• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 797
  • Last Modified:

Need a firewall appliance recommendation for a small but growing business

Hi all,

I have been searching reviews of firewalls and the amount of info on small to mid-size office firewall appliances is huge.  So huge that it is hard to find the "good info".  Hopefully you all can help...

I am looking to replace an existing Sonicwall TZ170 firewall at my place of business.  Currently we have 26 employees and we are growing.  We expect to double in a year and hopefully double again in another year.  So I'd like to plan for an appliance that can easily support 100 active Internet users.  Our environment today is like this:

- Internet connectivity: 12 channels of a T1 (768kbps)
- VPN usage: Some use the Sonicwall client while others use OpenVPN (I think we'll end up using OpenVPN in the future for business reasons)
- Services hosted behind our firewall: Our public website, email, OpenVPN, and "our product" (which doesn't require much bandwidth)

At any given time we have about 2-4 incoming Sonicwall VPN users and 50 OpenVPN users.  Yes, we do have about 50 active OpenVPN sessions running most of the time.  This OpenVPN number is going to continue to grow (more rapidly than our employee growth for sure).

The Sonicwall has proved to be useful as a firewall, but poor as a VPN server.  It is unstable when it reaches about 10 VPN sessions.  This is partly why we were planning on phasing our its VPN capabilities and go to OpenVPN for everything.

So, this is what I would LIKE in a new firewall:

- WAN load balancing
     - Both for incoming and outgoing traffic (so I imagine this means it must support BGP routing)
     - It would also be nice if I could set up rules such that I can direct certain outgoing traffic to use one pipe primarily.  This would allow me to purchase a cheaper high-speed broadband connection and direct all internal users to browse the web and do FTP over it, leaving the T1 free for supporting the VPN users
- Support for at least 50 IP nodes to start and the ability to upgrade to more
- Failover support - I'd like a product that could be set up in some kind of high-availability mode so I can take one down for maintenance, if needed.
- Support for at least 15Mbps of Internet traffic
- Not overly expensive (I'd really like to keep this under $1,000 and definitely no more than $2,000)

I think that covers the basics of what I need.  I don't care as much about the ability to do Antivirus, Antispam, or anything of that jazz.  I just need a good, solid unit that can replace this TZ 170.

FYI - I have heard good things about the Netscreen-5GT, but I'm not sure if it definitely handles my WAN load balancing issue.

Thanks everyone!
  • 4
  • 2
  • 2
2 Solutions
Frpm ypur requirements list, I wonder whether Hotbrick's appliance would meet your needs.


The technical specs are:

WAN Ports       2
LAN Ports       4
Maximum User Limits       253
VPN Tunnels       
Recommended Users       70
Auto FDI/FDI-X       
Load Balance / QoS       
RAM       16
FLASH       1 Mb
Firewall Throughput       44 Mbps
Concurrent Connections       100.000
Transparent Mode       
Network Address Translation       
Dos, DDoS Protection       
WEB Filter Blocking       
Custom WEB blocking       
Malicious Code Filtering       
SPI Firewall       
Firewall Rules       200
User Groups       5
Networking Support       
VPN Client pass through       
PPPoE Support       
L2TP Support       
DHCP Client       
Static IP       
Managment Method       Web
Remote Managment       Web w/ port choice
SNMP Management       V.2, MIB 2
E-mail alert       
IP-Sec VPN       
Encryption Methods       DES/3DES/AES
Prevent Replay Attacks       
Other Features       
Price       US$ 219.00
and you can read the balance of the description on that page.
They have other models that offer more VPN tunnels, if needed.
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

masterbakerAuthor Commented:
To Davidis99 - Thanks for the link to the Hotbrick product.  I think this could do the job, but the company doesn't seem as "established" as I'd like.  I'd like to get something that is known industry-wide and has a good upgrade path.  The price is sure good though!

To Jabiii - Thanks for all of the info there.  I think I am leaning toward the Netscreen products.  The 5GT seems like a good, entry level solution for us.  I have been having a hard time finding out exactly which model to get.  Do you know what you get with the Extended feature set?  I can't seem to find anything on their website that explicity says what you get with the standard "Plus" version and what you get with the "Extended" version.

Thanks to both of you!

Check this out.
Other differences between the plus and extended are found on the data sheet.
Let me know if that helps.
License Options
The NetScreen-5GT Series is available in licensing options to support different numbers
of users.
Licensing Options                      Description
10 user Product license             Limits capacity to 10 concurrent users
Plus Product license                  Increases capacity to an unlimited number of users
Extended Product license          Increases sessions and VPN tunnel capacities to 4000 and 25 respectively. Adds a DMZ zone and HA lite (no session synchronization)
masterbakerAuthor Commented:
Before I close this out, do you guys have any experience with Symantec firewall appliance products?  I was looking at either the SGS 460R or the 1620.


Nope sorry.

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now