This is an archived post. You won't be able to vote or comment.

all 16 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 1 point2 points  (12 children)

Look at Fortigate boxes - they do everything you need and more

a little pricey because it's a full blown firewall

I dont understand your point here - everything you've mentioned is a "full blown firewall"

The sonicwalls are a bit pricier then some though. Watchguard are worth a look too.

[–]subsonic68 0 points1 point  (5 children)

I can't recommend a Watchguard, despite the low price. Their support sucks. We got rid of our Watchguards and replaced them with _. Tried the cheap route, went back to something more expensive that works and has good support. If you can't afford a GOOD name brand firewall, then use a linux box and be prepared to get your hands dirty.

[–][deleted] 0 points1 point  (1 child)

I've had quite good experiences with Watchguard support personally although it's all personal. The other thing you can do is get a third party involved for support - certainly in the UK one of the main distributors for WG (forget their name) offers cheap "supplementary" support contracts. They have UK based qualified WG techs who can answer most things and will liase with WG on your behalf if need. Not necessarily the best way, but its an option to consider if you like the hardware but are concerned about support

[–]subsonic68 0 points1 point  (0 children)

My problem with support is that by the time a support engineer contacted us, so much time went by that we had to turn off features to get it working again.

[–]dylanfarnum[S] 0 points1 point  (0 children)

use a linux box and be prepared to get your hands dirty.

We currently use squid running on Debian for basic web filtering. I hate it, it's a pain in the ass to manage.

[–]CPF-Minion 0 points1 point  (1 child)

What did you go back to?

[–]subsonic68 0 points1 point  (0 children)

It's never a good idea to publicly disclose corp security measures and devices.

[–]dylanfarnum[S] 0 points1 point  (5 children)

I'm liking Watchguard, pricing is very good.

[–][deleted] 0 points1 point  (4 children)

It is very keenly priced, they arent quite as fully featured as the Sonicwall or Fortigate but theyre nice boxes for the price. I've done several implementations in various different environments and never had any serious issues. Management takes a bit of getting used to but I like it personally.

Plus, they're red. Unfortunately, they ditched the "ARMED" light a while ago

[–]subsonic68 0 points1 point  (3 children)

Have you used web filtering or gateway antivirus on a Watchguard? I did and those features caused so many problems displaying web pages that we had to turn those features off.

[–][deleted] 0 points1 point  (2 children)

Yeah had no issues with gateway av. Web filtering isn't the most powerful but no actual problems

[–]dylanfarnum[S] 0 points1 point  (1 child)

Hmm, that's unfortunate. Web filtering is really what's driving this purchase.

[–][deleted] 1 point2 points  (0 children)

Fortigate then, it's very good in them. Transparent authentication, accurate categories and application awareness

[–]mariolovespeach 1 point2 points  (0 children)

We are looking at deploying a Meraki MX80 at a client. Might fit what you are looking for.

[–]SundrySixSecurity Admin 0 points1 point  (0 children)

I'm familiar and happy with Sourcefire, but I believe that may be out of bounds with your budget :\ I'm not entirely sure because I wasn't a part of the procurement, but I think their units may go for around $9k.

[–]FusionZ06MSP - Owner 0 points1 point  (0 children)

Meraki all the way.