<div>
Checkout the PaloAlto range. They are pretty good.
</div>


<div>
I agree with the above expert, PA makes a good product. Currently we have an ASA in place, but are going to a Meraki. While I'm still kind of up in the air about the Meraki, the vendor we use to help us select these things seems to believe that it will do what we need it to do from a number of different perspectives.
</div>


<div>
Hi Alan,<br />
<br />
You should be forecasting in a 3-5 year window, which aligns with the ideal refresh rate of 3 years. That said, do you plan on upgrading to 1Gbps in the next 3 years? How many users do you have? Is your core infrastructure in the cloud?<br />
<br />
We have most of our client's infrastructure in the cloud and they rarely max out their 100x100 dedicated connections (some have multiple connections). These are clients in 600-1000 user range.<br />
<br />
Using the Fortigate 100d as a comparison, I'd recommend SonicWALL TZ600, which has more than double the throughput (500Mbps) with fully DPI and all security services enabled. Plus it's less expensive than the Fortigate 100d. IMO nothing beats SonicWALL's active vs-dB and threat intelligence for the buck.<br />
<br />
REF: <a href="http://www.sonicwall.com/products/tz600/" rel="ugc">http://www.sonicwall.com/products/tz600/</a><br />
<br />
Let me know if you have any questions. Thanks!
</div>


<div>
Thank you all for your responses.<br />
<br />
@diverseit: I worked with Sonicwall in the past(never with TZ600) and I have a love/hate relationship with them. Some worked great, some slowed down the connection significantly. That's the only concern that I have with Sonicwall, the difference between the advertised and the actual speed when all the services are on. Any experience with that? <br />
<br />
Thanks!
</div>


<div>
I understand the love/hate especially with the older models. Yes, we have 100's of SonicWALLs that we manage in the field. In the olden days gen1-3 devices tz170, tz190,Pro series etc. they were slow natively and not that feature rich. The licensing was horrific too...everything was an add-on. Then they released NGFW in gen4 (TZ200, TZ 210, NSA 220, etc.), which improved the product line substantially because the SonicOS enhanced version was included in every version and the licensing model changed dramatically. With the release of gen5 (TZ205, TZ 215, NSA 3600, etc.), they changed the game in a major positive way. At that time they had everyone beat in terms of security, features and throughput matched with cost. They were beating ASA's hands down in both price, security and speed. In Gen6 they have carried everything though and increased their speed by 4-5x from gen 5 devices!<br />
<br />
It is important to note how and who is performing the testing of any firewall/switch. For SonicWALL it is based on RFC 2544 (for firewall). Actual performance, obviously, may vary depending on network conditions, which services are activated and how the overall config is setup. I have seen them come in at or around their advertised speeds. But this is just from my perspective. <br />
<br />
Ultimately, try to look at the field as objectively as possible. Cisco is not what you may think it once was...the end-all be-all. Look at all the specs of each, compare price and settle with your gut. IMO, it is SonicWALL for our company and clients.<br />
<br />
Best of luck. Let me know if you have any other questions!
</div>


<div>
I appreciate the insight. The TZ600 looks very tempting. <br />
<br />
On a different note, do you think that investing in a firewall is still worth it these days with more people working from home and more services moving to the cloud?<br />
<br />
<br />
Thanks!
</div>


<div>
I don't think security is outdated by any means. I just want to make sure I'm focusing on the right solution and any insight from people with much more experience than I have is greatly appreciated. The plan is to go full speed to the cloud, with all the services ending up somewhere in a data center in the next few years. That raised the question if having an UTM at the LAN border is not actually an overkill in this day and age. People tend to work from anywhere more and more these days and with services going to the cloud, what's left to defend at the classical LAN level? We're still not there, we still have some services in the office (shares, AD authentication, printing and phone system) but I don't see why they wouldn't be migrated somewhere else in the near future. <br />
<br />
Thanks again for taking the time to give input on this matter.
</div>


<div>
My pleasure! So paint me a picture of what your environment looks like in the near future with everything offloaded onto the cloud? What does your HQ network look like? Is their an HQ where people actually physically work or is everyone at home? How many users are we talking about?<br />
<br />
Thanks!
</div>


