuff can it do e.g.,;
        a. Can I manage the individual LAN ports or is that part just a simple switch?
        b. Can it be setup relatively easily with failover on the WAN connections?
        c. Does it come with at least setup support or does that cost extra?

Basically anything that will cost me money will play into Total Cost of Ownership and finding these things out shouldn't be hard or painful.

My end result
I spent days straining my eyes from reading small print and practically getting brain damage from trying to figure out  nearly indecipherable sites. I even broke down and called a salesperson or three to hear a mangled version of what I just read on their site, only to get sticker shock at the end of a long and sometimes painful sales pitch.

After all that, I decided that all I needed was a fairly simple firewall solution, so I ended up buying a refurbished 1U Compaq Proliant rack server for $250 and loaded it with the free open source Smoothwall firewall. That took me a few hours and was a minor headache, but nothing compared to the headache I endured when dealing with vendors that were more interested in selling to me than talking to me.

Even if vendors won't change their ways, I hope this helps you ask the right questions and get what you want without eyestrain or brain damage.  
Author:Bob Stone
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free