Why buy switches when one can get switch/firewall combo?

uberguru

Member
Jun 7, 2013
196
5
18
I am just wondering why people keep buying a switch and a firewall separately when one can get a security appliance that can act as a switch and firewall combo...isn't this true?
 

mrkrad

Well-Known Member
Oct 13, 2012
1,244
52
48
because they are too slow to move data.

Separation of switching and routing unburdens the router from dealing with data that is not going to the internet and back (home users). Most home routers are vastly underpowered
 

Biren78

Active Member
Jan 16, 2013
550
94
28
because they are too slow to move data.

Separation of switching and routing unburdens the router from dealing with data that is not going to the internet and back (home users). Most home routers are vastly underpowered
Was thinking he'd want a Sonicwall or Fortinet or similar. If you only need 1-16 internal ports that can work OK. Can also get an el cheapo hub and run an IPMI network all off a 100mbps port on the UTM appliance.

But what UTM features is he using and what type of pps does he need from the firewall? Speed depends on firewall service level there.
 

uberguru

Member
Jun 7, 2013
196
5
18
Was thinking he'd want a Sonicwall or Fortinet or similar. If you only need 1-16 internal ports that can work OK. Can also get an el cheapo hub and run an IPMI network all off a 100mbps port on the UTM appliance.

But what UTM features is he using and what type of pps does he need from the firewall? Speed depends on firewall service level there.
Just to make sure..is UTM a device that acts as a switch and firewall?
 

uberguru

Member
Jun 7, 2013
196
5
18
Because the MSRP on the MX400 that I just found is $16K. Then add $8K for the yearly licence. That's a hell of a lot of money to pay for the 'benefit' of convergence!
Yeah i know..used for example purpose only ofcourse
 

mrkrad

Well-Known Member
Oct 13, 2012
1,244
52
48
two devices can double the risk of failure and cost! or not. Depends.

Fact is: Networking is artificially expensive. Price fixing man. The shit isn't worth the gear in the box. Big time.
 

NetWise

Active Member
Jun 29, 2012
599
131
43
Edmonton, AB, Canada
Agreed. But still have to give some weight to what is in the box is IP (intellectually property) and has to have SOME value. That said, nowhere near the price they ask. I'm studying for my CCNA and am just boggled by what Cisco folks will put up with ;)
 

Biren78

Active Member
Jan 16, 2013
550
94
28
Well most of these things are about 60% gross margin. So good business like enterprise storage. That usually doesn't factor in IP costs. I'd say prices are high, but usually its because they expect to give big discounts to friendly buyers.

Also would say with HP and Dell in the lower-end switch business, most of the 1U and smaller FF switches are way more affordable than they used to be on a relatvie basis.

It's one of the most interesting things on the software defined networking side to me at least.
 

uberguru

Member
Jun 7, 2013
196
5
18
can someone recommend a router/switch combo that someone can use in replacement of a regular switch? Will this be allowed at the datacenter? I am thinking the router will be able to perform much more things and help me create my own private network.
 

Patrick

Administrator
Staff member
Dec 21, 2010
12,005
4,990
113
can someone recommend a router/switch combo that someone can use in replacement of a regular switch? Will this be allowed at the datacenter? I am thinking the router will be able to perform much more things and help me create my own private network.
How many ports? Do you want VPN access and etc? Firewall?

When I was building the STH colocation I bought a Fortinet FortiGate 60C which I ended up not using. Fairly cool device though since it is a UTM device, has built-in functionality for Active-Active operation (if you have 2), will act as a router and has a few switch ports in the rear. I do agree though that all of those boxes should really have more ports on them.
 

uberguru

Member
Jun 7, 2013
196
5
18
How many ports? Do you want VPN access and etc? Firewall?

When I was building the STH colocation I bought a Fortinet FortiGate 60C which I ended up not using. Fairly cool device though since it is a UTM device, has built-in functionality for Active-Active operation (if you have 2), will act as a router and has a few switch ports in the rear. I do agree though that all of those boxes should really have more ports on them.
Why aren't you using the fortinet 60C?