Unified Threat Management or NExt Generation Firewall appliance

I currently have at home a UTM5 Netgear UTM device\appliance

Netgear is moving away from this, and renewing my subscription for another year seems silly considering other options.

I need an all inclusive device that does web filter, anti-virus, malware, IPS, content filtering, firewall, VPN, etc.

I need the throughput with everything enabled to be over 200MB at least
I need to have at least 4+5 1GB ports.... I should have ability to do DHCP server, DNS lookup, and etc like most firewalls.
I need to be able to do application control or exclusions... example apps like Netflix, hulu, etc shouldn't be scanned.

And the biggest thing is price.... I know all the big hitters and by the time you add the device and license, it can be quite pricey...

So I am looking for a good, intuitive device from a reputable company that meets the requirements with SPEED... at a low cost.

Total firewall throughput is different when all is enabled, total fiorewall throughput should be around 1.5-2GB
LVL 5
IndyrbAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kevinhsiehCommented:
You need that kind of throughput for home?

Look at the Sophos UTM that is free for home use. Formerly known as Astaro. Load on your own hardware.
https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx
btanExec ConsultantCommented:
Looks like has to based on the most restrictive req"total fiorewall throughput should be around 1.5-2GB " to make the option fruitful, some option below.

Fortigate FG-300D FG-500D FG-800C
http://www.fortinet.com/sites/default/files/productdatasheets/Fortinet_Product_Matrix.pdf

Palo Alto PA3020 PA3050 or Sonicwall NSA5600
http://www.supersoniccomparison.co.uk/palo-alto

Also to differentiate UTM or NGFW (they may preach L7 visbility it is good too), I will say they are just marketing "term/category". It is the total goal you need (not want) that counts for security effectiveness. It cannot be single pt of failure if all turned on from consumer standpt. And being "advanced" appliance and "multi-facet" capable are no veriable proof of the defences provisioning.

Long term ease of operational maintenance matters and it is big time if your ground folks cannot make sense easily when things happened (poor support) and searching high low to find out outages (no trails or health metric). These adds up as essential and are key buying influences. SOHO type of appliance is out for your choosing and consider to have SFP (1/10) port instead solely on RJ45 only - upgrade will not be straightforward.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aaron TomoskyDirector of Solutions ConsultingCommented:
I second sonicwall, but let's revisit your throughput needs. Are you talking about the lan switched side? What is the speed of your internet connection. I can't imagine netgear makes anything more powerful than a tz300.
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

btanExec ConsultantCommented:
yap I am suspecting as well, even to turn on everything in the appliance may not be advisable - only the essential like content and AV filter, and likely the appl/network control, other with IPS or WAF equv etc ideally can be in other box smaller. there tend to be the two FW to create that DMZ too but most rely on one ... that is single pt of failure. Also need to take into account the failover aspects. Regardless, the whole thing req monitoring of alert and proper escalation for timely incident response
IndyrbAuthor Commented:
MY ISP is 105MB... so I guess anything above that would be ideal, but it seemed like sonic wall was expensive..
And uncertain what all license I needed.

I also want a model that allows for the upgrade of ISP speed.

Currently with the appliance I have with allo AV, Ant-Malware, SPAM, web content filtering, HTTP/HTTPS
along with app control it only has throughput of 20MB.. which sucks.. So I need all throughtput with all scanning to be over 100-200MB...
IndyrbAuthor Commented:
also can you flash over the netgear UTM5 firmware with another free opensource UTM firmware.
Does any exist? would this elimate the need to buy a new appliance?
btanExec ConsultantCommented:
Specific Model wise best to engage the pre-sales as they know best to custom fit to your use case of the scalability and module feasibility.

I see it more important to pick the principle provider since most capability is already not an issue for them - to start off right for the UTM selection.

- I will avoid open source if you do not have a core dedicated team facilitate and always on the hand-on for open source product running in your premise already. I suggest not to DIY and flash firmware since you have no maintenance guarantee unless you going to maintain on behalf ...
- Palo Alto, Sonicwall and Fortigate for consideration and comparison.
Aaron TomoskyDirector of Solutions ConsultingCommented:
Your ISP is probably 105mb, bits, not MB bytes.
Aaron TomoskyDirector of Solutions ConsultingCommented:
If that is correct, and you don't need content filtering or GAV, then the tz300 should work but feel free to step up to the tz400. Personally I like to use 3rd party AP with sonicwall so get whatever.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.