Recommended Firewall

WORKS2011
WORKS2011 used Ask the Experts™
on
I've used ISA, Sonic, NetGear and other firewalls and was leaning towards Sonic when I realize they don't offer a standard firewall without all the "services" they attach. This seems like unnecessary overhead to me, basically a money stream for them and the concern is paying for a device every year at the cost they sell their services for. Other firewalls I'm not shelling out the money annually that Sonic expects and I've never had a breach with security.

I would like to hear from EE's your preferences what firewall you recommend and why.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
By Sonic do you mean SonicWall?  Their annual subscription is not without *some* value.  You get access to their support, firmware upgrades, and maybe most important, rapid hardware replacement in case of a system failure.  In a business setting, it's like an insurance policy.
ctssteveowner
Commented:
I have used both Sonicwall and Watchguard now for 5 + years, both I find are easy to work with, but I really prefer Watchguard over Sonicwall as Watchguards GUI is much easier to navigate through and the dashboard has a better layout hen Sonicwall. Sonicwall has also just recently been purchased from Dell, so if you want to avoid all the services I would lean more towards Watchguard, you can purchase the appliance without all the unnecessary services. Just my opinion.

Good luck to you.
Minor correction, SonicWall was purchased *by* Dell, not *from* Dell.  :)
My experience is mostly with Cisco and Linksys products.  In an enterprise environment, we used the ASA 5510 firewall with 2850 routers.  This brand does require a service agreement as well but I think most enterprise solutions will.  The service agreement is for 3 years and includes support and access to newer firmware and updates.  The agreement is renewable.  The only other cost was the certificate license to setup VPN users.

For smaller business, I used Linksys RVS4000.  The only additional and optional investment is the ProtectLink that is basically a gateway antrivirus security solution that is a subscription based model through Trend Micro.  I never used ProtectLink though.
Everyone will be biased to a degree with their preferences.
I personally recommend Cisco ASA. The devices are modular and you pay for the software level of your choice. Bear in mind, if you buy certain feature sets you can not downgrade SmartNet service levels. For example, if you get IPS feature and you later remove the card...you can not change your SmarNet Service level from SU (removing the AIP option) to SNTP. That type of service level is tied to the Serial Number at time of purchase.
I thought it important to list the only aspect I do not like about maintenance on Cisco firewalls. Other than that, their gear is top notch.
WORKS2011Managed IT Services, Cyber Security, Backup

Author

Commented:
IT-Monkey-Dave (nice name...lol) not sure I get the costs associated with the following:
- support - now Dell, my opinion it just took a hit but actually when I called support in the past (when Sonic) they were ok working with, so a plus.
- firmware I can download myself, no need to pay for
- rapid hardware replacement, 1. I'll need something in hours not the turnaround time they have shipping a product. 2. I can purchase a second firewall with the money I'm paying each year, instead of paying annually, assuming the firewall last for a couple years I've already saved enough money to purchase a backup.
- appreciate your feedback, thanks.

ctssteve thanks for an alternate I'm checking out Watchguard now.
ctssteveowner

Commented:
IT-Monkey-Dave, thanks for the correction.... :)
WORKS2011Managed IT Services, Cyber Security, Backup

Author

Commented:
ChopperCentury I managed a Cisco firewall before and it was on the higher end, it was like configuring a Cisco router which I don't do often but can navigate and configure. Do they have GUI's that make them more user friendly. Thanks for your input.
Yes, it is called the ASDM. Very user friendly, you can use CLI or ASDM.
As for service level, Cisco offers very tight windows, you can get SNTP with 24x7x4, that is 24 hours a day, 7 days a week, with a 4 hour delivery time on parts. SmartNet is not just parts but talking to Cisco Engineers to help you through troubleshooting anything on the equipment or just questions you may have.
Also consider Juniper and Check Point here.

Both make very good, enterprise level firewalls even for the smaller offices.  Check Point is likely to be more expensive than Juniper due to the licensing options that CP attach to their kit, but the smaller models, that come bundled with packages of the software blades (firewall features to you and me) do cover the main firewall requirements, ie firewall and VPN.

CP can be managed by what is arguably the best management interface ever but you do have to realise that it will add to the overall cost sadly.

The Juniper offerings, based around the SRX range, are also very good.  Can be managed easily using the CLI and Jweb interface as well.

HTH bud
WORKS2011Managed IT Services, Cyber Security, Backup

Author

Commented:
thanks guys, I split the points across everyone equally, thanks for your input.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial