Solved

Appropriate SME SMB hardware firewall

Posted on 2011-03-16
8
801 Views
Last Modified: 2012-06-21
Hi,

We currently have two Watchguard 750e firewalls with Unified Threat Management suite (anti-virus/anti-spam/web-blocker etc).

As this model is EOL I was wondering what hardware firewalls were recommended, (without subscription, if possible, but not necessarily) for:

Two SDSL lines, ~50 users, VPN & superior anti-spam and web-blocker functionality?

Many thanks.
0
Comment
Question by:fitzyj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35162832
If you wish to go with WG then XTM series 5 is what I would say you should look at. This gives the flexibility of product awareness and also there might be a trade-in program from WG which might get the new firewall at some discounted rate for you.

If you want to look at other vendors, then, first you should budget for training or if you have familiarity with any other product/vendor other than WG then give that some preference.
Sonicwall NSA series and Juniper SRX240 are two other products which are good.

There are many more vendors out there; general rule I would use to zero on a single products vendor [my peference]:
1. Product familiarity/confidence.
2. Training requirement for operation and troubleshooting.
3. Features and support.
4. Recurring costs, like UTM/IPS license/subscriptions; tech support contract renewal cost.
5. Use limit and any license to increase limit, if applicable.
6. Features available/needed and cost-benefit ration analysis.

Please let know if you need more details.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186204
Examples are there IMO; may be rather than closing question you should post a comment requesting more inputs.
0
 

Author Comment

by:fitzyj
ID: 35198285
Thanks for your feedback.

Please could you comment on the pros/cons of migrating to a WatchGuard XTM 23 with UTM suite from a WatchGuard 750e in the scenario listed?

Many thanks.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199710
The two boxes are comparable in feature; with XTM 23 winning on some front when compared to x750e.

However, one area where x750e scores very heavily when compared to XTM 23 is performance. As per datasheet on WG website, x750e is 1 Gbps capable firewall whereas XTM 23 is rated at 195 Mbps. XTM 5 series would be more preferable from scalability and performance stand point.

http://www.watchguard.com/products/core-e/compare.asp?p1=x550e&p2=x750e&p3=x1250e
http://www.watchguard.com/products/xtm-2/compare.asp?p1=xtm21&p2=xtm22&p3=xtm23
http://www.watchguard.com/products/xtm-5/compare.asp?p1=xtm505&p2=xtm510&p3=xtm520&p4=xtm530

They have not posted device capabilities when UTM features are enabled; like with any other vendor; the performance would detoriate.
In many cases the performance drop from published numbers is as high as 80% depending on traffic mix and services enabled.

IMO XTM 510 or 520 [depending on your budget] would be a far better match for x750e than XTM 23.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35199796
Thanks for that.

Considering the following usage: 40 users max, 20 concurrent internet users, constant Exchange Server, no VPNs, all UTM suite active on a 10Mbps bearer - would the XTM 23 slow down internet access?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199949
The users might not have too much difficulty in terms of internet browsing; but you should look at firewall capabilities to actually serve the traffic and perform UTM duties as you wish.

Two things which you should take into account:
1. Total memory.
2. CPU.

http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_2_Series_HardwareGuide.pdf
http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_5_Series_HardwareGuide.pdf

Hardware Specifications
XTM 5 Series                                                   XTM 2 Series
Processor 2 GHz Single Core                              667 MHz Single Core
Memory: Flash 1 GB                                            256 MB
Memory: RAM 1 GB                                             256 MB
Power supply: 100-240 VAC                              12V/2A 12V/2A
                            Autosensing

With a low end firewall; you might run into issues of high CPU/memory or not enough juice for performing UTM functionality at desired speed.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35200041
Many thanks for your help.

The trade up from 750e to XTM510 inc. UTM suite is £1499.00 per box (we need two).

I am not concerned with familiarising myself with new hardware.

At that price, can you suggest similar hardware from other vendors that may prove more cost effective, or offer better security?

If not, I'll keep with the WatchGuard.

Thanks again.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 35200386
Am not too sure on the price points of products; Sonicwall NSA 3500 is a good product; Juniper SRX is the new age of firewall products and srx240 [high mem] would suit your requirement or SSG350M [relatively older product than SRXs].
Other vendors would include checkpoint and cisco ASA.

I have worked on Juniper/WG/Sonicwall products so can comment on them; others not too familiar.

Smaller vendors like Netgear/Linksys/D-link/Draytek others have products but not rated very high on security/UTM capabilities.

If possible, ask WG to demonstrate XTM 23 at your site [a proof of concept]; check for memory/CPU which are the only things which I think you need to watch for and then see if it can actually serve your purpose.

Thank you.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 186
E-mail alerts from Cisco ASA Firepower 3 96
network error 8 61
ASA Tunnel 18 49
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question