What are you using for a firewall?

[GoldenBigun]

Came here looking for information on the Fortinet 60D: http://forums.servethehome.com/showthread.php?1177-Fortinet-60C-Experiences

What are all you using to secure? Different home work and datacenter? BYO?

Curious to see. Was thinking pfsense or vayatta or buying a Fortinet 60D.

 

[nitrobass24]

Have used pfsense but I like something that is slight more supported. Currently running an ASA5505 at home.

I tried Vyatta, but I didnt see what if offered over anything else and its not nearly as well documented/supported on the internet as Cisco/Fortinet/Juniper.

 

[sboesch]

I have 2 Juniper SSG-140's in active/passive @ my Colo. I have been pretty happy with them. I also use the Juniper SSG-5's in our offices.

 

[GoldenBigun]

Googling I saw the SSG-5's seemed to have a higher fail rate.

nitrobass24; How is that Cisco? Do you need a subscription for it? I like pfsense because no paid subscription.

I do want web interface. Do not want to learn CLI.

 

[Biren78]

Hi new. Thought i'd join in.

We just deployed Sonicwall 250M --- great for the price. Dell will negotiate on them.

Google Fortinet support. ofc they are #1 in segment so most users and most possible unhappy users. I hear some good things on interface. Can use both web and cli.

 

[sboesch]

I have 2 of them, one is 5 years old, the other is 2 years old and never had a problem.

Googling I saw the SSG-5's seemed to have a higher fail rate.

nitrobass24; How is that Cisco? Do you need a subscription for it? I like pfsense because no paid subscription.

I do want web interface. Do not want to learn CLI.

 

[nitrobass24]

Googling I saw the SSG-5's seemed to have a higher fail rate.

nitrobass24; How is that Cisco? Do you need a subscription for it? I like pfsense because no paid subscription.

I do want web interface. Do not want to learn CLI.

The Cisco is not really a UTM. Neither is the Fortinet. Sure it has AV baked in but its not a real UTM product like SonicWall.

The other Cisco ASA Models have a place for an expansion card that adds UTM like features, but it requires a subscription.

 

[gigatexal]

pfsense for me but i'm not doing anything fancy

 

[pgh5278]

Hello, am using a Fortinet 40C at home, seems reliable, had had for 7 months now, no reliability issues. Updated to the new firmare last week, like the interface better than previous. Have not tried a software package type firewall like IPsense, sophos etc, although interested to try.

Have not managed to get it to do 100% exactly what I want, yet, but am planning to do some reading. Using it to control internet connectivity on kids PC both by time and type. Game time x to x ( different sessions options ie weekdays , weekends, holidays etc and , internet for homework y to y, with different sessions, plus times when no internet activity allowed, so three different types of intenrnet activity, with multiple timings.. ( Not all the way there there yet..)

 

[cactus]

I have used Linux iptables, pfSense and Untangle. I currently have a pfsense box behind a FIOS router. It makes it simple for set top boxes and others in the house.

 

[sboesch]

I have deployed untangle to some clients, I think it's pretty slick.

I have used Linux iptables, pfSense and Untangle. I currently have a pfsense box behind a FIOS router. It makes it simple for set top boxes and others in the house.

 

[Jeggs101]

I have used Linux iptables, pfSense and Untangle. I currently have a pfsense box behind a FIOS router. It makes it simple for set top boxes and others in the house.

Why not Vayatta? Seems like that is the new wonder-firewall.

 

[nitrobass24]

Well the FOSS version of Vyatta is CLI only and even being comfortable with the Cisco ASA and IOS command line, I found the vyatta to be less than intuitive to set up.

That said, when I got to a point where I couldn't figure something out, I google....well that doesnt work so well for vyatta since it has such a small market share and does not have a thriving enthusiast community.

 

[Patrick]

Well the FOSS version of Vyatta is CLI only and even being comfortable with the Cisco ASA and IOS command line, I found the vyatta to be less than intuitive to set up.

That said, when I got to a point where I couldn't figure something out, I google....well that doesnt work so well for vyatta since it has such a small market share and does not have a thriving enthusiast community.

That is a great point. I've also been looking at Vyatta/ pfsense. The big question is whether it makes sense to add two firewall appliances or just add extra NICs to the Dell C6100 and run something like pfsense/ Vyatta.

Timely thread.

 

[Mike]

I have been using IPfire for a while now as i had some trouble with BSD based stuff like pfsense. It's featureset is great and the new releases should be based on newer 3.6? kernels which have improved networking stuff if im not mistaking.

 

[cactus]

Why not Vayatta? Seems like that is the new wonder-firewall.

I just didn't know about it. I'll look into it.

 

[Lost-Benji]

Cisco SRP527W

Have another box running PFsense but haven't had the need to warrant extra power draw to run it.

 

[mrkrad]

Sophos UTM 9 - very powerful , runs in VM, your hardware, or their hardware. One-touch clustering

You can vmotion your router to a low power machine (microserver) in event of a power outage

 

[Patrick]

Interesting note, Steven from Rack911 just recommended 2x pfsense boxes with HA carp... may end up using the FortiGate 60c around here...

 

[nitrobass24]

Interesting note, Steven from Rack911 just recommended 2x pfsense boxes with HA carp... may end up using the FortiGate 60c around here...

No Offense to Steven, but you are running business, do you really want your sites security/reputation to be at the mercy of an Open Source Community? All of the businesses that I do work for dont use FOSS based UTMs (IPfire, pfsesne, etc.) They use Cisco, Juniper, Fortinet, Arbor Networks SonicWall, because when things go wrong and they eventually will, you have a support contract, and someone to call that can fix the issue.