?
Solved

Appropriate SME SMB hardware firewall

Posted on 2011-03-16
8
Medium Priority
?
819 Views
Last Modified: 2012-06-21
Hi,

We currently have two Watchguard 750e firewalls with Unified Threat Management suite (anti-virus/anti-spam/web-blocker etc).

As this model is EOL I was wondering what hardware firewalls were recommended, (without subscription, if possible, but not necessarily) for:

Two SDSL lines, ~50 users, VPN & superior anti-spam and web-blocker functionality?

Many thanks.
0
Comment
Question by:fitzyj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35162832
If you wish to go with WG then XTM series 5 is what I would say you should look at. This gives the flexibility of product awareness and also there might be a trade-in program from WG which might get the new firewall at some discounted rate for you.

If you want to look at other vendors, then, first you should budget for training or if you have familiarity with any other product/vendor other than WG then give that some preference.
Sonicwall NSA series and Juniper SRX240 are two other products which are good.

There are many more vendors out there; general rule I would use to zero on a single products vendor [my peference]:
1. Product familiarity/confidence.
2. Training requirement for operation and troubleshooting.
3. Features and support.
4. Recurring costs, like UTM/IPS license/subscriptions; tech support contract renewal cost.
5. Use limit and any license to increase limit, if applicable.
6. Features available/needed and cost-benefit ration analysis.

Please let know if you need more details.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186204
Examples are there IMO; may be rather than closing question you should post a comment requesting more inputs.
0
 

Author Comment

by:fitzyj
ID: 35198285
Thanks for your feedback.

Please could you comment on the pros/cons of migrating to a WatchGuard XTM 23 with UTM suite from a WatchGuard 750e in the scenario listed?

Many thanks.
0
Need protection from advanced malware attacks?

Look no further than WatchGuard's Total Security Suite, providing defense in depth against today's most headlining attacks like Petya 2.0 and WannaCry. Keep your organization out of the news with protection from known and unknown threats.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199710
The two boxes are comparable in feature; with XTM 23 winning on some front when compared to x750e.

However, one area where x750e scores very heavily when compared to XTM 23 is performance. As per datasheet on WG website, x750e is 1 Gbps capable firewall whereas XTM 23 is rated at 195 Mbps. XTM 5 series would be more preferable from scalability and performance stand point.

http://www.watchguard.com/products/core-e/compare.asp?p1=x550e&p2=x750e&p3=x1250e
http://www.watchguard.com/products/xtm-2/compare.asp?p1=xtm21&p2=xtm22&p3=xtm23
http://www.watchguard.com/products/xtm-5/compare.asp?p1=xtm505&p2=xtm510&p3=xtm520&p4=xtm530

They have not posted device capabilities when UTM features are enabled; like with any other vendor; the performance would detoriate.
In many cases the performance drop from published numbers is as high as 80% depending on traffic mix and services enabled.

IMO XTM 510 or 520 [depending on your budget] would be a far better match for x750e than XTM 23.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35199796
Thanks for that.

Considering the following usage: 40 users max, 20 concurrent internet users, constant Exchange Server, no VPNs, all UTM suite active on a 10Mbps bearer - would the XTM 23 slow down internet access?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199949
The users might not have too much difficulty in terms of internet browsing; but you should look at firewall capabilities to actually serve the traffic and perform UTM duties as you wish.

Two things which you should take into account:
1. Total memory.
2. CPU.

http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_2_Series_HardwareGuide.pdf
http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_5_Series_HardwareGuide.pdf

Hardware Specifications
XTM 5 Series                                                   XTM 2 Series
Processor 2 GHz Single Core                              667 MHz Single Core
Memory: Flash 1 GB                                            256 MB
Memory: RAM 1 GB                                             256 MB
Power supply: 100-240 VAC                              12V/2A 12V/2A
                            Autosensing

With a low end firewall; you might run into issues of high CPU/memory or not enough juice for performing UTM functionality at desired speed.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35200041
Many thanks for your help.

The trade up from 750e to XTM510 inc. UTM suite is £1499.00 per box (we need two).

I am not concerned with familiarising myself with new hardware.

At that price, can you suggest similar hardware from other vendors that may prove more cost effective, or offer better security?

If not, I'll keep with the WatchGuard.

Thanks again.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 2000 total points
ID: 35200386
Am not too sure on the price points of products; Sonicwall NSA 3500 is a good product; Juniper SRX is the new age of firewall products and srx240 [high mem] would suit your requirement or SSG350M [relatively older product than SRXs].
Other vendors would include checkpoint and cisco ASA.

I have worked on Juniper/WG/Sonicwall products so can comment on them; others not too familiar.

Smaller vendors like Netgear/Linksys/D-link/Draytek others have products but not rated very high on security/UTM capabilities.

If possible, ask WG to demonstrate XTM 23 at your site [a proof of concept]; check for memory/CPU which are the only things which I think you need to watch for and then see if it can actually serve your purpose.

Thank you.
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question