Suggestions for a firewall appliance or server, <50 users

Toggle sidebar Toggle sidebar
skyking

skyking

Lifer
Nov 21, 2001
22,014
4,782
146
I am looking for something to protect a smallish business, possibly also filter out the non-productive traffic.

I have built linux firewall boxes before, two nic machines etc. It's been a while and the downside of a roll-your-own is all about support options, IMO.
Open to any suggestions that are not hugely expensive.
 
skyking

skyking

Lifer
Nov 21, 2001
22,014
4,782
146
they have web email, so the spam features are not as important as anti virus and web exploits.
It's about a 50/50 mix of wired and wireless network running on Ruckus gear that works well but is EOL. There's a controller and 5 or 6 AP's over a large area. Lots of BYOD on the guest network.
I looked again and it's over 50 but not much.
I built a few dansguardian (smoothwall) boxes back in the day, but IIRC, it was pretty much a PITA to keep up to date.
I don't know if the successor E2guardian is any different in that respect.
I think I have $1000 to spend on an appliance or a two nic box.
I just built a samba server using a dell t140, it has a couple of nics and could do the job I think.
Dell T140 not much money there ~$600
I do like the idea of a proven appliance.
Ongoing support, I have no idea what to expect to pay for updated security profiles for a year. If i have do it the hard way, I will be charging them accordingly. I'd love to get an email that the boxen just got some updated profiles and I didn't have to touch it :)
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126
BYOD Protectli FW6 with pfsense

protectli.com

Product Comparison - Protectli Firewalls at a glance

Compare our trusted Firewall appliances with all its capabilities side by side. Find the one that works best to secure your network!
protectli.com protectli.com


Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti

 
Last edited:
  • Like
Reactions: skyking
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126
We also had a discussion with Ubiquiti Dream Machine Pro in another thread.

Question - Router/Firewall + POE WiFi Access Points?

I'm currently updating a fairly complex / device-rich network at our house. When we moved into a new house, I had to quickly deploy 4 Google WiFi points just to setup an inexpensive network with WiFi, having full coverage. The new setup will be mostly hard wired, with POE runs to 2-3 areas for...
forums.anandtech.com forums.anandtech.com
 
  • Like
Reactions: skyking
S

SamirD

Golden Member
Jun 12, 2019
1,489
276
126
www.huntsvillecarscene.com
mxnerd said:
We also had a discussion with Ubiquiti Dream Machine Pro in another thread.

Question - Router/Firewall + POE WiFi Access Points?

I'm currently updating a fairly complex / device-rich network at our house. When we moved into a new house, I had to quickly deploy 4 Google WiFi points just to setup an inexpensive network with WiFi, having full coverage. The new setup will be mostly hard wired, with POE runs to 2-3 areas for...
forums.anandtech.com forums.anandtech.com
Click to expand...
Agh! I was looking for that thread to link in another thread. :( What search terms did you use?
skyking said:
they have web email, so the spam features are not as important as anti virus and web exploits.
It's about a 50/50 mix of wired and wireless network running on Ruckus gear that works well but is EOL. There's a controller and 5 or 6 AP's over a large area. Lots of BYOD on the guest network.
I looked again and it's over 50 but not much.
I built a few dansguardian (smoothwall) boxes back in the day, but IIRC, it was pretty much a PITA to keep up to date.
I don't know if the successor E2guardian is any different in that respect.
I think I have $1000 to spend on an appliance or a two nic box.
I just built a samba server using a dell t140, it has a couple of nics and could do the job I think.
Dell T140 not much money there ~$600
I do like the idea of a proven appliance.
Ongoing support, I have no idea what to expect to pay for updated security profiles for a year. If i have do it the hard way, I will be charging them accordingly. I'd love to get an email that the boxen just got some updated profiles and I didn't have to touch it :)
Click to expand...
If they have that much of a budget, I would highly recommend a watchguard M300 or M370 that you can find with used an existing service contract that you can transfer. This will be within budget and the watchguard is a very capable utm machine with reasonable subscriptions and great support (4hr windows on tickets I believe):
www.watchguard.com

Compare Firebox M300 & Firebox M370 Appliances | WatchGuard Technologies

www.watchguard.com www.watchguard.com

We have an M200 and M300 and have been very pleased with the performance and features.
 
  • Like
Reactions: skyking
skyking

skyking

Lifer
Nov 21, 2001
22,014
4,782
146
I'm happy with the ubiquiti radios I have employed, but the focus of the dream machine's features is the wireless, which I don't need or cannot use. That is unless i replace that whole ruckus system. I don't want to start down that road just yet.

Who here is using pfsense? What is the updating process like?
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126

YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
www.youtube.com www.youtube.com

I personally don't use pfsense.
 
  • Like
Reactions: skyking
skyking

skyking

Lifer
Nov 21, 2001
22,014
4,782
146
mxnerd said:
BYOD Protectli FW6 with pfsense

protectli.com

Product Comparison - Protectli Firewalls at a glance

Compare our trusted Firewall appliances with all its capabilities side by side. Find the one that works best to secure your network!
protectli.com protectli.com


Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti

Click to expand...
that's quite a nice appliance, why did you go with the 6 in my case?
It is sure a lot better than what pfsense offers as far as performance per $$ :)
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126
skyking said:
that's quite a nice appliance, why did you go with the 6 in my case?
It is sure a lot better than what pfsense offers as far as performance per $$ :)
Click to expand...

Because F6W series have much better VPN (IPSEC or OpenVPN) performance (if you need that in the future) than others.

OpenVPN Performance on The Vault – Protectli Knowledge Base

protectli.com protectli.com

Have more ports also means that you can add more WAN ports from different ISP (failover or load ballancing) and LAN ports (in different IP ranges), plug in access points or mesh systems, etc.

You can even setup 4G failover for emergency situation.

YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
www.youtube.com www.youtube.com
 
Last edited:
skyking

skyking

Lifer
Nov 21, 2001
22,014
4,782
146
Cool. So far, no VPN usage at all. I have a Peplink 30 there now. They used to have a 3G on the USB port.
I'll familiarize myself with pfsense and see if I can pitch it to them soon.
 
G

Genx87

Lifer
Apr 8, 2002
41,095
513
126
Watchguard, PFSense, Sophos, Sonicwall all have devices that serve this market. Small office may also be a candidate for Z-Scaler. If this is a business they need to have some sort of edge defense with that many endpoints.
 
N

NeonFlak

Senior member
Sep 27, 2000
550
7
81
Roll yourself an Untanle UTM. Extremely easy to use. You can go with Untangle free, or try to pass off a $50/year home license.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom