Solved

Appropriate SME SMB hardware firewall

Posted on 2011-03-16
8
797 Views
Last Modified: 2012-06-21
Hi,

We currently have two Watchguard 750e firewalls with Unified Threat Management suite (anti-virus/anti-spam/web-blocker etc).

As this model is EOL I was wondering what hardware firewalls were recommended, (without subscription, if possible, but not necessarily) for:

Two SDSL lines, ~50 users, VPN & superior anti-spam and web-blocker functionality?

Many thanks.
0
Comment
Question by:fitzyj
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35162832
If you wish to go with WG then XTM series 5 is what I would say you should look at. This gives the flexibility of product awareness and also there might be a trade-in program from WG which might get the new firewall at some discounted rate for you.

If you want to look at other vendors, then, first you should budget for training or if you have familiarity with any other product/vendor other than WG then give that some preference.
Sonicwall NSA series and Juniper SRX240 are two other products which are good.

There are many more vendors out there; general rule I would use to zero on a single products vendor [my peference]:
1. Product familiarity/confidence.
2. Training requirement for operation and troubleshooting.
3. Features and support.
4. Recurring costs, like UTM/IPS license/subscriptions; tech support contract renewal cost.
5. Use limit and any license to increase limit, if applicable.
6. Features available/needed and cost-benefit ration analysis.

Please let know if you need more details.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186204
Examples are there IMO; may be rather than closing question you should post a comment requesting more inputs.
0
 

Author Comment

by:fitzyj
ID: 35198285
Thanks for your feedback.

Please could you comment on the pros/cons of migrating to a WatchGuard XTM 23 with UTM suite from a WatchGuard 750e in the scenario listed?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199710
The two boxes are comparable in feature; with XTM 23 winning on some front when compared to x750e.

However, one area where x750e scores very heavily when compared to XTM 23 is performance. As per datasheet on WG website, x750e is 1 Gbps capable firewall whereas XTM 23 is rated at 195 Mbps. XTM 5 series would be more preferable from scalability and performance stand point.

http://www.watchguard.com/products/core-e/compare.asp?p1=x550e&p2=x750e&p3=x1250e
http://www.watchguard.com/products/xtm-2/compare.asp?p1=xtm21&p2=xtm22&p3=xtm23
http://www.watchguard.com/products/xtm-5/compare.asp?p1=xtm505&p2=xtm510&p3=xtm520&p4=xtm530

They have not posted device capabilities when UTM features are enabled; like with any other vendor; the performance would detoriate.
In many cases the performance drop from published numbers is as high as 80% depending on traffic mix and services enabled.

IMO XTM 510 or 520 [depending on your budget] would be a far better match for x750e than XTM 23.

Thank you.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:fitzyj
ID: 35199796
Thanks for that.

Considering the following usage: 40 users max, 20 concurrent internet users, constant Exchange Server, no VPNs, all UTM suite active on a 10Mbps bearer - would the XTM 23 slow down internet access?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199949
The users might not have too much difficulty in terms of internet browsing; but you should look at firewall capabilities to actually serve the traffic and perform UTM duties as you wish.

Two things which you should take into account:
1. Total memory.
2. CPU.

http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_2_Series_HardwareGuide.pdf
http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_5_Series_HardwareGuide.pdf

Hardware Specifications
XTM 5 Series                                                   XTM 2 Series
Processor 2 GHz Single Core                              667 MHz Single Core
Memory: Flash 1 GB                                            256 MB
Memory: RAM 1 GB                                             256 MB
Power supply: 100-240 VAC                              12V/2A 12V/2A
                            Autosensing

With a low end firewall; you might run into issues of high CPU/memory or not enough juice for performing UTM functionality at desired speed.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35200041
Many thanks for your help.

The trade up from 750e to XTM510 inc. UTM suite is £1499.00 per box (we need two).

I am not concerned with familiarising myself with new hardware.

At that price, can you suggest similar hardware from other vendors that may prove more cost effective, or offer better security?

If not, I'll keep with the WatchGuard.

Thanks again.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 35200386
Am not too sure on the price points of products; Sonicwall NSA 3500 is a good product; Juniper SRX is the new age of firewall products and srx240 [high mem] would suit your requirement or SSG350M [relatively older product than SRXs].
Other vendors would include checkpoint and cisco ASA.

I have worked on Juniper/WG/Sonicwall products so can comment on them; others not too familiar.

Smaller vendors like Netgear/Linksys/D-link/Draytek others have products but not rated very high on security/UTM capabilities.

If possible, ask WG to demonstrate XTM 23 at your site [a proof of concept]; check for memory/CPU which are the only things which I think you need to watch for and then see if it can actually serve your purpose.

Thank you.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now