Help me select an excellent firewall solution!

pryde7

I'm currently researching to implement a new firewall solution to our network. I have a good knowledge in some products in the market but not really a security geek. I've so far reviewed Fortinet 500A, WatchGuard X6000, Juniper NS-208 and cisco ASA 5520. Any ideas, cons and pros about these?
I will appreciate you proposals.

astorrs

Can you tell us a bit more about what you are trying to secure, how much traffic is expected to flow through it, etc?

marco71

IMHO, CheckPoint is good enough for medium and enterprise areas

jbaello

Dlink Firewall are the new sheriff in town... lol jk I suck at this stuff...

pryde7

Its an enterprise network of a manufacturing company. Main factory location and two branches, one website hosted locally in the premises. Main focus is securing the network from internet threats, spam and antivirus. Kind of a unified threat management system can be good. Budget is not limited.

marco71

is there a VPN between branches and the main factory or do you need one?

pryde7

Branches are connected using leased wan links. VPN will always be an issue. Let it be there to accommodate for any changes.

marco71

check VPN-1 products from CheckPoint, look impressive to me

Pash

JUNIPER!

Cant recommend the ssg products enough for firewall security. Can be clustered as well for High Availability.

RTmarc

I'm going to throw my recommendation in there for the FortiGate 500A. We have a 500A and a 300A cluster at my company and I have been nothing but impressed. The web interface is very clean and intuitive and the CLI is very easy to work with if needed. I'll put it this way, I was impressed enough with it I bought a FortiGate 60 to use on my home network.

shednik

I've never used any of the Juniper products but I've heard good things. My personal recommendation is Checkpoint though, we have 180 North American sites which are secured by checkpoint.

macdude

I am going to break the mold and say soincwall.

1MeanAdmin

I see everyone has their own favorite firewall brand

I'll make it even more diversified:

Of all the firewalls I worked with (Cisco, Watchguard, Linksys, Astar, Sonicwall, Checkpoint) I like Watchguard the most: good security features, easy to monitor and configure everything. The con is: most advanced features require licenses, some of which you have to renew every year, so it can get pricey (I'm not sure, but it may be the usual way most firewalls are sold these days).

undomiel

I'll cast a +1 for SonicWall and a -1 for Fortigate. We have a Fortigate unit here at work and it has been pretty ornery. Fortigate's support is not very friendly either even when trying to renew a support contract.

remyforbes777

Sonic Wall firewalls seem to work pretty well for us. They are pretty intuitive.

pryde7

Thank u guys for all the ideas. Its true that most of them do the right job though others do it better not overall but with specific features. Type of network and personal preference plays a big role as well as user intuitiveness and how granular policies can be configured.
I've read arguments about the usefulness of an antivirus in the UTM box, not being too relevant. As some venders don't just include it or u have to choose btn virus and intrution prevention.
Its a bit difficult to pick out something without help from previous users, since most of them do the "I am good and he is bad" marketing strategy.
I'm considering the Sonicwall Pro 5060, Checkpoint UTM-1 2050 and Watchguard X8500e

sprkymrk

pryde7 wrote:

Its an enterprise network of a manufacturing company. Main factory location and two branches, one website hosted locally in the premises. Main focus is securing the network from internet threats, spam and antivirus. Kind of a unified threat management system can be good. Budget is not limited.

Sidewinder. (Now called Secure Firewall 7).

Rikku

I would have to HIGHLY disagree with the SonicWall series.

They work well for a small company solution on a limited budget. But, half the time we found ourselves upgrading the firmware and having to go back to a previous rev every time. It was a nightmare to support and thier indian tech support sucked royally! Half the time I knew more then the reps and I would have to INSIST on a U.S. support rep.

We used an dual Sonicwall HA failover/load balanced Sonicwall 2040 Pro solution at our HQ and a same setup with a pair of SonicWall Pro 4060s at our hosting site. We rarely ever upgraded or performed changes at our hosting site for fear of downtime since we were shooting for 99% uptime/availability of our website. (isnt everyone eh?)

When we were searching new firewalls to replace these units, we were checking on various products. Juniper seemed like a good choice for ease of use, features and the learning curve to deploy and manage the devices quickly. However, I think the Cisco ASA 5500 series was the "best" product on the market and the proven leader with the "track records" if you are willing to invest the money/time.

-Rikku

Luckycharms

+1 for ASA's.... that coupled with a NAC infrastructure is the way to go.... But I guess it is all what you can afford.. ( and how much security matters to you!!!)

macdude

Rikku,

I have to disagree with you. We use soincwalls at work and never have an issue with them. The only issue I had with is one that stopped working, due to a mouse dyeing on the power cord. But to each his own.

Rikku

Macdude,

Just my opinion on the SW's. I worked with several different revisions of them over the past 4 years and for the most part they did work fine when we would "set them and forget them".

But man, make some infrastructure or route changes or especially when we updated the firmware...whooeee...it was not fun. One time we simply lost power and then when the SW came back up..we could not route back outside. Even thier support could not help determine a cause for issues we would have. I mean, I really gave a TON of my time to work with them and get familiar with what I was doing wrong..then I started to realize after a time..it wasn't just me or my ability to work with them.

I know most other SW users did not have the same experience with thier Sonicwalls as we had...thats all well and good..but as an engineer..you just get tired of messing with the same problem...what do you do when that's the case? Go to something else that doesnt take up your time.

-Rikku