Need a firewall appliance recommendation for a small but growing business
Posted on 2006-05-04
I have been searching reviews of firewalls and the amount of info on small to mid-size office firewall appliances is huge. So huge that it is hard to find the "good info". Hopefully you all can help...
I am looking to replace an existing Sonicwall TZ170 firewall at my place of business. Currently we have 26 employees and we are growing. We expect to double in a year and hopefully double again in another year. So I'd like to plan for an appliance that can easily support 100 active Internet users. Our environment today is like this:
- Internet connectivity: 12 channels of a T1 (768kbps)
- VPN usage: Some use the Sonicwall client while others use OpenVPN (I think we'll end up using OpenVPN in the future for business reasons)
- Services hosted behind our firewall: Our public website, email, OpenVPN, and "our product" (which doesn't require much bandwidth)
At any given time we have about 2-4 incoming Sonicwall VPN users and 50 OpenVPN users. Yes, we do have about 50 active OpenVPN sessions running most of the time. This OpenVPN number is going to continue to grow (more rapidly than our employee growth for sure).
The Sonicwall has proved to be useful as a firewall, but poor as a VPN server. It is unstable when it reaches about 10 VPN sessions. This is partly why we were planning on phasing our its VPN capabilities and go to OpenVPN for everything.
So, this is what I would LIKE in a new firewall:
- WAN load balancing
- Both for incoming and outgoing traffic (so I imagine this means it must support BGP routing)
- It would also be nice if I could set up rules such that I can direct certain outgoing traffic to use one pipe primarily. This would allow me to purchase a cheaper high-speed broadband connection and direct all internal users to browse the web and do FTP over it, leaving the T1 free for supporting the VPN users
- Support for at least 50 IP nodes to start and the ability to upgrade to more
- Failover support - I'd like a product that could be set up in some kind of high-availability mode so I can take one down for maintenance, if needed.
- Support for at least 15Mbps of Internet traffic
- Not overly expensive (I'd really like to keep this under $1,000 and definitely no more than $2,000)
I think that covers the basics of what I need. I don't care as much about the ability to do Antivirus, Antispam, or anything of that jazz. I just need a good, solid unit that can replace this TZ 170.
FYI - I have heard good things about the Netscreen-5GT, but I'm not sure if it definitely handles my WAN load balancing issue.