<div>
We do have an office with 50-60 staff. Some are 8-5ers, some not so much, traveling or working from home. In the near future, my plan would be to move all services that still reside in our server room to the cloud (Rackspace, Azure, etc). I assume some staff will always be working from the office but with many people in the field, I'm looking into raising the quality/security of their service too. My question is if I should focus more on security at the device level rather than the network gateway. I'm not saying that I shouldn't have a firewall at all but I'm just trying to figure out what would be the best solution for our environment.<br />
<br />
Thanks!
</div>


<div>
I'm a bit confused because, on one hand you talked, initially, about mega bandwidth (1Gbps) and on the other you talked, more recently, about decentralization with the majority of the users working from home or traveling. In each scenario the model is vastly different.<br />
<br />
When you go to the cloud, entirely or otherwise, you depend on ISPs more so. This means if you have a central office dual WAN is default and three WANs could even be considered depending on SLAs, etc.. This also means load balancing w/fail-over and fail-back, etc would be required. Central office and cloud means a firewall-centric model where a firewall or HA (High Availability (dual Firewalls)) model would be invoked.<br />
<br />
If your office becomes decentralized, majority of workers if not all are off-site then a firewall becomes imperative at each users location, whether it be a home, hotel, etc. Obviously, your company is not going to outfit every user with a business-class or otherwise decent firewall, and thus vulnerability strikes.<br />
<br />
So in this plan do you see any servers in your headquarters or are they all clients connecting independently? Are you planning on implementing Azure AD?<br />
<br />
The device layer can be hardened only so much. Ultimately, if everyone is not centralized then their most used location will become their main gateway. The cloud is still susceptible to attacks. That means LoBs should be backed up from the cloud to either another cloud services or off of the cloud entirely.<br />
<br />
You may considered virtualized desktops/cloud computing. SSL w/tunnel all mode into the virtual space would reduce the vulnerabilities enormously in a decentralized model.<br />
<br />
Each of these decisions need to be weight with your Business needs, Burn Rate and the value of your data.<br />
<br />
Best of luck!
</div>


<div>
<div class="content wysiwyg-content">
I'm in the market for a new firewall. I'm looking for a all-in-one solution. So far the most attractive solution for price/performace is a Fortinet 100D. The vendor guarantees up to 200Mpbs speed with all the services on(webfiltering, IPS/IDS, VPNs, etc). While that sounds OK for now, I'm just worried that in the near future, I will be constricted by this limit of 200Mpbs and not be ready for the potential 1000Mbps upgrades with all the fiber installs. I know 200 is not bad but the vision of the company is to go full speed to the cloud and eventually have all the services stored somewhere in a data center. Is this a realistic concern? Anybody having any similar experience out there?<br />
<br />
Please let me know if you need any other details.<br />
<br />
<br />
Thank you!
</div>
</div>


I'm in the market for a new firewall. I'm looking for a all-in-one solution. So far the most attractive solution for price/performace is a Fortinet 100D. The vendor guarantees up to 200Mpbs speed with all the services on(webfiltering, IPS/IDS, VPNs, etc). While that sounds OK for now, I'm just worried that in the near future, I will be constricted by this limit of 200Mpbs and not be ready for the potential 1000Mbps upgrades with all the fiber installs. I know 200 is not bad but the vision of the company is to go full speed to the cloud and eventually have all the services stored somewhere in a data center. Is this a realistic concern? Anybody having any similar experience out there?

Please let me know if you need any other details.


Thank you!

New firewall or not

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Network analysis is the process of identifying and remediating the processes and systems within a network, including performance, connectivity and security. The process is performed through the use of tools developed for monitoring and analyzing network activity. Network problems that involve finding an optimal way of doing something are studied under the name combinatorial optimization. Examples include network flow, shortest path problem, transport problem, transshipment problem, location problem, matching problem, assignment problem, packing problem, routing problem, Critical Path Analysis and PERT (Program Evaluation & Review Technique).

Network Analysis

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

Routers

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Cloud services are services made available to users via the Internet from a provider's servers. Cloud services are designed to provide easy, scalable access to applications, resources and services, and are fully managed by a cloud services provider. It is a model for enabling ubiquitous, on-demand access to a shared pool of configurable computing resources. Frequently offered cloud services are infrastructure-as-a-service (IaaS), desktops-as-a-service (DaaS), software-as-a-service (SaaS) and platform-as-a-service (PaaS). Examples of cloud services include online data storage and backup solutions, Web-based e-mail services, hosted office suites and document collaboration services, database processing, managed technical support services and more.

Cloud Services

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.