Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Appropriate SME SMB hardware firewall

Posted on 2011-03-16
8
800 Views
Last Modified: 2012-06-21
Hi,

We currently have two Watchguard 750e firewalls with Unified Threat Management suite (anti-virus/anti-spam/web-blocker etc).

As this model is EOL I was wondering what hardware firewalls were recommended, (without subscription, if possible, but not necessarily) for:

Two SDSL lines, ~50 users, VPN & superior anti-spam and web-blocker functionality?

Many thanks.
0
Comment
Question by:fitzyj
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35162832
If you wish to go with WG then XTM series 5 is what I would say you should look at. This gives the flexibility of product awareness and also there might be a trade-in program from WG which might get the new firewall at some discounted rate for you.

If you want to look at other vendors, then, first you should budget for training or if you have familiarity with any other product/vendor other than WG then give that some preference.
Sonicwall NSA series and Juniper SRX240 are two other products which are good.

There are many more vendors out there; general rule I would use to zero on a single products vendor [my peference]:
1. Product familiarity/confidence.
2. Training requirement for operation and troubleshooting.
3. Features and support.
4. Recurring costs, like UTM/IPS license/subscriptions; tech support contract renewal cost.
5. Use limit and any license to increase limit, if applicable.
6. Features available/needed and cost-benefit ration analysis.

Please let know if you need more details.

Thank you.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35186204
Examples are there IMO; may be rather than closing question you should post a comment requesting more inputs.
0
 

Author Comment

by:fitzyj
ID: 35198285
Thanks for your feedback.

Please could you comment on the pros/cons of migrating to a WatchGuard XTM 23 with UTM suite from a WatchGuard 750e in the scenario listed?

Many thanks.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199710
The two boxes are comparable in feature; with XTM 23 winning on some front when compared to x750e.

However, one area where x750e scores very heavily when compared to XTM 23 is performance. As per datasheet on WG website, x750e is 1 Gbps capable firewall whereas XTM 23 is rated at 195 Mbps. XTM 5 series would be more preferable from scalability and performance stand point.

http://www.watchguard.com/products/core-e/compare.asp?p1=x550e&p2=x750e&p3=x1250e
http://www.watchguard.com/products/xtm-2/compare.asp?p1=xtm21&p2=xtm22&p3=xtm23
http://www.watchguard.com/products/xtm-5/compare.asp?p1=xtm505&p2=xtm510&p3=xtm520&p4=xtm530

They have not posted device capabilities when UTM features are enabled; like with any other vendor; the performance would detoriate.
In many cases the performance drop from published numbers is as high as 80% depending on traffic mix and services enabled.

IMO XTM 510 or 520 [depending on your budget] would be a far better match for x750e than XTM 23.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35199796
Thanks for that.

Considering the following usage: 40 users max, 20 concurrent internet users, constant Exchange Server, no VPNs, all UTM suite active on a 10Mbps bearer - would the XTM 23 slow down internet access?

Many thanks.
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35199949
The users might not have too much difficulty in terms of internet browsing; but you should look at firewall capabilities to actually serve the traffic and perform UTM duties as you wish.

Two things which you should take into account:
1. Total memory.
2. CPU.

http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_2_Series_HardwareGuide.pdf
http://www.watchguard.com/help/docs/wsm/11/en-US/XTM_5_Series_HardwareGuide.pdf

Hardware Specifications
XTM 5 Series                                                   XTM 2 Series
Processor 2 GHz Single Core                              667 MHz Single Core
Memory: Flash 1 GB                                            256 MB
Memory: RAM 1 GB                                             256 MB
Power supply: 100-240 VAC                              12V/2A 12V/2A
                            Autosensing

With a low end firewall; you might run into issues of high CPU/memory or not enough juice for performing UTM functionality at desired speed.

Thank you.
0
 

Author Comment

by:fitzyj
ID: 35200041
Many thanks for your help.

The trade up from 750e to XTM510 inc. UTM suite is £1499.00 per box (we need two).

I am not concerned with familiarising myself with new hardware.

At that price, can you suggest similar hardware from other vendors that may prove more cost effective, or offer better security?

If not, I'll keep with the WatchGuard.

Thanks again.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 35200386
Am not too sure on the price points of products; Sonicwall NSA 3500 is a good product; Juniper SRX is the new age of firewall products and srx240 [high mem] would suit your requirement or SSG350M [relatively older product than SRXs].
Other vendors would include checkpoint and cisco ASA.

I have worked on Juniper/WG/Sonicwall products so can comment on them; others not too familiar.

Smaller vendors like Netgear/Linksys/D-link/Draytek others have products but not rated very high on security/UTM capabilities.

If possible, ask WG to demonstrate XTM 23 at your site [a proof of concept]; check for memory/CPU which are the only things which I think you need to watch for and then see if it can actually serve your purpose.

Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question