Need good all in one hardware firewall alternative too Sonicwall TotalSecure 25 Tz.

[Locut0s]

So I have a customer who is purchasing 6 systems and a small file server from me and he wants to also get an all in one hardware firewall solution. The systems are going to be set up in a small pharmacy so they will have patient data on them, hence the need for security. He basically faxed me what he wanted for the systems and firewall. The one he chose was the Sonicwall TotalSecure 25 Tz 180. But we can't get that. I made a few changes to the system configurations as I'm familiar with this aspect. But when it comes to small business hardware firewalls I basically know nothing. I have someone else here helping me to look for an alternative but I thought I'd ask here too. Any ideas? He said it needs to be able to do VPN and wants it to be as hands off as possible.

 

[Sauro]

If cisco's your thing the 5505 ASA is pretty cheap. Comes with 2 SSL VPN peer licenses.

http://www.newegg.com/Product/Produc...82E16833120135

 

[theevilsharpie]

The SonicWALL TZ 180 25-node was discontinued and replaced with a SonicWALL TZ 210. If the customer specifically wants a SonicWALL appliance, this would be the closest alternative.

However, I'm not a big fan of SonicWALL appliances, so I'll throw out the recommendation for a Fortinet FortiGate-60C.

Both the SonicWALL and the FortiGate will have UTM capabilities beyond what a simple packet filter can do. The FortiGate also has data leak protection functionality that can scan for certain keywords that may indicate confidential information and prevent it from going out. I'm sure the SonicWALL has something similar.

If cisco's your thing the 5505 ASA is pretty cheap. Comes with 2 SSL VPN peer licenses.

http://www.newegg.com/Product/Produc...82E16833120135

The ASA 5505 was outdated when it was released 5 years ago. It's completely uncompetitive with modern UTM appliances, and it's a pain in the ass to use.

Oh, and a whole 2 SSL licenses? How quaint :awe:

 

[Locut0s]

The SonicWALL TZ 180 25-node was discontinued and replaced with a SonicWALL TZ 210. If the customer specifically wants a SonicWALL appliance, this would be the closest alternative.

However, I'm not a big fan of SonicWALL appliances, so I'll throw out the recommendation for a Fortinet FortiGate-60C.

Both the SonicWALL and the FortiGate will have UTM capabilities beyond what a simple packet filter can do. The FortiGate also has data leak protection functionality that can scan for certain keywords that may indicate confidential information and prevent it from going out. I'm sure the SonicWALL has something similar.



The ASA 5505 was outdated when it was released 5 years ago. It's completely uncompetitive with modern UTM appliances, and it's a pain in the ass to use.

Oh, and a whole 2 SSL licenses? How quaint :awe:

Well the guy I'm working with here who does corperate sales recommended I recomend the Sonic Wall TZ 200 which we carry with a 3yr subscription to their comprehensive security package. However it's $800 or so, will have to see if he goes for it or not.

 

[Jamsan]

I personally love Juniper's line of firewalls (SSG and SRX series). The SSG series has AV/Anti-Spam/Deep Inspection/Web Filtering licensing available as well for UTM. It gets a little costly with all the UTM options enabled (need high memory, so the device shoots up to about $600, and then the subscription which is $300-400). It also does traditional IPSec VPN for remote connections.

 

[drebo]

Juniper SRX100.

ASA5505s are needlessly limited in a lot of ways that can hurt you in the future. SonicWalls are shit. Watchguards are shit.

Definitely go with an SRX100. If you need content filtering or UTM, you need the SRX100H model, and then the licensing is like $100/yr.

 

[Genx87]

Juniper makes really nice devices. I use Sonicwall every day. Using a 3500 right now and a 4060 before that. I personally dont have an issue with them. Some people do. We also have TZ 170s in branch offices.

For an office enviornment. 700-1000 is going to be the norm for the cost. These devices are more robust than your 79.99 linksys.

 

[RadiclDreamer]

Juniper SRX100.

ASA5505s are needlessly limited in a lot of ways that can hurt you in the future. SonicWalls are shit. Watchguards are shit.

Definitely go with an SRX100. If you need content filtering or UTM, you need the SRX100H model, and then the licensing is like $100/yr.

I love the Juniper as well, but in what ways are you finding the ASA5505 limited?

 

[drebo]

I love the Juniper as well, but in what ways are you finding the ASA5505 limited?

Lack of ICMP redirect is a tough nugget to crack. It's certainly possible (typically will use either a layer 3 switch or another router), but it's annoying.

Biggest one, though, is the lack of GRE tunnels.

Cisco's argument is that the ASA is a firewall, not a router, but those two items (which I've frequently needed in smaller networks that can't be structured in a traditional three-tier or collapsed-core topology) have caused me to switch over to Juniper for small business firewalls. I still use Cisco routers for most other stuff and use Cisco switches, but Juniper's SRX firewalls are great for small business. The SRX210 also supports WAN modules, which is awesome.

Also, Juniper's SRX100B is several hundred dollars cheaper than an unlimited user ASA5505, on top of being faster and more feature-rich.

 

[RadiclDreamer]

Lack of ICMP redirect is a tough nugget to crack. It's certainly possible (typically will use either a layer 3 switch or another router), but it's annoying.

Biggest one, though, is the lack of GRE tunnels.

Cisco's argument is that the ASA is a firewall, not a router, but those two items (which I've frequently needed in smaller networks that can't be structured in a traditional three-tier or collapsed-core topology) have caused me to switch over to Juniper for small business firewalls. I still use Cisco routers for most other stuff and use Cisco switches, but Juniper's SRX firewalls are great for small business. The SRX210 also supports WAN modules, which is awesome.

Also, Juniper's SRX100B is several hundred dollars cheaper than an unlimited user ASA5505, on top of being faster and more feature-rich.

How much are you paying for a 5505 unlimited? I get them for just under $600

 

[drebo]

Ok, so maybe "several hundred" was an exaggeration. I get the ASA5505-UL-BUN-K9 for $540 and the SRX100B for $510, but it's still a cheaper, faster, more feature-rich unit.

 

[nintendo1889]

What do y'all think about building a firewall on linux, for example untangle?

 

[Specop 007]

Another vote for Junipers. I dont really care for Sonicwalls.

 

[theevilsharpie]

What do y'all think about building a firewall on linux, for example untangle?

Untangle is quite expensive compared to SonicWALL and Fortinet.