Looking for recommendations on the best UTM Firewalls for SMB's...

scottalanmiller

@ambarishrh said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@travisdh1 said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@hellowill said in Looking for recommendations on the best UTM Firewalls for SMB's...:

• It simply just works

Nothing that covers all your requirements list will just work. For example, I wouldn't be running anti-virus or IDS/IPS on a firewall box if I had a choice on the matter.

I also agree with @aaronstuder, PFSense is easy to understand.

Interested to know more on this specifically why are you against running AV or IDS/IPs on the firewall.

Same reason you don't run Windows SBS. It goes against all basic best practices. Of all things to treat as non-production, your firewall probably isn't it.

scottalanmiller

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

vhinzsanchez

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

Hahaha Liking the reaction. In anyways, no experience in Meraki...but I like the reaction...simply classic.

vhinzsanchez

Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.

iroal

I don't think Pfsense is difficult to manage.

Even mount a HA is quite simple.

crustachio

Since pfSense has been covered well enough already:

Looking at the bullet points in your decision criteria, I can say that FortiGate checks all of those boxes. It is very simple to set up, and more than capable of all your needs. I find that it just makes sense more than say a SonicWall, which I would stay far away from personally. The FortiGate web UI is mostly logical, and there'e a robust CLI behind it when necessary. It's pretty affordable, support is decent, and the performance and features are pretty good IMO.

CCWTech

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

coliver

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

CCWTech

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.

I have a few Sonicwall devices and that's support I cringe about.

coliver

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.

I have a few Sonicwall devices and that's support I cringe about.

You may want to look at other stuff in the space as well. You can easily get better performance at a significantly lower price from several different vendors.

CCWTech

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.

I have a few Sonicwall devices and that's support I cringe about.

You may want to look at other stuff in the space as well. You can easily get better performance at a significantly lower price from several different vendors.

I'm always looking for something better, but I have been very happy with Meraki.

PenguinWrangler

I would not recommend Untangle. I have to agree with everyone that is saying to break these things apart. When you mention anti-virus are you talking about something like a gateway antivirus? That is what I am assuming. I have used ipCop as a firewall. I liked it. Basic firewall. Is there a reason why you want UTM verses having these systems on their own?

Danp

@penguinwrangler said in Looking for recommendations on the best UTM Firewalls for SMB's...:

I would not recommend Untangle.

Why? Other than that fact that it is a UTM and that is frown upon by most everyone here.

black3dynamite

@vhinzsanchez said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.

OPNsense is pretty nice too, especially the UI.

R3dPand4

FortiGate and WatchGuard are the two I have the most experience with and both are pretty solid.

brandon220

I tend to use Edgerouters everywhere I can. That being said - I have 2 Sophos UTMs because of the web filtering mainly. I realize you can put them in transparent mode behind another router but it seems pointless when it can do everything. The country blocking is another feature that works really well. If I needed just a firewall I would never consider them.

NerdyDad

I would just recommend a different strategy all together because if you're UTM is compromised, then where is the rest of your security going to be? This is why I recommend breaking it apart. AV at the firewall might not be a bad idea, but I would recommend breaking out the IDS/IPS behind the firewall. Also, breaking out the proxy just right behind the firewall as well, if you need one.

brandon220

@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?

black3dynamite

@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?

Squid (http://www.squid-cache.org/)

PiHole (https://pi-hole.net/)

Safesquid (https://www.safesquid.com/)

Strongarm (https://strongarm.io/)

NerdyDad

@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?

@black3dynamite said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?

Squid (http://www.squid-cache.org/)

PiHole (https://pi-hole.net/)

Safesquid (https://www.safesquid.com/)

Strongarm (https://strongarm.io/)

Just like @black3dynamite said. Squid for proxying, Pi-hole for internal DNS filtering and getting rid of ads, and Strongarm for external DNS. I've never used either Squid or Strongarm, but have heard that they are good products.