I'm currently looking at Cisco's 5550, and HP's F1000, but the base models don't really offer too many bells and whistles, and adding on the bells and whistles gets quite expensive.
Is anyone else using a "Next Gen" firewall, and if so, what did you get for your money? I'd like IPS, L7 application control, and fast (close to line speed) content filtering if possible, to go with our 200Mb connection (possibly upgrading to 1Gb).
Why not look at the best firewall in the world (and proven), no licensing costs because it's built on FreeBSD - and yes you get layer 7 control we use it everyday, we also use the content filtering on it and it uses squid with dansguardian (and yes it's at line speed) if you really want, it also incorporates captive portal for wireless guests.
We have 5 1 Gig NIC's in our firewall - since it's actually A PC it's highly upgrade-able and flexible with expansion.
I'm talking about of course ... Pfsense.
This video proves that PFsense is the best firewall ever! Best Firewall Ever | LAS | s18e07 - YouTube & http://www.youtube.com/watch?v=stnJiPBIM6o
All you need is an old machine, and the ISO image.
pfSense Open Source Firewall Distribution - Home
Oh yeah it also has VPN capabilities..........
Thanks for your response.
We've been running several squid/dansguardian firewalls for over ten years. Even on decent hardware, they can bottleneck our current 100Mb contended connection.
We need guaranteed performance, and a proxied content filter just won't deliver.
Fair enough, but at some point try pfsense anyway - i'm sure you'll be plenty surprised!
We're just in the process of buying a couple of Palo-Alto firewalls from @Net-Ctrl
Currently got one in as a demo unit and I have to say I'm very very impressed with it. Amazing product, but it certainly isn't cheap. Unfortunately (as we've found) if you want IPS/App filtering/Content filtering (and possibly AV) at 1gig guaranteed speeds then you're going to need to spend some £££. We did look at the roll your own route with pFsense/Untangle but decided once we factored into account decent hardware (server grade) and a support contract (they both offer them) we may as well go with a commercial vendor.
Certainly a commercial vendor is the safer option. From my research/testing (looked at Cisco, Fortinet, Juniper, Palo Alto, Watchguard) Palo were light years ahead of everyone else when it came to the "next-gen" app control functionality and to be honest it just worked. Very easy to setup and get my head around as well which always helps :).
A bit off topic but if you decide to go down the Cisco/HP road, we have both of these in stock so i'm sure we could do you a deal which would be a lot cheaper than normal. Just drop me an email if you need them.
Sonicwall might be worth looking at, they also do a discount for education. SonicWALL Online
Thanks Soulfish - I'll have a look at the Palo-Alto
Impressive reviews but expensive, my pockets are not that deep
They are expensive, but unfortunately the best normally is :(. I have found however that they are willing to work with you on price if that is the only remaining sticking point. Something to bear in mind if you're interested in them!
Originally Posted by ict_support
For anyone that is interested in the Palo Alto solution then please give me a shout, we are more than happy to get you a live demo or meeting if needed.
Also if it helps I have Palo Alto in my office all day today until around 4pm and can run a web x demo today if needed, if you are interested then please email me email@example.com and we can arrange this. Anyone is welcome.
I would recommend Watchguard, we have some 120 of them and cannot fault them.