+ Post New Thread
Results 1 to 13 of 13
Internet Related/Filtering/Firewall Thread, Firewall recommendations in Technical; I'm currently looking at Cisco's 5550, and HP's F1000, but the base models don't really offer too many bells and ...
  1. #1
    Shaun_Dark_Lord's Avatar
    Join Date
    May 2008
    Location
    Bexley
    Posts
    46
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    13

    Question Firewall recommendations

    I'm currently looking at Cisco's 5550, and HP's F1000, but the base models don't really offer too many bells and whistles, and adding on the bells and whistles gets quite expensive.

    Is anyone else using a "Next Gen" firewall, and if so, what did you get for your money? I'd like IPS, L7 application control, and fast (close to line speed) content filtering if possible, to go with our 200Mb connection (possibly upgrading to 1Gb).

    Thanks

    Shaun

  2. #2
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    East Yorkshire
    Posts
    2,152
    Thank Post
    439
    Thanked 236 Times in 215 Posts
    Blog Entries
    2
    Rep Power
    68
    Why not look at the best firewall in the world (and proven), no licensing costs because it's built on FreeBSD - and yes you get layer 7 control we use it everyday, we also use the content filtering on it and it uses squid with dansguardian (and yes it's at line speed) if you really want, it also incorporates captive portal for wireless guests.

    We have 5 1 Gig NIC's in our firewall - since it's actually A PC it's highly upgrade-able and flexible with expansion.

    I'm talking about of course ... Pfsense.

    This video proves that PFsense is the best firewall ever! Best Firewall Ever | LAS | s18e07 - YouTube & http://www.youtube.com/watch?v=stnJiPBIM6o

    All you need is an old machine, and the ISO image.

    pfSense Open Source Firewall Distribution - Home


    Oh yeah it also has VPN capabilities..........
    Last edited by cpjitservices; 19th June 2012 at 09:45 AM.

  3. Thanks to cpjitservices from:

    Shaun_Dark_Lord (19th June 2012)

  4. #3
    Shaun_Dark_Lord's Avatar
    Join Date
    May 2008
    Location
    Bexley
    Posts
    46
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    13
    Hi cpjitservices

    Thanks for your response.

    We've been running several squid/dansguardian firewalls for over ten years. Even on decent hardware, they can bottleneck our current 100Mb contended connection.

    We need guaranteed performance, and a proxied content filter just won't deliver.

    Thanks anyway.

  5. #4
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    East Yorkshire
    Posts
    2,152
    Thank Post
    439
    Thanked 236 Times in 215 Posts
    Blog Entries
    2
    Rep Power
    68
    Fair enough, but at some point try pfsense anyway - i'm sure you'll be plenty surprised!


  6. #5
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,411
    Thank Post
    3
    Thanked 93 Times in 89 Posts
    Blog Entries
    1
    Rep Power
    50

  7. #6

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,466
    Thank Post
    292
    Thanked 301 Times in 260 Posts
    Rep Power
    80
    We're just in the process of buying a couple of Palo-Alto firewalls from @Net-Ctrl

    Currently got one in as a demo unit and I have to say I'm very very impressed with it. Amazing product, but it certainly isn't cheap. Unfortunately (as we've found) if you want IPS/App filtering/Content filtering (and possibly AV) at 1gig guaranteed speeds then you're going to need to spend some . We did look at the roll your own route with pFsense/Untangle but decided once we factored into account decent hardware (server grade) and a support contract (they both offer them) we may as well go with a commercial vendor.

    Certainly a commercial vendor is the safer option. From my research/testing (looked at Cisco, Fortinet, Juniper, Palo Alto, Watchguard) Palo were light years ahead of everyone else when it came to the "next-gen" app control functionality and to be honest it just worked. Very easy to setup and get my head around as well which always helps .

  8. 3 Thanks to Soulfish:

    Aggy (19th June 2012), MarkPower (19th June 2012), Shaun_Dark_Lord (19th June 2012)

  9. #7

    Millgate's Avatar
    Join Date
    May 2011
    Location
    Sheffield
    Posts
    1,391
    Thank Post
    401
    Thanked 315 Times in 231 Posts
    Rep Power
    127
    A bit off topic but if you decide to go down the Cisco/HP road, we have both of these in stock so i'm sure we could do you a deal which would be a lot cheaper than normal. Just drop me an email if you need them.

    Cheers

  10. #8

    Join Date
    Jun 2009
    Location
    North
    Posts
    114
    Thank Post
    28
    Thanked 17 Times in 17 Posts
    Rep Power
    14
    Sonicwall might be worth looking at, they also do a discount for education. SonicWALL Online

  11. #9
    Shaun_Dark_Lord's Avatar
    Join Date
    May 2008
    Location
    Bexley
    Posts
    46
    Thank Post
    4
    Thanked 4 Times in 4 Posts
    Rep Power
    13
    Thanks Soulfish - I'll have a look at the Palo-Alto

  12. #10

    Join Date
    Jun 2009
    Location
    North
    Posts
    114
    Thank Post
    28
    Thanked 17 Times in 17 Posts
    Rep Power
    14
    Palo-Alto firewalls


    Impressive reviews but expensive, my pockets are not that deep
    Last edited by ict_support; 19th June 2012 at 10:02 AM.

  13. #11

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,466
    Thank Post
    292
    Thanked 301 Times in 260 Posts
    Rep Power
    80
    Quote Originally Posted by ict_support View Post
    Palo-Alto firewalls


    Impressive reviews but expensive, my pockets are not that deep
    They are expensive, but unfortunately the best normally is . I have found however that they are willing to work with you on price if that is the only remaining sticking point. Something to bear in mind if you're interested in them!

  14. Thanks to Soulfish from:

    MarkPower (19th June 2012)

  15. #12
    MarkPower's Avatar
    Join Date
    Nov 2008
    Location
    Ipswich
    Posts
    194
    Thank Post
    144
    Thanked 42 Times in 30 Posts
    Blog Entries
    1
    Rep Power
    18
    For anyone that is interested in the Palo Alto solution then please give me a shout, we are more than happy to get you a live demo or meeting if needed.

    Also if it helps I have Palo Alto in my office all day today until around 4pm and can run a web x demo today if needed, if you are interested then please email me mark.power@net-ctrl.com and we can arrange this. Anyone is welcome.

    Cheers

    Mark

  16. #13

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,054
    Thank Post
    11
    Thanked 204 Times in 198 Posts
    Rep Power
    63
    I would recommend Watchguard, we have some 120 of them and cannot fault them.

SHARE:
+ Post New Thread

Similar Threads

  1. Recommendations for Firewall / Web Filtering
    By Geek_of_HeathMount in forum Internet Related/Filtering/Firewall
    Replies: 20
    Last Post: 2nd May 2011, 03:02 PM
  2. Firewall recommendations
    By Biker in forum Internet Related/Filtering/Firewall
    Replies: 13
    Last Post: 17th February 2009, 12:53 PM
  3. Can anyone recommend a good firewall?
    By rusty155 in forum Wireless Networks
    Replies: 13
    Last Post: 21st January 2008, 09:48 AM
  4. Replies: 10
    Last Post: 1st February 2006, 01:02 PM
  5. Server Recommendation Please
    By altecsole in forum Hardware
    Replies: 29
    Last Post: 21st October 2005, 08:15 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •