Please recommend a Firewall+VPN appliance

It should satisfy the following conditions:
1. Capable of 75Mbs bandwidth
2. Up to 25 users
3. Its VPN client must flawlessly work on all client machines including Linux and all modern Windows versions.
4. Costs less that $500

Currently we use a Sonicwall TZ170, its maximum bandwidth is just 25Mbs
LVL 21
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Cisco RV345 VPN router (900 mbits/sec internal throughput) and is under $500.

Juniper SSG or comparable is better but over $500. We use these at our clients and they will fulfil you need. The Cisco might, the Juniper will.
zc2Author Commented:
Thank you. Does the Cisco one have an installable Linux VPN client software or the user will have to mess with IPsec ?
JohnBusiness Consultant (Owner)Commented:
I use the firmware on both Cisco RV and Juniper as supplied. They are not traditionally programmable machines and have GUI interfaces to set up IPsec tunnels. Cisco is easy, Juniper is more structured and picky.
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

Blue Street TechLast KnightCommented:
HI zc2,

Your TZ170 is way past EOL (End of Life) and 3 generations of security appliances have pasted since then. They have come a long way are more than robust; now their lowest end model (which I would not recommend for your environment) has a throughput of 300 Mbps and 50 Mbps with Full DPI measures (all security services running). They have cutting edge security with SSL-DPI and CAPTURE, which allows the security appliance to inspect encrypted traffic, sandboxes (in real-time) threats and is able to stop Ransomware, Zero-day and unknowns at the gateway. The SSL-VPN support Windows, Android, iOS, OS X, and Linux Distributions.

If you are serious about security (and everyone needs to be in this day and age) two things need to change: a) you need to replace your firewall every 3-4 years and b) you need to increase your budget.

For your environment I'd recommend a TZ300, which you can get for $484, but I advise you to get at minimum CGSS (Comprehensive Gateway Security Suite), which totals $724. and if you wanted the latest protection get AGSS (Advanced Gateway Security Suite) instead of CGSS and your total would be $911.00. The TZ300 can do 750 Mbps / 100 Mbps with Full DPI services. Depending on your more detailed requirements you could get a TZ400 as well but again your budget for a 25 user environment needs to be more realistic especially in the threat landscape of today. See more here:

Let me know if you have any other questions!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
zc2Author Commented:
Sorry, I think you did not understand my question. I meant, if the VPN feature is fully configured on the appliance, and the client with windows machines are able to connect to it, how difficult to setup the proper VPN connection on a Linux machine?
JohnBusiness Consultant (Owner)Commented:
I just use the interface on the machines I have - simpler in the long run.
zc2Author Commented:
Blue Street Tech,
Thank you for the detailed answer. The tough security is not a highest priority. But I need to be sure that the users with Linux boxes at their homes could easily connect to the device.
Blue Street TechLast KnightCommented:
It is pretty straightforward and automated. The Virtual Office portal now provides seamless NetExtender installation, connection, and upgrading of Mac and Linux NetExtender clients. A NetExtender RPM package is available for installation on Linux. Just instruct your user base to browse to your public IP/4433 and the client will download and configure once they have put in their credentials.

If you wanted to perform this manually you can by following these steps:

NOTE: Super user rights are required to install this software on a Linux OS.

To obtain a Netextender file for your Linux OS:
1. Connect to your account at
2. Click on Download on the left pane, select the Free Downloads
3. Select the NetExtender on Software Type Drop down.
4. Click on the NetExtender client link to download the latest version ( Choose the right package RPM 64/32 bit or TGZ 32bit/64bit )
Note: You can access previous versions by clicking on the “Additional Software Versions” link
5. Save the new NetExtender client file to a directory on your management computer.

You're done!

My previous question about being serious about security was a little rhetorical; we are far beyond the days when security was optional (and some would rightly argue it never was an option); strong security is a necessity. :)
Building on Blue's answer, there is a Linux client for NetExtender still.
Scott CSenior EngineerCommented:
Going to second the suggestion for SonicWall TZ300.  It's what we use as a standard for our clients and I'm getting ready to put one in at my church.
zc2Author Commented:
Thank you all, TZ300 looks good. That's funny, but I cannot find where can I buy it....
Scott CSenior EngineerCommented:
Here you go.  The price is a bit higher than $484 though, but not by much.

Be sure to purchase from a reputable vendor and avoid "grey market" items.  If they are grey market, you cannot register them and they are not eligible for upgrades.
zc2Author Commented:
Thank you very much! I have ordered a TZ300 at DELL. It is frustrating though, they need more than a month to fulfill the order. :(  I should search somewhere else before I buy, but it is too late now.
Thanks again and have a happy thanksgiving!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.