Need a new Firewall for a SBS2011 domain

Hey Experts!

I DID spend several hours searching and reading old questions and guides, but I didn't find anything that really answered my questions, so here goes:

Network:
Servers: SBS2011 (DHCP & DNS), Win 2008R2 for storage and endpoint, Win SBE2008R2 for workstation backup
Workstations: 30 clients (Win7/8/OSX)
Firewall appliance (current ipCop 2.1.8...failing!)
Email spam/av scanning through Messagelabs cloud (already done before it is relayed to our exchange server)
EDIT: I should add, for RWW we use sharepoint and LOTS of the RDP features.

I am looking at replacing the firewall. I think we are currently using very few features of IpCop. We run external DNS through OpenDNS, we forward port 443 to the SBS2011 box for remote access. We used to use OpenVPN, Copfilter, and Dan's Guardian, but  we aren't using any of those features anymore. More recently, we ran a proxy on the internal interface to cache downloads, but even that is disabled.

I just swapped in a "new" hardware box with ipcop, but I'm getting lots of random errors. I'm beginning to think that ipCop is a dying open-source project. A friend recommended I switch to pfsense, but as I start looking at the products out there, I'm wondering if spending up to a few hundred $$ might be worth it (save rack space & energy costs plus time to configure and manage) to invest in basic appliance such as a Sonicwall TZ215/225.

What do I really need? Should I but a Intel NUC, install ipcop/pfsense/ipfire? should I buy one of the more basic Sonicwall/Panda/Barracuda devices? If I do buy one without the VPN licenses, does that mean I can't continue to use the RWW/OWA features of SBS2011?

I'm probably not giving enough information for this, please ask and I'll provide any additional info needed to give me some good advice.

Thanks!
Josiah RockeNetwork & CommunicationsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

James HIT DirectorCommented:
Pfsense is a nice product, however the setup and support are questionable. It takes time to configure and truly get that system operational. Now, conversely putting in a F/W like Sonicwall is easier and much friendlier. You will need some networking knowledge and understanding on how to allow traffic to pass through, especially for RWW, Exchange and SharePoint. The good things is there are plenty of documents you can refer to and ensure you setup this up properly. I personally feel that it's worth the investment and peace of mind versus trying something open source.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Josiah RockeNetwork & CommunicationsAuthor Commented:
Well, I did all the setup with ipcop (red/green interfaces, opening ports, etc) so I'm sure I could manage. I guess I'm just wondering, since we utilize so little, if an out-of-box experience would be a better fit for us, and even improve our security with the features included in UTM products. I just want to be sure that things I take for granted with ipCop (ability to use RWW/OWA, basic whitelist/blacklist) won't be a surprise: "Oh, that costs EXTRA$$$"
0
Josiah RockeNetwork & CommunicationsAuthor Commented:
Also, I mention Sonciwall, but I know there are a number of other products. If you have recommendations, I'd be happy hear them!
0
Cris HannaSr IT Support EngineerCommented:
Myself and many of the Microsoft MVPs who are recognized for their SBS Expertise have chosen the Calyptix Access as our UTM device of choice for our customers.  Unlike many UTM devices, with the AE, you pay one price and you get full access for all users to all features.  Great support.   www.calyptix.com
0
Josiah RockeNetwork & CommunicationsAuthor Commented:
Thanks. I'll check out both of these options. Sounds like buying an appliance will be a better option than trying to rely on my own hardware and freeware.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.