Solved

Which Hardware Firewall do you suggest for small business ?

Posted on 2011-03-02
16
734 Views
Last Modified: 2012-05-11
I want inputs from network administrators who have been using the firewall which are similar to my environment:

- small business
- 30 users
- 2 web servers, around 20 customers logged into the website(8 hours a day)
- we have a T1 (1.5Mb upload /download) at present
- planning to add comcast business 10Mbps download / 5 Mbps Upload connection to the above



I am reading some posting in this website about Fortigate firewall  and Sonicwall firewalls.

- Let me know which one is good and user friendly( i hate CLI)
- Any other firewall suggestion is also appreciated

I might add more questions once I have inputs from experts
0
Comment
Question by:OCUBE
  • 5
  • 3
  • 2
  • +5
16 Comments
 
LVL 6

Accepted Solution

by:
DewFreak earned 145 total points
ID: 35017460
I would recommend a WatchGuard XTM 505

http://www.watchguard.com/products/xtm-5/overview.asp

This would be a solid solution for your application and it has room for growth.  I have used WatchGuard products professionally for over 10 years, installed over 400 devices and they have been solid with unmatched security.  Their VPN options are top notch for branch to branch and mobile users using PPTP, IPSEC, or SSL.

This also meets your non-cli criteria, as you do not have to use one unless you want.  
0
 
LVL 33

Assisted Solution

by:Todd Gerbert
Todd Gerbert earned 142 total points
ID: 35017478
We're currently using SonicWall NSA 240's for our 4 locations, they seem to do the job well (though I am less than impressed by their support group).  Previously we were using Cisco ASA's.  Both, I think, would be good choices for a small network.

The SonicWall has a pretty and fairly intuitive web-based interface; the Cisco's also have a web-based interface, but I've never used it (frankly I found editing the Cisco config file by hand to be easier and much more straight-forward than SonicWall's GUI-based interface).
0
 
LVL 12

Assisted Solution

by:cbowman92
cbowman92 earned 71 total points
ID: 35017615
The best firewall on the market in my opinion for a very small network is either McAfee or Sonicwall. Sonicwall in particular are very competitive for money and are specialist in the small to medium sized networks.  Mcafee are very good. Firewalls such as Cisco and Checkpoint I think are over priced and over rated.
0
 
LVL 33

Expert Comment

by:Todd Gerbert
ID: 35017763
Cisco = over rated: Yes (but still good), over priced: Sometimes - the Cisco ASA for 50 users you can probably find between $400-$500, which is probably on par with their competitors (still, probably not what you want unless you change your mind on the whole CLI thing).
0
 
LVL 8

Assisted Solution

by:jimmyray7
jimmyray7 earned 71 total points
ID: 35018706
The Sonicwall TZ series can handle your load quite easily, and they are relatively cheap.  The TZ200 would allow you to load balance across two WAN connections, and have plenty of capacity for 30 users.  Take a look!
0
 

Author Comment

by:OCUBE
ID: 35019985


 What is this Throughput  ? may be I am going to basics.

Does higher the throughput number of the firewall denote that it can do lot more job and will be faster
 for us in terms of internet speed and accessing web application ?
0
 
LVL 33

Assisted Solution

by:Todd Gerbert
Todd Gerbert earned 142 total points
ID: 35020124
Throughput generally would be the maximum rate at which a given device is able to process traffic and get it from one interface to the other.

For example, 4 inbound connections using 10Mbps each and 20 outbound connections using 5Mbps would require a throughput of at least 140Mbps.  However, keep in mind that if you have a cable internet connection which runs at 10Mbps then you can't have 20 outbound connections each using 5Mbps, since the line is only capable of 10Mbps; if you had that many connections all running full steam ahead, they'd each get a maximum of .5Mpbs (one half megabit).  So in that repsect the firewalls throughput probably won't much matter to you, as I'm sure no matter which one you go with it will well exceed your requirements.

