Solved

I am looking for a router/firewall software or appliance with these specs

Posted on 2014-10-20
10
1,158 Views
Last Modified: 2014-10-22
Hello,

I have been researching possible software or appliances to replace my existing router - Linksys RVS4000 v1 in my home lab.  But what I am finding so far is questionable on meeting my needs or is just downright too expensive.

My desired features are for it to include antivirus, anti-malware, anti-spyware, firewall, vlans, and proxy.  I do not want it to be a cloud security solution as it slows things down too much.  The RVS4000 had that feature with ProtectLink and it was quickly made useless to me and has also been discontinued by Cisco.

This setup can be a software to use on existing hardware, or a pre-built appliance.  If it is an appliance, I would like for it to have a gigabit lan/wan so as to be more future proof and also be rackmountable and quiet.  If possible, I would like it to be able to do WiFi access point, but that is the least important of the features as I can just get a WAP separately.

I have evaluated pfSense as far as software, but came up short with issues.  Their forum is too saturated to get solid help.  Their antivirus and proxy plugins do not work for me.  I have also looked at ClearOS, but have yet to try it, but not sure if it is worth trying or if there is something better.

I would like for this to be as inexpensive as possible.  Any help would be appreciated.
0
Comment
Question by:bigeven2002
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 20

Assisted Solution

by:carlmd
carlmd earned 144 total points
Comment Utility
Take a look at a Sonicwall TZ105. Inexpensive and does what you want.

http://www.sonicwall.com/us/en/products/TZ-105.html
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 72 total points
Comment Utility
For any commercial appliance, the antivirus will need a subscription - which will be a yearly cost.
Also, I am not sure what purpose the proxy will have for you...

I would consider Juniper SRX100 and FortiGate-30, which both can be found for a couple of hundred bucks.
If you already have server, with enough capacity to run virtual firewalls, then consider Juniper FireFly and FortiGate-VM, which is essentially the software version of the appliances I first mentioned.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 142 total points
Comment Utility
Understand you have looked into pfSense and probably this comparison may interest you to assess other candidates( Zeroshell, IPFire, etc), esp when you see already some limit of the pfSense ..
http://en.wikipedia.org/wiki/Comparison_of_firewalls
http://www.mondaiji.com/blog/other/it/10175-the-hunt-for-the-ultimate-free-open-source-firewall-distro

But you may find Sophos UTM as potential
http://www.sophos.com/en-us/products/unified-threat-management/tech-specs.aspx#small

For ClearOS, pls kindly my posting in other EE forum and to further this CLearOS is flexible and scalable as it is apps driven as you can see in its marketplace (http://www.clearcenter.com/marketplace/) - the netwrosk, gteway and server is likely something you are looking at for the baseline capabilities
http://www.experts-exchange.com/Hardware/Networking_Hardware/Firewalls/Q_28435010.html
... have not hear CLearbox but looking at its history, it spins of from concept in  campus of Carnegie Mellon University and under Point Clark Networks (acquired by ClearCenter). It is a Linux box internally and sort of a open source network and gateway solution. ClearOS requires dedicated hardware to run on (unless you are installing on a hypervisor) though they also sell an all-in-one for you. Kind of let me think it is like squid or zeroshell genre.They still hold on to Community version together with their Professional (commercial) version - http://www.clearcenter.com/Software/clearos-comparison.html
0
 
LVL 17

Author Comment

by:bigeven2002
Comment Utility
Thanks everyone for the replies.  I will study these this evening and report back shortly after.
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 142 total points
Comment Utility
another vote for sonicwall, but it's the GAV license that will set you back the most. You can get a bare tz215 for around $500. After adding wifi and 1 year total secure (better pricing than the seperate gav license) it's $830
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 17

Author Comment

by:bigeven2002
Comment Utility
Ok so I have had some time to review.

@carlmd and Aaron, I like the SonicWall product and it looks like the TZ205 or TZ215 would be a good fit.  The TZ105 doesn't have Gigabit.  The $830 prices for everything is a bit steep though.  For the Total Secure subscription, I wanted to make sure I was understanding, the security (GAV, IPS, yada yada) are on box and not cloud based correct?

@btan, thanks for the links to free firewalls.  I came across Zentyal which I am interested in trying out.  As for Sophos, the SG 105 looks attractive, but that product line is not available until December, but I have no problem waiting.

@pergr, I checked out Juniper and Fortinet.  I liked both.  One concern with the Fortinet30 was the Antivirus throughput of 40 mbps.  I will be eventually looking at upgrading my Internet to a 70 Mbps in the near future so that throughput looks like it would reduce performance.  I couldn't find throughput info for Juniper SRX in this regard.
0
 
LVL 20

Accepted Solution

by:
carlmd earned 144 total points
Comment Utility
You can get a TZ205 Total Secure (all subscriptions plus hardware replacement) for one year for about $665, and the wireless TZ205 with the same for about $740. Take a look at www.sonicguard.com.
0
 
LVL 61

Assisted Solution

by:btan
btan earned 142 total points
Comment Utility
Zentyal looks like an everything appliance (see its technical feature list)  as it is also primed as Windows replacement for SMB, but somehow having all that features (file server, dhcp, voip, outlook, etc)  running just for the FW can also be double-edged - meaning more holes possible to probe, patch and bypass utilised flawed module like openssl, bind etc. there are some review done vs pfsense which it recommend Zentyal for if you are all in an all around solution and wanted a Windows Small business server replacement. And now taking off also as as “an Open Source drop-in replacement for MS Exchange/Active Directory” but for dedicated FW, the other alternatives shared (so far) fared a better choice. This is indeed a AIO solution which can satisfied your needs (probably not the wireless ids/controller aspect).
0
 
LVL 38

Assisted Solution

by:Aaron Tomosky
Aaron Tomosky earned 142 total points
Comment Utility
The tz215 is listed at 60mbps full dpi throughout which is kind of a lie. first off that's adding both directions together so really it's only 30mbps, and even then that's in "performance mode" which doesn't look for low priority threats. In default mode with full GAV I wouldn't give it over a 20mbit connection.

And yes the gav scanning happens on the device, that's why there is such a performance hit.
0
 
LVL 17

Author Comment

by:bigeven2002
Comment Utility
Noted on the GAV throughput possible limitation to 20 mbps and good to know of the sonicguard site.  Also, good point on Zentyal having a slew of liable features that will go unused.  At this point, I think I have some very good options for when I proceed.  I'll wait for the Sophos SG line to become available before finalizing my decision.  For now, many thanks for the responses.  I will now close the question.  Points will be distributed as evenly as possible.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now