Looking for recommendations on the best UTM Firewalls for SMB's...

black3dynamite

@thwr said in Looking for recommendations on the best UTM Firewalls for SMB's...:

pfSense is basically a BFG9000 full auto 12-gauge high explosive gatling railgun solution, capable of everything. pfSense is great because it features a solid base and has some great plugins. Used if for decades and will use it in the future. But it requires quite some experience when you want to get into details.

Personally, I think about UTMs the same way I do when I have to think about those compact stereo systems. They do what they are supposed to, mostly, but suck big time at some detail. And you can't replace that single bad thing. Better get specialized devices, so a good firewall / router (and maybe VPN) and a good IDS/IPS/AV system.

OPNsense (https://opnsense.org/) is another option if you don't want to use pfSense.

dafyre

@black3dynamite said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@thwr said in Looking for recommendations on the best UTM Firewalls for SMB's...:

pfSense is basically a BFG9000 full auto 12-gauge high explosive gatling railgun solution, capable of everything. pfSense is great because it features a solid base and has some great plugins. Used if for decades and will use it in the future. But it requires quite some experience when you want to get into details.

Personally, I think about UTMs the same way I do when I have to think about those compact stereo systems. They do what they are supposed to, mostly, but suck big time at some detail. And you can't replace that single bad thing. Better get specialized devices, so a good firewall / router (and maybe VPN) and a good IDS/IPS/AV system.

OPNsense (https://opnsense.org/) is another option if you don't want to use pfSense.

I like the OPNsense interface a bit better. It feels more modernized to me. I've only used it for DHCP & DNS though.

matteo nunziati

stay away from watchguard. personal experience. really convoluted.
also more expert people here warn against UTM as a general rule.
And yes, if you need an UTM same people seem to agree on palo alto.
I've not much experience to evaluate the options.

Firewall
VPN
these are available with every router/firewall I'm aware of. Don't need an UTM.

Intrusion Prevention / Intrusion Detection
almost 40 and still I ignore what this is.

Virus Protection
what kind of virus protection? this can be implementated via a VM...

CCWTech

Have you looked at Meraki?

Ambarishrh

@travisdh1 said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@hellowill said in Looking for recommendations on the best UTM Firewalls for SMB's...:

• It simply just works

Nothing that covers all your requirements list will just work. For example, I wouldn't be running anti-virus or IDS/IPS on a firewall box if I had a choice on the matter.

I also agree with @aaronstuder, PFSense is easy to understand.

Interested to know more on this specifically why are you against running AV or IDS/IPs on the firewall.

scottalanmiller

@jaredbusch said in Looking for recommendations on the best UTM Firewalls for SMB's...:

If you want a UTM firewall, then buy a PaloAlto.
https://www.paloaltonetworks.com/products/secure-the-network/next-generation-firewall

This is what I always recommend. 99% of the time, the SMB should not have UTM. When they need it, they need it to work and PA is the way to go.

scottalanmiller

@ambarishrh said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@travisdh1 said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@hellowill said in Looking for recommendations on the best UTM Firewalls for SMB's...:

• It simply just works

Nothing that covers all your requirements list will just work. For example, I wouldn't be running anti-virus or IDS/IPS on a firewall box if I had a choice on the matter.

I also agree with @aaronstuder, PFSense is easy to understand.

Interested to know more on this specifically why are you against running AV or IDS/IPs on the firewall.

Same reason you don't run Windows SBS. It goes against all basic best practices. Of all things to treat as non-production, your firewall probably isn't it.

scottalanmiller

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

vhinzsanchez

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

Hahaha Liking the reaction. In anyways, no experience in Meraki...but I like the reaction...simply classic.

vhinzsanchez

Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.

iroal

I don't think Pfsense is difficult to manage.

Even mount a HA is quite simple.

crustachio

Since pfSense has been covered well enough already:

Looking at the bullet points in your decision criteria, I can say that FortiGate checks all of those boxes. It is very simple to set up, and more than capable of all your needs. I find that it just makes sense more than say a SonicWall, which I would stay far away from personally. The FortiGate web UI is mostly logical, and there'e a robust CLI behind it when necessary. It's pretty affordable, support is decent, and the performance and features are pretty good IMO.

CCWTech

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

coliver

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

CCWTech

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.

I have a few Sonicwall devices and that's support I cringe about.

coliver

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.

I have a few Sonicwall devices and that's support I cringe about.

You may want to look at other stuff in the space as well. You can easily get better performance at a significantly lower price from several different vendors.

CCWTech

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:

@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Have you looked at Meraki?

Ewwwwwww

What don't you like about Meraki?

Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.

They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.

I have a few Sonicwall devices and that's support I cringe about.

You may want to look at other stuff in the space as well. You can easily get better performance at a significantly lower price from several different vendors.

I'm always looking for something better, but I have been very happy with Meraki.

PenguinWrangler

I would not recommend Untangle. I have to agree with everyone that is saying to break these things apart. When you mention anti-virus are you talking about something like a gateway antivirus? That is what I am assuming. I have used ipCop as a firewall. I liked it. Basic firewall. Is there a reason why you want UTM verses having these systems on their own?

Danp

@penguinwrangler said in Looking for recommendations on the best UTM Firewalls for SMB's...:

I would not recommend Untangle.

Why? Other than that fact that it is a UTM and that is frown upon by most everyone here.

black3dynamite

@vhinzsanchez said in Looking for recommendations on the best UTM Firewalls for SMB's...:

Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.

OPNsense is pretty nice too, especially the UI.