Firewalls with Filtering?

[dwright1542]

I've been using Sonicwalls for ages. Particularly for content filtering, Malware, and edge level AV. However, small clients are getting fast enough (1Gb) connections that even mid level Sonicwalls aren't remotely fast enough. And the cost for maintaining the large ones are prohibitive. So what about replacing the Sonicwall value add stuff with something like Cisco Umbrella, or something else? (FWIW, to get Gig DPI throughput, you'd need an NSA5600). That's not in the budget of a 30 person company.

I do use centralized management, so I can't go the open source route. I don't mind keeping the SW for VPN termination and NAT, it's the services that are the problem.

I asked this question awhile back, it's now become a real issue for clients.

https://forums.servethehome.com/index.php?threads/massive-firewall-thoughts.15048/


Thoughts?

 

[CreoleLakerFan]

Budget?

 

[dwright1542]

Ugh. $1000/year for services, maybe? That's a shoot from the hip though. I think I could make a case for that. I can tell you that the sonicwall level needed to handle it is around $2500/yr, which is NOT in the budget.

 

[Jannis Jacobsen]

would sophos utm or sophos xg fit the requirements?
sophos sg115 totalprotect 3-year is about $1280

 

[dwright1542]

Yeah, they are on the list, but not really cheap enough to change away from sonicwall. I think I'm still in the same boat as a year ago.

 

[Jannis Jacobsen]

If the company cannot afford to budget $1.20 a month pr.user for 3 years, I’d ask them to reconsider

-j

 

[dwright1542]

If the company cannot afford to budget $1.20 a month pr.user for 3 years, I’d ask them to reconsider

-j

Except a 115 won't come remotely close to doing 1G UTM. (I'd go XG anyway) Really need a XG230. That's my whole issue.

 

[NashBrydges]

You may not want to go the open source route but not sure you'd have a choice with that budget. That being said, Untangle offers central UTM/Firewall management. I can't speak to how effective it is since I've not used it but I know the central management is available and called Command Center.

 

[Evan]

1G UTM costs $$
Reason is also that real big business is who actually consumes proper 1G.

Just because you have a 1G connection does not mean you really ever use close to 100% of its capacity, reality is a solution that will do say 150M UTM will probably be fine and then the smaller Sophos, Fortinet, etc products should work fine.

 

[dwright1542]

1G UTM costs $$
Reason is also that real big business is who actually consumes proper 1G.

Just because you have a 1G connection does not mean you really ever use close to 100% of its capacity, reality is a solution that will do say 150M UTM will probably be fine and then the smaller Sophos, Fortinet, etc products should work fine.

Except that's not quite true. The clients that need the fast connection, specifically need it. (Legal firm with massive production downloads and uploads, video editing company to name 2) So buying 1G, and then only getting 150M isn't going to cut it. Unfortunately, I think I'm still stuck in the same boat.

 

[Evan]

Can you route around the firewall the high performance stuff like those video file uploads ?

 

[dwright1542]

Negative, and in fact, I have a 3rd customer that this is now an issue. They are just small companies with less than 30-employees that need high bandwidth and want to be safe. Never was a problem until FIOS / Comcast came out with speeds in their budget. Now it's an issue.

 

[Evan]

Same here where 1G symmetrical fiber is the normal minimum, I really don’t know a cheap solution to handle that.
Any high clocked 4-core cpu running Sophos or pfSense would be the best bet still I think.