Looking for recommendations on the best UTM Firewalls for SMB's...
-
Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.
-
I don't think Pfsense is difficult to manage.
Even mount a HA is quite simple.
-
Since pfSense has been covered well enough already:
Looking at the bullet points in your decision criteria, I can say that FortiGate checks all of those boxes. It is very simple to set up, and more than capable of all your needs. I find that it just makes sense more than say a SonicWall, which I would stay far away from personally. The FortiGate web UI is mostly logical, and there'e a robust CLI behind it when necessary. It's pretty affordable, support is decent, and the performance and features are pretty good IMO.
-
@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
Have you looked at Meraki?
Ewwwwwww
What don't you like about Meraki?
-
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
Have you looked at Meraki?
Ewwwwwww
What don't you like about Meraki?
Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.
-
@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
Have you looked at Meraki?
Ewwwwwww
What don't you like about Meraki?
Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.
They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.
I have a few Sonicwall devices and that's support I cringe about.
-
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
Have you looked at Meraki?
Ewwwwwww
What don't you like about Meraki?
Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.
They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.
I have a few Sonicwall devices and that's support I cringe about.
You may want to look at other stuff in the space as well. You can easily get better performance at a significantly lower price from several different vendors.
-
@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@coliver said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@scottalanmiller said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@ccwtech said in Looking for recommendations on the best UTM Firewalls for SMB's...:
Have you looked at Meraki?
Ewwwwwww
What don't you like about Meraki?
Have you used them? Slow and unreliable the support, since Cisco took over, is subpar. On top of that they are incredibly expensive when compared to basically anything in the space except Cisco.
They are pricey. I have used them and loved them. Very easy to configure. Support has been top notch.
I have a few Sonicwall devices and that's support I cringe about.
You may want to look at other stuff in the space as well. You can easily get better performance at a significantly lower price from several different vendors.
I'm always looking for something better, but I have been very happy with Meraki.
-
I would not recommend Untangle. I have to agree with everyone that is saying to break these things apart. When you mention anti-virus are you talking about something like a gateway antivirus? That is what I am assuming. I have used ipCop as a firewall. I liked it. Basic firewall. Is there a reason why you want UTM verses having these systems on their own?
-
@penguinwrangler said in Looking for recommendations on the best UTM Firewalls for SMB's...:
I would not recommend Untangle.
Why? Other than that fact that it is a UTM and that is frown upon by most everyone here.
-
@vhinzsanchez said in Looking for recommendations on the best UTM Firewalls for SMB's...:
Also liking pfSense. Once you got the hang of it, its easy-peasy to manage.
OPNsense is pretty nice too, especially the UI.
-
FortiGate and WatchGuard are the two I have the most experience with and both are pretty solid.
-
I tend to use Edgerouters everywhere I can. That being said - I have 2 Sophos UTMs because of the web filtering mainly. I realize you can put them in transparent mode behind another router but it seems pointless when it can do everything. The country blocking is another feature that works really well. If I needed just a firewall I would never consider them.
-
I would just recommend a different strategy all together because if you're UTM is compromised, then where is the rest of your security going to be? This is why I recommend breaking it apart. AV at the firewall might not be a bad idea, but I would recommend breaking out the IDS/IPS behind the firewall. Also, breaking out the proxy just right behind the firewall as well, if you need one.
-
@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?
-
@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?
Squid (http://www.squid-cache.org/)
PiHole (https://pi-hole.net/)
Safesquid (https://www.safesquid.com/)
Strongarm (https://strongarm.io/)
-
@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?
@black3dynamite said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:
@nerdydad I agree 100%. Web filtering was the reason for the Sophos. For a school it works very well. What would you use for a filter behind a "normal" firewall?
Squid (http://www.squid-cache.org/)
PiHole (https://pi-hole.net/)
Safesquid (https://www.safesquid.com/)
Strongarm (https://strongarm.io/)
Just like @black3dynamite said. Squid for proxying, Pi-hole for internal DNS filtering and getting rid of ads, and Strongarm for external DNS. I've never used either Squid or Strongarm, but have heard that they are good products.
-
@nerdydad I use PiHole at home and it is great. SafeSquid looks pretty impressive. May have to fire these up in my lab and test them out.
-
I use a Watchguard XTM515 here it is very nice. You just have to sub to the parts you want, IPS, APT, etc.
There are software updates all the time. New features added all the time. Their support is great. -
@brandon220 said in Looking for recommendations on the best UTM Firewalls for SMB's...:
I tend to use Edgerouters everywhere I can. That being said - I have 2 Sophos UTMs because of the web filtering mainly. I realize you can put them in transparent mode behind another router but it seems pointless when it can do everything. The country blocking is another feature that works really well. If I needed just a firewall I would never consider them.
pfBlocker / pfBlockNG on pfSense is great. You'll have a lot fewer kids knocking if you lock out all but the few required countries where you have employees etc. Doesn't make sense for a website maybe, but works great for VPNs for example. Only downside, as with every on-site firewall, is that the traffic already went over your wire, but it helps anyway.