Firewall Recommendation

Looking to get a new firewall for a 12 user office. Considering Barracuda for the web filter appliance and wondering if I should choose Barracuda for the firewall also?

I have never used a Barracuda firewall as sonicwall is my only limited experience and I am trying to decide between a Barracuda, Sonicwall or Cisco Firewall.

I have zero Cisco firewall experience. I do like the GUI advantage of any model and do not like CLI or similar.

The one thing I do not like about sonicwall is support calls are Given to Forgein language engineers and the language barrier makes solving problems more difficult for me.

I know Barracuda has US support and I think Cisco does also for the most part.

The office currently uses Cisco small buisness series Switches and we plan a VOIP deployment soon but brand has not been decided yet.

Office has a single WAN connection of Comcast buisness class at the moment but we would wand DSL as a second WAN / Failover / Backup in the near future.

We would want IP Sec and SSL VPN Capacity primarily for remote management and the occasional doctor connetion from home after hours for patient emergencies.

Thoughts or Opinions?
ATL74Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Giovanni HewardCommented:
A Cisco ASA 5505 firewall will meet your requirements.  The GUI interface is  ASDM. With proper licensing, it supports IP Sec, SSL VPN, and Failover/Standby capability.
0
TeeshirtCommented:
Try this.. http://www.gateprotect.com/

Best value!
0
Blue Street TechLast KnightCommented:
Hi ATL74,

If your skills are good with SonicWALL; get certified and you'll get North American L2 & L3 support with less than 5-10 minute first-call responses. It's awesome!

You need a Next Gen firewall regardless and I'd recommend SonicWALL TZ series. TZ series is one of the best in the market. Most of the competitors are doing DPI (Deep Packet Inspection), which is essential but SonicWALL goes beyond that by integrating a multi-core design to provide Reassembly-Free Deep Packet Inspection (RFDPI), which is a technology that examines traffic simultaneously across all ports without introducing latency to the network. As a result, organizations are not required to make a choice between advanced DPI security and network performance. With SonicWALL you get both!

With as many as 24 cores to handle network load evenly & protect against extreme performance degradation often present in other technologies when exposed to heavy traffic conditions & malicious content you can improve security and performance significantly.

Here are some comparisons to make your decision even easier:
Barracuda vs. SonicWALL:
http://www.sonicwall.com/downloads/SESvsBarracuda_50.pdf --Older article but SonicWALL has only improved immensely, while Barracuda has remained on the same trend.
Cisco vs. SonicWALL:
https://www.sonicwall.com/us/en/competitive_campaign.html --doesn't hold a match to SonicWALL both in security, features & price

I'd definitely recommend purchasing CGSS with any SonicWALL: https://www.sonicwall.com/us/en/products/Network_Security_Comprehensive_Gateway_Security_Suite.html#tab=overview. And you're eligible for the Secure Upgrade Plus promotion, which gives you 50% CGSS licensing. Look under the Competitive Appliance Replacements section here: https://www.sonicwall.com/us/en/4074.html

The answers to these questions will help you determine which SonicWALL TZ to get:
How many site-to-site VPN connections are needed?
How many GVC VPN connections are needed?
How many SSL-VPN connections are needed?
Are you going to get WiFi built-in?
How is the office space in terms of WiFi...are you going to need WiFi Extenders?
Do you see a use for Dual Band radio?

Based on your answers and the user size (12), you'd be looking at TZ 105, TZ 205 or TZ 215.
All of them come with wired or wireless options.

All of the features are pretty much the same with the exception of the ones noted below. Here are a list of differentiators between the models.
                                                             TZ 215             TZ 205             TZ 105

General

Interfaces                                      7 GbE, 2 USB*       5 GbE, 1 USB*       5 FE, 1 USB*
RAM                                                          512MB       256MB                   256MB
*comes with 1 Console Interface

Performance

Stateful Throughput3                             500 Mbps             500 Mbps       200 Mbps
UTM Performance4                               60 Mbps             40 Mbps             25 Mbps
Gateway Anti-Virus Throughput4       70 Mbps             60 Mbps             40 Mbps
Intrusion Prevention Throughput4   110 Mbps       80 Mbps            60 Mbps
3DES/AES VPN Throughput5             130 Mbps             100 Mbps       75 Mbps
Maximum Connections6                            48000       12000             8000
Maximum UTM Connections                    32000       12000             8000
New Connections per Second                     1800             1500             1000

VPN

Site-to-Site VPN Tunnels                               20                   10                   5
Global VPN Clients (Bundled)                       2                   2                   0
Global VPN Clients (Maximum)                       25                   10                   5
SSL VPN NetExtender Clients (Maximum) 2(10)             1(10)             1(5)
Virtual Assist Technicians (Maximum)       (2)**             (1)**             n/a
VLAN Interfaces                                               20                   20                   10
Unique Malware Threats Blocked                        <--  9,000,000+ -->
SonicPoints Supported                                   16                   2                   1
**comes with a 30 day trial.

Price                                                           $845                   $545             $495

REF: https://www.sonicwall.com/us/en/products/TZ_Series.html#tab=comparea

For the money I really think its a decision between the TZ 205 & the TZ 215. The TZ 105 is more for a non-server, remote office type of situation. It works great but if you need Gigabyte networking etc...it doesn't have it.

Also, keep in mind that the time it takes to learn new type of firewall technology will far outweigh the cost saving if your looking at just price.

Let me know if you have any questions!
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Daniel HelgenbergerCommented:
Plain, simple GUI, works like a charm - and costs you nothing:
http://pfsense.org/
pfSense is a Monowall fork with a nice web GUI. It can compete with all the products mentioned above and can do even more. If you have no experience (and maybe therefore no preference) it may be the best system for you. No annoying/wired soft-blocked capabilities, so special extra licenses. You need to upgrade? Get better hardware of your preference, import the config, done.
One of the few things I know which almost always work with no issues right from the start.

If you have only a small office, use an embedded system with an ALIX board:
http://varia-store.com/Systems-with-Software/pfSense:::223_271.html
alreday pre-installed. Draws about 10W only and capable of routing about 30-50 Mbit WAN links.

Or, use any old computer you have lying around, esp. if you need to route several hundred Mbit. If you need commercial support, you have this starting from $300 a year; they are really good; but I had never any problem. I have deployed pfSense in several facilities now, replacing old Ciscos, Watchguard and Untangles.
0
Henk van AchterbergSr. Technical ConsultantCommented:
If you trust Gartner they say Palo Alto are the leaders. I agree that if you start with firewalls Palo Alto is a VERY good and understandable firewall.

http://connect.paloaltonetworks.com/gartner-mq-2013

I usethe Cisco ASA series myself. They are complex but comprehensive.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Thanks for the points...glad I could be of assistance!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.