Help recommend a firewall with bandwidth priority for users

Do you want to limit bandwidth for a selection of machines or users? User management is usually a bit harder on a firewall applicance, it is better done with a proxy. Personally I would keep your firewall and set up a linux box on a spare PC running Squid and force all users through it. It does great bandwidth limiting on a rolling schedule so users can feel like the web is running at full speed when doing general browsing but once they exceed a set quantity of data in a certain period of time, eg downloading music or video, they then get bandwidth limited. It does take a bit more work to make it user aware but it can be done and is free. Any commercial proxy will do user level throttling and quotas as well. Set up firewall rules to block any direct internet access for the users and only allow internet access from the proxy machine and you are done. You will probably find that the costs of setting up a proxy are less than replacing a hardware firewall and it gives you far more options for content filtering and reporting.

Regards
Ben

Have a look at the Cyberoam, great piece of kit.  Sorry don't agree that commercial proxies will offer this.  You need to identify the user to be able to provide bandwidth policies.

Regards

Jason

mortal, I can get the MAC addresses of all of the users and identify the ones I want unlimited bandwidth access for.  I will need a commercial hardware firewall with good content filtering.  I am happy with the SonicWall filtering subscription.  

Ben, I need unlimited bandwidth for a group of machines.  I am not sure what you mean by a "Proxy".

257Roberts, what if the user logs into a different machine?

I'm not worried about that, the uses do not switch machines around.  I only need unlimited bandwidth access to 7 or 8 machines.

I suggest you have a look at the cyberoam anyway.

Which model?

What is the support from Juniper like?  The support on our current SonicWall is terrible, with overseas personnel who cannot speak English well.

257Roberts

For forty users I would look at the 25ia or 35ia.  Have a look at the specs.  You should also be able to get the second years subscription for free as a trade-up from the sonicwall.  This is not the only Firewall product we sell and support but it is worth a good look at.

Jason

I have had no issues with Juniper support when I have needed them but I have also had a very good local reseller (Juniper Partners for the region) providing support both remotely and onsite which has been a great help. Once set up they are very intuitive to manage, I prefer the web based admin of the Juniper over the Cisco ASDM. I have also used Watchguard and Checkpoint devices and the Juniper cleans up from an ease of use perspective.

I am a fan but they dont suit everyone. Definitely give them a look.

Regards
Ben

PS, I have run over 80 people through a Juniper SSG 20 with a 10mbps fibre connection and secondary ADSL 2+ connection connected with an internal ADSL2+ module in the firewall itself. RAM sat under 50% and CPU under 10% with 4 VPN tunnels and about 50 ACL's across 4 security zones.

An SSG5 would easily handle 40 users without issue but is not quite as flexible as the SSG20 as the SSG20 has two modular multi purpose sockets. SSG5 and SSG20 will do 160mbps firewall and 40mbps IPSec VPN which is usually more than a 40 person office requires. There is a significant price jump to the SSG140 which is the next step up and I have never needed one (all my work has been primarily for companies of around 100 people in 4-7 locations and SSG5's and 20's have always been more than enough. I have never had more than 30mbps of internet bandwidth, you might)

Regards
Ben

What is the content filtering like on the Juniper?  The content filtering subscription for SonicWall is really good, just the support is terrible.  

Content filtering on the Juniper is limited as it is primarily a security and networking device, thus my previous mention of a proxy for content filtering. The juniper can do Anti Virus and Anti Spam and a certain amount of web filtering as in anti-malware and anti-phishing but it cannot read web site content and block porn for example.

Regards
Ben

I would need an firewall that has good website content filtering.

Have a look at the Cyberoam.  It is a great piece of kit.

Regards

Jason

Juniper have the SRX Series that do what you need but I have never used them. I have only used the SSG's so cannot vouch for them. As a Juniper user of SSG's and SSL VPN though, I doubt they got it wrong. I am interested in the Cyberoam as well myself after looking at them, I had never heard of them but they seem to cover a lot. The only complete security applicance I have experience with (I manage a couple of them) is Netbox Blue. They are an Australian but have partners in other countries. They could be worth a look.

Regards
Ben