Solved

Appropriate SME SMB hardware firewall

Posted on 2011-03-16
8
798 Views
Last Modified: 2012-06-21
Hi,

We currently have two Watchguard 750e firewalls with Unified Threat Management suite (anti-virus/anti-spam/web-blocker etc).

As this model is EOL I was wondering what hardware firewalls were recommended, (without subscription, if possible, but not necessarily) for:

Two SDSL lines, ~50 users, VPN & superior anti-spam and web-blocker functionality?

Many thanks.
0
Comment
Question by:fitzyj
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35162832
If you wish to go with WG then XTM series 5 is what I would say you should look at. This gives the flexibility of product awareness and also there might be a trade-in program from WG which might get the new firewall at some discounted rate for you.

If you want to look at other vendors, then, first you should budget for training or if you have familiarity with any other product/vendor other than WG then give that some preference.
Sonicwall NSA series and Juniper SRX240 are two other products which are good.

There are many more vendors out there; general rule I would use to zero on a single products vendor [my peference]:
1. Product familiarity/confidence.
2. Training requirement for operation and troubleshooting.
3. Features and support.
4. Recurring costs, like UTM/IPS license/subscriptions; tech support contract renewal cost.
5. Use limit and any license to increase limit, if applicable.
6. Features available/needed and cost-benefit ration analysis.

Please let know if you need more details.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186204
Examples are there IMO; may be rather than closing question you should post a comment requesting more inputs.
0
 

Author Comment

by:fitzyj
ID: 35198285
Thanks for your feedback.

Please could you comment on the pros/cons of migrating to a WatchGuard XTM 23 with UTM suite from a WatchGuard 750e in the scenario listed?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199710
The two boxes are comparable in feature; with XTM 23 winning on some front when compared to x750e.

However, one area where x750e scores very heavily when compared to XTM 23 is performance. As per datasheet on WG website, x750e is 1 Gbps capable firewall whereas XTM 23 is rated at 195 Mbps. XTM 5 series would be more preferable from scalability and performance stand point.

http://www.watchguard.com/products/core-e/compare.asp?p1=x550e&p2=x750e&p3=x1250e
http://www.watchguard.com/products/xtm-2/compare.asp?p1=xtm21&p2=xtm22&p3=xtm23
http://www.watchguard.com/products/xtm-5/compare.asp?p1=xtm505&p2=xtm510&p3=xtm520&p4=xtm530

They have not posted device capabilities when UTM features are enabled; like with any other vendor; the performance would detoriate.
In many cases the performance drop from published numbers is as high as 80% depending on traffic mix and services enabled.

IMO XTM 510 or 520 [depending on your budget] would be a far better match for x750e than XTM 23.

Thank you.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:fitzyj
ID: 35199796
Thanks for that.

Considering the following usage: 40 users max, 20 concurrent internet users, constant Exchange Server, no VPNs, all UTM suite active on a 10Mbps bearer - would the XTM 23 slow down internet access?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199949
The users might not have too much difficulty in terms of internet browsing; but you should look at firewall capabilities to actually serve the traffic and perform UTM duties as you wish.

Two things which you should take into account:
1. Total memory.
2. CPU.

http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_2_Series_HardwareGuide.pdf
http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_5_Series_HardwareGuide.pdf

Hardware Specifications
XTM 5 Series                                                   XTM 2 Series
Processor 2 GHz Single Core                              667 MHz Single Core
Memory: Flash 1 GB                                            256 MB
Memory: RAM 1 GB                                             256 MB
Power supply: 100-240 VAC                              12V/2A 12V/2A
                            Autosensing

With a low end firewall; you might run into issues of high CPU/memory or not enough juice for performing UTM functionality at desired speed.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35200041
Many thanks for your help.

The trade up from 750e to XTM510 inc. UTM suite is £1499.00 per box (we need two).

I am not concerned with familiarising myself with new hardware.

At that price, can you suggest similar hardware from other vendors that may prove more cost effective, or offer better security?

If not, I'll keep with the WatchGuard.

Thanks again.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 35200386
Am not too sure on the price points of products; Sonicwall NSA 3500 is a good product; Juniper SRX is the new age of firewall products and srx240 [high mem] would suit your requirement or SSG350M [relatively older product than SRXs].
Other vendors would include checkpoint and cisco ASA.

I have worked on Juniper/WG/Sonicwall products so can comment on them; others not too familiar.

Smaller vendors like Netgear/Linksys/D-link/Draytek others have products but not rated very high on security/UTM capabilities.

If possible, ask WG to demonstrate XTM 23 at your site [a proof of concept]; check for memory/CPU which are the only things which I think you need to watch for and then see if it can actually serve your purpose.

Thank you.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 120
Asymmetric Routing (Firewall) 3 71
Sonicwall Scheduling 4 35
network error 8 35
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now