Cisco or anyone else for firewalls

So I throwing this out there looking for advice. I have a Cisco Router 2921 with the Advanced Security License as well as all cisco switches. We have a few vLans and a good CIDER block of IP's. But it seem to me there are no reporting tools or at least anything that won't cost you an arm or leg. We are a mid sized business with 70 employees and trying to find any kind of GUI reporting stuff for traffic shaping, Access Rules, application monitoring etc... this stuff is really expensive and for companies with multiple sites and lots of equipment. So do we make the switch to pfsense, watchguard, sonicwall or barracuda? They seem to be the whole package and does everything cisco does but with the tools built in. Any input or discussion out there?
LVL 1
Scott_Smith24Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Natty GregIn Theory (IT)Commented:
Go with pfsense you can buy their pre-configured box to your needs and their ongoing support. Far cheaper than cisco,

P.S I do not work for any vendor company, my recommendation only comes from reviewing many UTMs
carlmdCommented:
I recommend Sonicwall. They have new reporting software that is easy to use and should give you the entire picture you are looking for. Sonicwall's are relatively easy to manage, with a browser based interface for most everything. From the 70 employees you mention, I suggest you look at NSA3600 or higher, depending upon what you are doing.
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
A sonicwall is still not as flexible as a Cisco, you honestly get what you pay for in this world.

You can get most if what you want if you roll your own Linux box and integrate a number of different freeware software.

The sonicwall, barracuda, etc reporting is also fairly underwhelming.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Scott_Smith24Author Commented:
So what freeware software? I've looked. I mean MRTG is ok but really doesn't give you everything. I like cisco but again looking for decent reporting software to go with it that isn't really expensive.
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
What is the main thing you are trying to report on?  Do you want individual TCP connections ("flows") or just generic bandwidth usage?

Honestly, what a Sonicwall actually gives you in terms of reporting is not a whole lot.  From my memory, the Sonicwall doesn't give you "traffic shaping/QoS" reports.  Watchguard and Barracuda I cannot comment on, but I don't imagine they are much different.

What you seem to want, is a NetFlow/sFlow application and you really won't get that built in with anything.  What is the business need for Netflow?  What is the business need beyond "curiousity"?  Honestly, if you are planning on tossing out a 2921 in favour of another router just to get a dumbed down sFlow report, you are making a mistake, you would be better off spending that money in buying a Netflow Analyzer.

With a Watchguard XTM 505 (probably only about half of what you actually need, but just as an example), you are already at $1800, you are basically at ManageEngine's Netflow Analyzer Price ($2000) for 25 interfaces (Vlans).  Netflow Analyzer will give you the metrics you need with your existing router.  With a NSA 3600 as the previous fellow suggested, you are at about $7k, which could buy the 75 interface version of the Analyzer.

There are others, such as PRTG which I am going to be testing out in our own location in the coming week.  It is free for 30 interfaces I believe.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Scott_Smith24Author Commented:
I am looking at doing traffic shaping and QOS. We also use our router for VPN and would like to monitor that as well. I would also like to blocking at the application level for such things like spotify and pandora. I would also like to be able to monitor my uses bandwidth and see if possible what applications and being bandwidth hogs. I know watchguard will do that and your right Id be out about 4k up front.

Im testing LiveAction right now. It's nice but I think they want 10k. Tried PRTG I didn't but had a hard time with the config and getting everything I wanted out of it.

Ill check out netflow analyzer.
Thanks
Daniel SheppardSenior Network Analyst - Core & PerimeterCommented:
The cisco can do Traffic Shaping, QoS, VPN.  It can block applications with NBAR and a good Zone-Based Firewall.  You may need IPS for the signatures to block some of the more P2P protocols, however if it uses a static port, it can be blocked with relative ease.

Don't kid yourself, Sonicwall and Watchguard will require the same amount of configuration as a Cisco, however the Watchguard and Sonicwall may not be as flexible as the Cisco in some respects.  You are constrained to a GUI with the SonicOS, not sure about the Watchguard but last I checked the main config was in a GUI.

Try out ManageEngine, I have never heard of LiveAction.  The interface looks interesting and I will leave it at that.  ;)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.