This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall/UTM Recommendations

Alright, a little background information first:

  • SMB with about 100 users

  • 100 meg fiber service

  • No VoIP going through the firewall https://19216801.onl/

  • 20 site-to-site tunnels currently active

  • Current device is Sonicwall NSA 2600

  • Content filtering currently in use  https://192168ll.link/

So I'm looking to upgrade our current firewall. I have become particularly comfortable with the Sonicwall GUI, but I'm willing to learn other setups. What are your favorite UTMs/Firewalls out on the market right now? I've done a little research into Fortinet, WatchGuard, and Cisco, but nothing tremendous yet.

If anybody needs anymore information, just let me know. Thanks!



This thread was automatically locked due to age.
Parents
  • I would personally ask a reseller in your area to do an assessment of your needs and be able to recommend what you would need based off number of users, the specific uses of the firewall, etc.  They will most likely be pushing the Sophos XG product, which some of us here don't particularly like for our own personal reasons.

    The community forums area really more for those of us that don't have access to Sophos support because we don't pay for enterprise licensing and use the free home license.  Sure, we do get quite a bit of questions from enterprise users and some people here can answer them really well with a solution, but the harder things would usually end up with you submitting a support ticket if you paid for the support.

    I personally like the UTM product, and I have been using it for over 20 years (when it was still Astaro) in both production and home environments.  It's been a solid piece of software in both arenas.  The interface is very easy (easier than XG in my opinion) to learn as it's web-based and you can control via SSH if you like (I'm visual, so web-based it is for me).  You can run it on Sophos hardware or your own, or even in a VM environment.

    I don't really like how much it can bog down the download speeds because of the IPS and web filtering it does, but that's the nature of the beast (I have a 50MB d/l speed at home, I cap at 7.5MB on my downloads).

    I've had Cisco PIX, and it's a great product, but purely command line to be able to be efficient at it (any web-based Cisco product is really clunky and laggy in responsiveness).  I hear great things about Fortinet, but I have not personally messed with that product, or Watchguard.  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Reply
  • I would personally ask a reseller in your area to do an assessment of your needs and be able to recommend what you would need based off number of users, the specific uses of the firewall, etc.  They will most likely be pushing the Sophos XG product, which some of us here don't particularly like for our own personal reasons.

    The community forums area really more for those of us that don't have access to Sophos support because we don't pay for enterprise licensing and use the free home license.  Sure, we do get quite a bit of questions from enterprise users and some people here can answer them really well with a solution, but the harder things would usually end up with you submitting a support ticket if you paid for the support.

    I personally like the UTM product, and I have been using it for over 20 years (when it was still Astaro) in both production and home environments.  It's been a solid piece of software in both arenas.  The interface is very easy (easier than XG in my opinion) to learn as it's web-based and you can control via SSH if you like (I'm visual, so web-based it is for me).  You can run it on Sophos hardware or your own, or even in a VM environment.

    I don't really like how much it can bog down the download speeds because of the IPS and web filtering it does, but that's the nature of the beast (I have a 50MB d/l speed at home, I cap at 7.5MB on my downloads).

    I've had Cisco PIX, and it's a great product, but purely command line to be able to be efficient at it (any web-based Cisco product is really clunky and laggy in responsiveness).  I hear great things about Fortinet, but I have not personally messed with that product, or Watchguard.  

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

Children
No Data