Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 746
  • Last Modified:

Which Hardware Firewall do you suggest for small business ?

I want inputs from network administrators who have been using the firewall which are similar to my environment:

- small business
- 30 users
- 2 web servers, around 20 customers logged into the website(8 hours a day)
- we have a T1 (1.5Mb upload /download) at present
- planning to add comcast business 10Mbps download / 5 Mbps Upload connection to the above



I am reading some posting in this website about Fortigate firewall  and Sonicwall firewalls.

- Let me know which one is good and user friendly( i hate CLI)
- Any other firewall suggestion is also appreciated

I might add more questions once I have inputs from experts
0
OCUBE
Asked:
OCUBE
  • 5
  • 3
  • 2
  • +5
7 Solutions
 
DewFreakCommented:
I would recommend a WatchGuard XTM 505

http://www.watchguard.com/products/xtm-5/overview.asp

This would be a solid solution for your application and it has room for growth.  I have used WatchGuard products professionally for over 10 years, installed over 400 devices and they have been solid with unmatched security.  Their VPN options are top notch for branch to branch and mobile users using PPTP, IPSEC, or SSL.

This also meets your non-cli criteria, as you do not have to use one unless you want.  
0
 
Todd GerbertIT ConsultantCommented:
We're currently using SonicWall NSA 240's for our 4 locations, they seem to do the job well (though I am less than impressed by their support group).  Previously we were using Cisco ASA's.  Both, I think, would be good choices for a small network.

The SonicWall has a pretty and fairly intuitive web-based interface; the Cisco's also have a web-based interface, but I've never used it (frankly I found editing the Cisco config file by hand to be easier and much more straight-forward than SonicWall's GUI-based interface).
0
 
Craig BowmanCommented:
The best firewall on the market in my opinion for a very small network is either McAfee or Sonicwall. Sonicwall in particular are very competitive for money and are specialist in the small to medium sized networks.  Mcafee are very good. Firewalls such as Cisco and Checkpoint I think are over priced and over rated.
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
Todd GerbertIT ConsultantCommented:
Cisco = over rated: Yes (but still good), over priced: Sometimes - the Cisco ASA for 50 users you can probably find between $400-$500, which is probably on par with their competitors (still, probably not what you want unless you change your mind on the whole CLI thing).
0
 
jimmyray7Commented:
The Sonicwall TZ series can handle your load quite easily, and they are relatively cheap.  The TZ200 would allow you to load balance across two WAN connections, and have plenty of capacity for 30 users.  Take a look!
0
 
OCUBEAuthor Commented:


 What is this Throughput  ? may be I am going to basics.

Does higher the throughput number of the firewall denote that it can do lot more job and will be faster
 for us in terms of internet speed and accessing web application ?
0
 
Todd GerbertIT ConsultantCommented:
Throughput generally would be the maximum rate at which a given device is able to process traffic and get it from one interface to the other.

For example, 4 inbound connections using 10Mbps each and 20 outbound connections using 5Mbps would require a throughput of at least 140Mbps.  However, keep in mind that if you have a cable internet connection which runs at 10Mbps then you can't have 20 outbound connections each using 5Mbps, since the line is only capable of 10Mbps; if you had that many connections all running full steam ahead, they'd each get a maximum of .5Mpbs (one half megabit).  So in that repsect the firewalls throughput probably won't much matter to you, as I'm sure no matter which one you go with it will well exceed your requirements.

Where it might come into play is, for example, if you have your Internet on the firewalls interface 1; a server in the DMZ on interface 2; and your internal network on interface 3.  Supposing that the server in the DMZ and your internal network are both using a gigabit connection, and your firewalls throughput is only 100Mbps, then the best connection you'll be able to get from your inside network to that server is going to be 100Mbps.
0
 
OCUBEAuthor Commented:

@tgerbert:

The second part of your explanation, have some question on that.

Usually what we do in our current firewall is:

Setup the public IP on WAN 1 and setup port forwardings(smtp,pop3,http) to the internal lan IP's

Does the above setup is different from the DMZ what you have mentioned ?
0
 
OCUBEAuthor Commented:

   I was looking at :

Netgear Prosecure UTM25 device

http://www.netgear.com/products/business/proSecure-brand/UTM-series/UTM25.aspx

http://prosecure.netgear.com/products/prosecure-utm-series/

» All in one Unified Threat Management
» Firewall Throughput 127 Mbps
» VPN Throughput 70 Mbps
» Anti-virus Throughput 25 Mbps
» 27000 Concurrent Connections (Maximum)
» Dual WAN Fail-over
» Load Balancing




 Can someone check and let me know if its good or not.
0
 
OCUBEAuthor Commented:

  Does any of the firewall devices which experts are suggesting in this post (SonicWall,Fortigate,Cisco,WatchGuard )has the following features :


1.  Does it give me a report of how much internet bandwidth is being used(inbound/outbound)
     over a period of time.  Does it store the data and show me as reports as needed ?

2.  Can it show me in real-time traffic as which particular internal IP address or hostname is using

    most of the internet bandwidth ?

3.   2 internet WAN connections from 2 different ISP's ?

4.   Can I dedicate a certain amount of internet bandwidth , around 1.2Mbps to an internal Lan IP address.  If I have an internal Mail server, which people access from road, I wanted to dedicate
an upload/download internet speed of 1.2Mbps to that server only.

0
 
Pieter JordaanCommented:
Hi

If you are looking for multi-WAN with failover and bandwidth management, then look at http://www.pfsense.org
I replaced two Cisco ASDM firewalls and a Watchguard firebox with pfsense and three locations with pfsense.
They all have multi-line failover with VPN.

The monitoring is brilliant.
It is free.
It includes Fail-over, load balancing, traffic shaping, proxy, real-time line graphs and many packages you can add if you need it.

Nothing available on the market comes close.
Try it before you spend money on something lesser.

Install it on a workstation with as many network cards as you have lines, with an additional LAN network card.
Amazon sells the book for version 1.2.3.

Download from here:
http://www.pfsense.org

Screenshots:
http://www.pfsense.org/screenshots/

There are commercial support available, and plenty documentation.

BitFreeze.
0
 
DewFreakCommented:
WatchGuard:

1.  Does it give me a report of how much internet bandwidth is being used(inbound/outbound)
     over a period of time.  Does it store the data and show me as reports as needed ?
YES

2.  Can it show me in real-time traffic as which particular internal IP address or hostname is using

    most of the internet bandwidth ?
YES -requires loggging and a server to run on

3.   2 internet WAN connections from 2 different ISP's ?
YES

4.   Can I dedicate a certain amount of internet bandwidth , around 1.2Mbps to an internal Lan IP address.  If I have an internal Mail server, which people access from road, I wanted to dedicate
an upload/download internet speed of 1.2Mbps to that server only.

I have done rate limiting via VPN but not on your scenerio.  I would think it does but would need to research that.
0
 
OCUBEAuthor Commented:


Any particular XTM series which is more stable compared to other models ?
0
 
parthiban3mdCommented:
go with fortigate80C
0
 
digitapCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 5
  • 3
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now