Internet Related/Filtering/Firewall Thread, Firewall recommendations in Technical; I'm currently looking at Cisco's 5550, and HP's F1000, but the base models don't really offer too many bells and ...
19th June 2012, 09:22 AM #1
I'm currently looking at Cisco's 5550, and HP's F1000, but the base models don't really offer too many bells and whistles, and adding on the bells and whistles gets quite expensive.
Is anyone else using a "Next Gen" firewall, and if so, what did you get for your money? I'd like IPS, L7 application control, and fast (close to line speed) content filtering if possible, to go with our 200Mb connection (possibly upgrading to 1Gb).
19th June 2012, 09:30 AM #2
Why not look at the best firewall in the world (and proven), no licensing costs because it's built on FreeBSD - and yes you get layer 7 control we use it everyday, we also use the content filtering on it and it uses squid with dansguardian (and yes it's at line speed) if you really want, it also incorporates captive portal for wireless guests.
We have 5 1 Gig NIC's in our firewall - since it's actually A PC it's highly upgrade-able and flexible with expansion.
I'm talking about of course ... Pfsense.
This video proves that PFsense is the best firewall ever! Best Firewall Ever | LAS | s18e07 - YouTube & http://www.youtube.com/watch?v=stnJiPBIM6o
All you need is an old machine, and the ISO image.
pfSense Open Source Firewall Distribution - Home
Oh yeah it also has VPN capabilities..........
Last edited by cpjitservices; 19th June 2012 at 09:45 AM.
Thanks to cpjitservices from:
Shaun_Dark_Lord (19th June 2012)
19th June 2012, 09:43 AM #3
Thanks for your response.
We've been running several squid/dansguardian firewalls for over ten years. Even on decent hardware, they can bottleneck our current 100Mb contended connection.
We need guaranteed performance, and a proxied content filter just won't deliver.
19th June 2012, 09:51 AM #4
Fair enough, but at some point try pfsense anyway - i'm sure you'll be plenty surprised!
19th June 2012, 09:51 AM #5
19th June 2012, 09:52 AM #6
We're just in the process of buying a couple of Palo-Alto firewalls from @Net-Ctrl
Currently got one in as a demo unit and I have to say I'm very very impressed with it. Amazing product, but it certainly isn't cheap. Unfortunately (as we've found) if you want IPS/App filtering/Content filtering (and possibly AV) at 1gig guaranteed speeds then you're going to need to spend some £££. We did look at the roll your own route with pFsense/Untangle but decided once we factored into account decent hardware (server grade) and a support contract (they both offer them) we may as well go with a commercial vendor.
Certainly a commercial vendor is the safer option. From my research/testing (looked at Cisco, Fortinet, Juniper, Palo Alto, Watchguard) Palo were light years ahead of everyone else when it came to the "next-gen" app control functionality and to be honest it just worked. Very easy to setup and get my head around as well which always helps .
3 Thanks to Soulfish:
Aggy (19th June 2012), MarkPower (19th June 2012), Shaun_Dark_Lord (19th June 2012)
19th June 2012, 09:54 AM #7
A bit off topic but if you decide to go down the Cisco/HP road, we have both of these in stock so i'm sure we could do you a deal which would be a lot cheaper than normal. Just drop me an email if you need them.
19th June 2012, 09:56 AM #8
Sonicwall might be worth looking at, they also do a discount for education. SonicWALL Online
19th June 2012, 09:57 AM #9
Thanks Soulfish - I'll have a look at the Palo-Alto
19th June 2012, 10:01 AM #10
Impressive reviews but expensive, my pockets are not that deep
Last edited by ict_support; 19th June 2012 at 10:02 AM.
19th June 2012, 10:08 AM #11
They are expensive, but unfortunately the best normally is . I have found however that they are willing to work with you on price if that is the only remaining sticking point. Something to bear in mind if you're interested in them!
Originally Posted by ict_support
Thanks to Soulfish from:
MarkPower (19th June 2012)
19th June 2012, 10:46 AM #12
For anyone that is interested in the Palo Alto solution then please give me a shout, we are more than happy to get you a live demo or meeting if needed.
Also if it helps I have Palo Alto in my office all day today until around 4pm and can run a web x demo today if needed, if you are interested then please email me email@example.com and we can arrange this. Anyone is welcome.
19th June 2012, 05:21 PM #13
I would recommend Watchguard, we have some 120 of them and cannot fault them.
By Geek_of_HeathMount in forum Internet Related/Filtering/Firewall
Last Post: 2nd May 2011, 03:02 PM
By Biker in forum Internet Related/Filtering/Firewall
Last Post: 17th February 2009, 12:53 PM
By rusty155 in forum Wireless Networks
Last Post: 21st January 2008, 09:48 AM
By woody in forum Windows
Last Post: 1st February 2006, 01:02 PM
By altecsole in forum Hardware
Last Post: 21st October 2005, 08:15 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)