Firewalls, the good, the bad, and the ugly.
-
@Kelly said in Firewalls, the good, the bad, and the ugly.:
I'm working on switching away from Cisco ASAs to Juniper SRXs. I was actually surprised by how inexpensive the Junipers were relative to Cisco. JunOS is proprietary, but it is very readable, and they learned a lot from seeing how IOS does things poorly (oh how I love rollback 0). It is based on FreeBSD.
That would be interesting. Its an actual firewall and not an ISR?
-
@bigbear said in Firewalls, the good, the bad, and the ugly.:
@Kelly said in Firewalls, the good, the bad, and the ugly.:
I'm working on switching away from Cisco ASAs to Juniper SRXs. I was actually surprised by how inexpensive the Junipers were relative to Cisco. JunOS is proprietary, but it is very readable, and they learned a lot from seeing how IOS does things poorly (oh how I love rollback 0). It is based on FreeBSD.
That would be interesting. Its an actual firewall and not an ISR?
Isn't ISR only related to Cisco licensing?
-
@scottalanmiller In my world ISR would bring Adtran to mind. Also 3com/US Robotics before HP bought them up.
I think Cisco was about a decade late to abusing that terminology. Because what they call Integrated Service Router really isn't anything an ISP would be interested in using as a CPE.
-
@bigbear said in Firewalls, the good, the bad, and the ugly.:
@scottalanmiller In my world ISR would bring Adtran to mind. Also 3com/US Robotics before HP bought them up.
I think Cisco was about a decade late to abusing that terminology. Because what they call Integrated Service Router really isn't anything an ISP would be interested in using as a CPE.
By your definition I think it would be an ISR.
-
@Kelly I think of an ISR as something the ISP provides as part of the service.
I found one of the units you were describing on Amazon for $383, most seem to be closer to $1,000
It's interesting that juniper has any interest at all in that market. It looks like something an IT guy would buy versus a CPE.
-
@JaredBusch said in Firewalls, the good, the bad, and the ugly.:
Specific customization can only be done by creating a special text file and putting it in a specific location.
There's your shot to start with Ansible
-
we have got nethsecurity in our company and then we have switched to watchguard. watchguard is way more aexpensive than what you can expect from such a thing ( just discovered later).
NethSecurity. Unfortunately our NS reseller policy was: we own the firewall/UTM password, not you. When I've been hired we had an internal briefing and company choosen to "fire" the NS supplier.
New supplier, new distribution channel, new UTM. Watchguard setup is quite convoluted: you have to jump among a number of GUIs to setup properly something. Also layer filtering is not really well separated - at least to me: you have a chaos of layer 3+ setup.
-
I run an ERL at home and I recommend them too for other SMB/home use. They just work, work well, and are very affordable.
-
@bigbear said in Firewalls, the good, the bad, and the ugly.:
@Kelly I think of an ISR as something the ISP provides as part of the service.
I found one of the units you were describing on Amazon for $383, most seem to be closer to $1,000
It's interesting that juniper has any interest at all in that market. It looks like something an IT guy would buy versus a CPE.
I understand you now. Comcast did install a Juniper router for their gear when they brought in fiber. That said, I do (mostly) like these. They need some work on their documentation, but the CLI is a dream compared to IOS.
-
@Tim_G Give me a Sonicwall device and I will take it to my gun range for target practice. That's all they are good for. ESPECIALLY after Dell bought them. Sonicwall is awful. Nothing but issues.
-
@PenguinWrangler said in Firewalls, the good, the bad, and the ugly.:
@Tim_G Give me a Sonicwall device and I will take it to my gun range for target practice. That's all they are good for. ESPECIALLY after Dell bought them. Sonicwall is awful. Nothing but issues.
FYI, they aren't part of Dell anymore. nor are they are part of Quest anymore.. they are completely stand alone again.
-
@Dashrender watchguard is very fail
-
@PenguinWrangler said in Firewalls, the good, the bad, and the ugly.:
@Tim_G Give me a Sonicwall device and I will take it to my gun range for target practice. That's all they are good for. ESPECIALLY after Dell bought them. Sonicwall is awful. Nothing but issues.
Last year we change our SonicWall for Pfsense.
Very happy with the change.I don't think Sonicwall is a bad product, main reason for the change was the expensive annual support for SonicWall, about 800€/Year
-
@iroal said in Firewalls, the good, the bad, and the ugly.:
I don't think Sonicwall is a bad product, main reason for the change was the expensive annual support for SonicWall, about 800€/Year
I think cost is part of if something is a good product. And that's WAY too much for that one.
-
@iroal said in Firewalls, the good, the bad, and the ugly.:
@PenguinWrangler said in Firewalls, the good, the bad, and the ugly.:
@Tim_G Give me a Sonicwall device and I will take it to my gun range for target practice. That's all they are good for. ESPECIALLY after Dell bought them. Sonicwall is awful. Nothing but issues.
Last year we change our SonicWall for Pfsense.
Very happy with the change.I don't think Sonicwall is a bad product, main reason for the change was the expensive annual support for SonicWall, about 800€/Year
SonicWALL issues I remember..
It manipulated VoIP traffic regardless off what you turned off
Had terrible NAT Coning issues, bug reports were rejected
The command line interface was ass backwards
I think the only time I see a customer have it was when their IT preferred it. I believe your MSP/IT guys preferred for the same reason as SW. They give you software to manage all your customers in one place.
Single Pane of Glass trumps actual features and reliability pretty often. If I ever had a business that needed IT I am not sure I would trust your average MSP.
-
@bigbear said in Firewalls, the good, the bad, and the ugly.:
I think the only time I see a customer have it was when their IT preferred it. I believe your MSP/IT guys preferred for the same reason as SW. They give you software to manage all your customers in one place.
No one likes it except resellers who make money pushing it.
-
Just wanted to add @bj to this thread that I think a $100-ish Cloud Router from Mikrotik would blow most hardware away, including Ubiquiti, on pure performance. With the $50 and under models you are still getting 1 million PPS. The new cloud router series really has a crazy amount of power.
This still coming from a pure PPS (packets per second) point of view.
I think the cheapest cloud router has 12 to 16 coresThat would only count for the core routers I am more familiar with (12 to 24 now) in the $500 range.Very poor marketing in the states but very popular with western country WISPS.
