Firewall Recommendation

Posted on 2013-09-20
Medium Priority
Last Modified: 2013-11-01
Looking to get a new firewall for a 12 user office. Considering Barracuda for the web filter appliance and wondering if I should choose Barracuda for the firewall also?

I have never used a Barracuda firewall as sonicwall is my only limited experience and I am trying to decide between a Barracuda, Sonicwall or Cisco Firewall.

I have zero Cisco firewall experience. I do like the GUI advantage of any model and do not like CLI or similar.

The one thing I do not like about sonicwall is support calls are Given to Forgein language engineers and the language barrier makes solving problems more difficult for me.

I know Barracuda has US support and I think Cisco does also for the most part.

The office currently uses Cisco small buisness series Switches and we plan a VOIP deployment soon but brand has not been decided yet.

Office has a single WAN connection of Comcast buisness class at the moment but we would wand DSL as a second WAN / Failover / Backup in the near future.

We would want IP Sec and SSL VPN Capacity primarily for remote management and the occasional doctor connetion from home after hours for patient emergencies.

Thoughts or Opinions?
Question by:ATL74
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 500 total points
ID: 39509755
A Cisco ASA 5505 firewall will meet your requirements.  The GUI interface is  ASDM. With proper licensing, it supports IP Sec, SSL VPN, and Failover/Standby capability.

Assisted Solution

Teeshirt earned 500 total points
ID: 39509919
Try this.. http://www.gateprotect.com/

Best value!
LVL 30

Assisted Solution

by:Blue Street Tech
Blue Street Tech earned 500 total points
ID: 39510556
Hi ATL74,

If your skills are good with SonicWALL; get certified and you'll get North American L2 & L3 support with less than 5-10 minute first-call responses. It's awesome!

You need a Next Gen firewall regardless and I'd recommend SonicWALL TZ series. TZ series is one of the best in the market. Most of the competitors are doing DPI (Deep Packet Inspection), which is essential but SonicWALL goes beyond that by integrating a multi-core design to provide Reassembly-Free Deep Packet Inspection (RFDPI), which is a technology that examines traffic simultaneously across all ports without introducing latency to the network. As a result, organizations are not required to make a choice between advanced DPI security and network performance. With SonicWALL you get both!

With as many as 24 cores to handle network load evenly & protect against extreme performance degradation often present in other technologies when exposed to heavy traffic conditions & malicious content you can improve security and performance significantly.

Here are some comparisons to make your decision even easier:
Barracuda vs. SonicWALL:
http://www.sonicwall.com/downloads/SESvsBarracuda_50.pdf --Older article but SonicWALL has only improved immensely, while Barracuda has remained on the same trend.
Cisco vs. SonicWALL:
https://www.sonicwall.com/us/en/competitive_campaign.html --doesn't hold a match to SonicWALL both in security, features & price

I'd definitely recommend purchasing CGSS with any SonicWALL: https://www.sonicwall.com/us/en/products/Network_Security_Comprehensive_Gateway_Security_Suite.html#tab=overview. And you're eligible for the Secure Upgrade Plus promotion, which gives you 50% CGSS licensing. Look under the Competitive Appliance Replacements section here: https://www.sonicwall.com/us/en/4074.html

The answers to these questions will help you determine which SonicWALL TZ to get:
How many site-to-site VPN connections are needed?
How many GVC VPN connections are needed?
How many SSL-VPN connections are needed?
Are you going to get WiFi built-in?
How is the office space in terms of WiFi...are you going to need WiFi Extenders?
Do you see a use for Dual Band radio?

Based on your answers and the user size (12), you'd be looking at TZ 105, TZ 205 or TZ 215.
All of them come with wired or wireless options.

All of the features are pretty much the same with the exception of the ones noted below. Here are a list of differentiators between the models.
                                                             TZ 215             TZ 205             TZ 105


Interfaces                                      7 GbE, 2 USB*       5 GbE, 1 USB*       5 FE, 1 USB*
RAM                                                          512MB       256MB                   256MB
*comes with 1 Console Interface


Stateful Throughput3                             500 Mbps             500 Mbps       200 Mbps
UTM Performance4                               60 Mbps             40 Mbps             25 Mbps
Gateway Anti-Virus Throughput4       70 Mbps             60 Mbps             40 Mbps
Intrusion Prevention Throughput4   110 Mbps       80 Mbps            60 Mbps
3DES/AES VPN Throughput5             130 Mbps             100 Mbps       75 Mbps
Maximum Connections6                            48000       12000             8000
Maximum UTM Connections                    32000       12000             8000
New Connections per Second                     1800             1500             1000


Site-to-Site VPN Tunnels                               20                   10                   5
Global VPN Clients (Bundled)                       2                   2                   0
Global VPN Clients (Maximum)                       25                   10                   5
SSL VPN NetExtender Clients (Maximum) 2(10)             1(10)             1(5)
Virtual Assist Technicians (Maximum)       (2)**             (1)**             n/a
VLAN Interfaces                                               20                   20                   10
Unique Malware Threats Blocked                        <--  9,000,000+ -->
SonicPoints Supported                                   16                   2                   1
**comes with a 30 day trial.

Price                                                           $845                   $545             $495

REF: https://www.sonicwall.com/us/en/products/TZ_Series.html#tab=comparea

For the money I really think its a decision between the TZ 205 & the TZ 215. The TZ 105 is more for a non-server, remote office type of situation. It works great but if you need Gigabyte networking etc...it doesn't have it.

Also, keep in mind that the time it takes to learn new type of firewall technology will far outweigh the cost saving if your looking at just price.

Let me know if you have any questions!
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

LVL 13

Expert Comment

by:Daniel Helgenberger
ID: 39510648
Plain, simple GUI, works like a charm - and costs you nothing:
pfSense is a Monowall fork with a nice web GUI. It can compete with all the products mentioned above and can do even more. If you have no experience (and maybe therefore no preference) it may be the best system for you. No annoying/wired soft-blocked capabilities, so special extra licenses. You need to upgrade? Get better hardware of your preference, import the config, done.
One of the few things I know which almost always work with no issues right from the start.

If you have only a small office, use an embedded system with an ALIX board:
alreday pre-installed. Draws about 10W only and capable of routing about 30-50 Mbit WAN links.

Or, use any old computer you have lying around, esp. if you need to route several hundred Mbit. If you need commercial support, you have this starting from $300 a year; they are really good; but I had never any problem. I have deployed pfSense in several facilities now, replacing old Ciscos, Watchguard and Untangles.
LVL 12

Accepted Solution

Henk van Achterberg earned 500 total points
ID: 39511434
If you trust Gartner they say Palo Alto are the leaders. I agree that if you start with firewalls Palo Alto is a VERY good and understandable firewall.


I usethe Cisco ASA series myself. They are complex but comprehensive.
LVL 30

Expert Comment

by:Blue Street Tech
ID: 39585899
Thanks for the points...glad I could be of assistance!

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question