Where it might come into play is, for example, if you have your Internet on the firewalls interface 1; a server in the DMZ on interface 2; and your internal network on interface 3.  Supposing that the server in the DMZ and your internal network are both using a gigabit connection, and your firewalls throughput is only 100Mbps, then the best connection you'll be able to get from your inside network to that server is going to be 100Mbps.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:OCUBE
ID: 35020182

@tgerbert:

The second part of your explanation, have some question on that.

Usually what we do in our current firewall is:

Setup the public IP on WAN 1 and setup port forwardings(smtp,pop3,http) to the internal lan IP's

Does the above setup is different from the DMZ what you have mentioned ?
0
 

Author Comment

by:OCUBE
ID: 35020264

   I was looking at :

Netgear Prosecure UTM25 device

http://www.netgear.com/products/business/proSecure-brand/UTM-series/UTM25.aspx

http://prosecure.netgear.com/products/prosecure-utm-series/

» All in one Unified Threat Management
» Firewall Throughput 127 Mbps
» VPN Throughput 70 Mbps
» Anti-virus Throughput 25 Mbps
» 27000 Concurrent Connections (Maximum)
» Dual WAN Fail-over
» Load Balancing




 Can someone check and let me know if its good or not.
0
 

Author Comment

by:OCUBE
ID: 35021672

  Does any of the firewall devices which experts are suggesting in this post (SonicWall,Fortigate,Cisco,WatchGuard )has the following features :


1.  Does it give me a report of how much internet bandwidth is being used(inbound/outbound)
     over a period of time.  Does it store the data and show me as reports as needed ?

2.  Can it show me in real-time traffic as which particular internal IP address or hostname is using

    most of the internet bandwidth ?

3.   2 internet WAN connections from 2 different ISP's ?

4.   Can I dedicate a certain amount of internet bandwidth , around 1.2Mbps to an internal Lan IP address.  If I have an internal Mail server, which people access from road, I wanted to dedicate
an upload/download internet speed of 1.2Mbps to that server only.

0
 
LVL 11

Assisted Solution

by:Pieter Jordaan
Pieter Jordaan earned 71 total points
ID: 35026001
Hi

If you are looking for multi-WAN with failover and bandwidth management, then look at http://www.pfsense.org
I replaced two Cisco ASDM firewalls and a Watchguard firebox with pfsense and three locations with pfsense.
They all have multi-line failover with VPN.

The monitoring is brilliant.
It is free.
It includes Fail-over, load balancing, traffic shaping, proxy, real-time line graphs and many packages you can add if you need it.

Nothing available on the market comes close.
Try it before you spend money on something lesser.

Install it on a workstation with as many network cards as you have lines, with an additional LAN network card.
Amazon sells the book for version 1.2.3.

Download from here:
http://www.pfsense.org

Screenshots:
http://www.pfsense.org/screenshots/

There are commercial support available, and plenty documentation.

BitFreeze.
0
 
LVL 6

Assisted Solution

by:DewFreak
DewFreak earned 145 total points
ID: 35027714
WatchGuard:

1.  Does it give me a report of how much internet bandwidth is being used(inbound/outbound)
     over a period of time.  Does it store the data and show me as reports as needed ?
YES

2.  Can it show me in real-time traffic as which particular internal IP address or hostname is using

    most of the internet bandwidth ?
YES -requires loggging and a server to run on

3.   2 internet WAN connections from 2 different ISP's ?
YES

4.   Can I dedicate a certain amount of internet bandwidth , around 1.2Mbps to an internal Lan IP address.  If I have an internal Mail server, which people access from road, I wanted to dedicate
an upload/download internet speed of 1.2Mbps to that server only.

I have done rate limiting via VPN but not on your scenerio.  I would think it does but would need to research that.
0
 

Author Comment

by:OCUBE
ID: 35221890


Any particular XTM series which is more stable compared to other models ?
0
 

Expert Comment

by:parthiban3md
ID: 35431565
go with fortigate80C
0
 
LVL 33

Expert Comment

by:digitap
ID: 35783905
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Suggested Solutions

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now