What kind of business class firewalls do you guys prefer?

it_consultant

For 150-200 users you need a firewall which will cost more than your budget if you buy any brand. Depending on your wifi needs I would go with the more expensive Meraki's as well.

demonfurbie

thats the huge problem i run into is price

they want the world but dont wanna pay anything

wes allen

Considering they are currently using an off the shelf from walmart netgear, anything will be a step up. They only hit those numbers for a few weekends in the spring and fall, and their dsl line probably won't keep up with the sonicwall anyway. But, price is their big thing and ease of management. The traffic is all guest wifi web stuff. It need to work, mostly, but they are not going to spend the money to do it the same way if it was 200 biz users.

Any other thoughts on solutions?

it_consultant

I would stand by the meraki idea even thought the firewall would be underpowered for their peak time (it must be a hotel or something). Here is why - the the ease of management for your and your client is not equaled with anything else on the market. If you can get them to spend $500 more that would be nice, otherwise the cheapest firewall from Meraki will work even with 150-200 users, they just don't recommend it.

wes allen

I will put something together for them to look at on Meraki. They are not clients - just friends that live down the road and run a pizza place / campground, mostly for climbers.

NightShade1

Jeez Wes thats a super ultra low budget.... For 150-200 users...
You should tell the managmen that if they want something that actually works that they should give you more budget... i mean cheaper things makes you just waste twice the money... i mean when they get notice that isnt working as they wanted...
Im with It consultant... I really hate running an AP on my firewall.

Also there is soemthing else... they are 150-200 wireless users? i just read its pizza place....

W Stewart

I don't really have a preference as I haven't used that many firewalls but we use cisco ASA 5505s at my job although some customers just have a linux box running iptables.

deth1k

docrice wrote: »

While I'm a fan of this approach, I can only recommend it for organizations with sufficient staff / training to handle it. Having two firewalls by different vendors introduces complexity in the network design and additional management required to stay on top of bugs, syntax, interface usage, etc. and increases troubleshooting turnaround. With firewalls getting more complicated to manage with each passing year as the feature set increases, I think it's also more prone to configuration errors.

But if the organization can handle it, more power to them. Every firewall has things that they're better at and when you get two complementing technologies, it can be a good thing. A lot of these all-in-one type devices (Fortinet, PAN, etc.) are usually strong in one or two areas but fairly average for the rest. That trade-off is where the decision-making rests on.

It is actually a requirement for some security standards and acreditations to deploy multi vendor solutions to remain compliant. When you were referring to bugs, it's exact reason for multi vendor aproach. It one becomes comprimised you have another layer of protection that is unlickely to have same vulnerability as another.

Also going back to GUI, some of the best vendors actually recommend using it over CLI as it's less prone to mistakes i.e changes made on the CLI take an imidiate effect (apart from JunOS commit). If you really wish you can still paste configs or XML script them for mass deployments / config changes.

JayTheCracker

snort / 5510 ?

deerstalker

You will know how good that firewall/switch/ router is. What I mean is tech support and the follow-up service. Soon or later that router/firewall dies from overheating. Yes an expensive router will have a $2 system fan which needs to be replace. who going to do that? SUPPORT.
The firewall/router brand that have the best 24/7 support is the one you want to buy.

Regards