Can you please suggest a new firewall?

Currently my office has a Cisco ASA 5505.  We are in the process of looking to upgrade firewalls.  I've heard great things about Sonicwall and Watchguard.  Can you please suggest comparable models in Cisco, Sonicwall, and Watchguard?  Right now we just do some simple static rules and we have a few remote VPN phones that link in to our phone system.  Ease of use is a HUGE plus.
tchristmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony GiangrecoCommented:
We use Sonicwall TZ210W & TZ215W firewalls at different clients. They work well and the support and docuentation is good.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
akhalighiCommented:
Sonicwalls are easy to use , almost everything will be done through web . I recently deployed two Fortigate 300C models and those were also very friendly .
0
carlmdCommented:
A Sonciwall TZ215 would be a good replacement. Uses a browser based config and has wizards for most common setups. Plenty of documentation on setting up VOIP.

You can qualify for the Secure Upgrade Plus program by trading your current Cisco product. You don't really have to return the Cisco, just provide the model and serial number. With the upgrade program you can get a new TZ215 with 3 years CGSS (subscription) for an MSRP of $1,350.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

lruiz52Commented:
Is the ASA giving you problems? I've worked with watchguard xtm25, sonicwall ts, juniper netscreen, and the Cisco ASA. They are all pretty good, each have there strengths. I prefer the ASA except when working with dual ISPs. Out of the others I like watchguard and their PBR.
0
Blue Street TechLast KnightCommented:
Hi tchristman,

Cisco is finally starting to make a "next Gen" security appliance but I'd put my money into a SonicWALL, especially for ease-of-use and their support is great. Bang for your buck, feature-wise & sheer throughput power - there is none better than a SonicWALL IMO.

Depending on your growth (if you were considering stepping into an ASA 5510 as your next model), I'd recommend SonicWALL NSA 3600, otherwise if there isn't major growth you'd be perfect in a SonicWALL TZ 215. In either model I'd definitely purchase CGSS (https://www.sonicwall.com/us/en/products/Network_Security_Comprehensive_Gateway_Security_Suite.html) and like @carlmd said you are eligible to the Secure Upgrade Plus Program (http://www.sonicwall.com/us/en/4074.html), which allows you to get up to 50% off of CGSS on qualifying trade-in units (which yours is).

CGSS is a no-brainier default. When you buy a SonicWALL you buy CGSS - they go hand & hand - I'd say its almost a best practice when buying SonicWALLs. CGSS is a security licensing option, which provides you with the following services all bundled and paid in 1, 2 or 3 yr terms:
Gateway Anti-Virus
Gateway Anti-Spyware
Gateway Intrusion Prevention
Application Intelligence & Control
Custom Geo-IP Filtering
Botnet Filtering
Premium Content Filtering Service
Dynamic Support 24x7

Here is a competitive comparison against an Cisco ASA 5510 and a SonicWALL NSA 3600 (attached). Here you can find more about the differences between Cisco & SonicWALLs too: https://www.sonicwall.com/us/en/competitive_campaign.html. Again, this won't be as relevant like I said earlier if they are not on a rapid growth trend.

SonicWALL TZ 215 specs: http://www.sonicwall.com/us/en/products/TZ_215.html#tab=specifications
NSA 3600 specs: http://www.sonicwall.com/us/en/products/NSA_3600.html#tab=specifications

VPN wise the TZ 215 will provide you with:
Site-to-Site VPN Tunnels:      20
Global VPN Clients (Bundled):      2
Global VPN Clients (Maximum):      25
SSL VPN NetExtender Clients (Maximum):       2(10)


Let me know if you have any other questions!
Dell-SonicWALL-NSA-3600-vs-Cisco.pdf
0
tchristmanAuthor Commented:
Thanks so much for your help!

I've run in to a snag with the old IT guy who used to work with us (he is a family friend of the owner and moved away).  He told me the VPN phones will only work with Cisco.  This makes zero sense to me...is there anyone else that thinks this sounds off?

Thanks everyone for your help.  I ordered the TZ 215.  It seems to do exactly what we need (as long as the VPN phones work...haha)
0
carlmdCommented:
The phone part does not make any sense unless they are very old, or have something "Cisco" specific installed as a part of them. If they are stock devices then they should be able to be made to work.

What is the make and model of the phones and phone system?
0
tchristmanAuthor Commented:
They are Avaya phones. Not that old but I'd have to get the model of them.
0
tchristmanAuthor Commented:
The phones are Avaya 5420.
0
carlmdCommented:
It appears the 5420 is old.

From what I could find, it seems to be a standard IP phone. If that is true, you should not have a problem.
0
Blue Street TechLast KnightCommented:
the old IT guy's comment = rubbish!
0
tchristmanAuthor Commented:
That's what I thought.  Didn't make any sense to me...
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
There was a time where the only good recommendation for routers in IP phone envs were Cisco ones, because they reliably handled QoS / DiffServ for bandwidth priority control. Those times have gone, and business class routers should be able to manage IP phone traffic fine.
0
Blue Street TechLast KnightCommented:
tchristman,

Any update on this? Have we answered all your questions?
0
Blue Street TechLast KnightCommented:
Is there any more I can do for you?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.