pes2013 Posted March 13, 2013 Share Posted March 13, 2013 Whats a good firewall for a small office? Budget Link to comment Share on other sites More sharing options...
syobon999 Posted March 13, 2013 Share Posted March 13, 2013 http://www.privacyware.com/PF_support.html Link to comment Share on other sites More sharing options...
mlowijs Posted March 13, 2013 Share Posted March 13, 2013 I'd recommend pfSense (http://pfsense.org) which is the perimeter firewall for my company. Works really well and easy to setup with a little knowledge, and it's free and open source! CPressland 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted March 13, 2013 MVC Share Posted March 13, 2013 ^ yeah its hard to beat pfsense for "cost" FREE, you just need to provide some hardware to run it on and some setup time. It will run on pretty much anything, you have a old pc around? There you go - your hardware. CPressland and fusi0n 2 Share Link to comment Share on other sites More sharing options...
mlowijs Posted March 13, 2013 Share Posted March 13, 2013 Exactly, and though it's free to use (no strings attached, you can pay for professional support if you want), it's extremely powerful and people have made many extensions for it. Link to comment Share on other sites More sharing options...
pes2013 Posted March 13, 2013 Author Share Posted March 13, 2013 Lets just go with a classic, Cisco, Netgear, etc.......Its a budget which means something more than free :p (Although pfsense is great) Link to comment Share on other sites More sharing options...
pes2013 Posted March 15, 2013 Author Share Posted March 15, 2013 A issue also with pFsense is that other people in the office mostly know how to control it....With most common routers, this is possible With pFsense you have to take 10 minutes. Link to comment Share on other sites More sharing options...
pes2013 Posted March 16, 2013 Author Share Posted March 16, 2013 No ideas? Link to comment Share on other sites More sharing options...
pes2013 Posted March 16, 2013 Author Share Posted March 16, 2013 OK well at least some brands recommendations from Cisco, Dell, Juniper , etc stating your recommendations and expirences.... Link to comment Share on other sites More sharing options...
#Michael Posted March 16, 2013 Share Posted March 16, 2013 Depending on your budget IMO you can't go wrong with the Sonicwall TZ series. The TZ 215 is great for small businesses but can be pricey. Link to comment Share on other sites More sharing options...
TPreston Posted March 16, 2013 Share Posted March 16, 2013 Any Cisco ISR will do this. But honestly you should be looking for a combined device with a NIPS, Malware filtering go incoming downloads aswell as the bog standard stateful firewall. As always its the rules that matter and unless its set to implicit deny its worthless. Link to comment Share on other sites More sharing options...
n_K Posted March 16, 2013 Share Posted March 16, 2013 Check out SNORT and the subscriber rules, that'll help cut down on the amount of dodgy traffic getting into your place. Link to comment Share on other sites More sharing options...
xendrome Posted March 16, 2013 Share Posted March 16, 2013 Yeah I'd say Sonicwall TZ-210. Link to comment Share on other sites More sharing options...
#Michael Posted March 16, 2013 Share Posted March 16, 2013 Yeah I'd say Sonicwall TZ-210. The 210 was retired for the 215 back in October. It is the 205 and the 215 now. I believe you can still buy it but Dell doesn't actually make them anymore. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted March 17, 2013 Veteran Share Posted March 17, 2013 A issue also with pFsense is that other people in the office mostly know how to control it....With most common routers, this is possible With pFsense you have to take 10 minutes. If you don't give them the admin password they will not be able to control it. CPressland and fusi0n 2 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted March 17, 2013 MVC Share Posted March 17, 2013 dude I have been trying to help him in the other thread he has started.. If your not talking a 150 router its going to be over budget. Reread what he posted - he wants the other others to be able to control it. He has no concern with content filtering, talk of SNORT - you might as well be talking talking nuclear physics to a 3 year old. His clients ask his 10 year old zyxel for dns, and they are members of domain - I would bet this is 99% of his issues. The router his looking for is something you would pick up at your computer store for $20, not a SMB/Enterprise class firewall. fusi0n 1 Share Link to comment Share on other sites More sharing options...
sc302 Veteran Posted March 17, 2013 Veteran Share Posted March 17, 2013 "A issue also with pFsense is that other people in the office mostly know how to control it....With most common routers, this is possible With pFsense you have to take 10 minutes." I don't get it. It's a problem when people know how to control it? It takes a whopping 10 min to look at the GUI to figure it out? To me, it sounds like he doesn't want them to be able to figure it out and it is a problem if they can. fusi0n 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted March 17, 2013 MVC Share Posted March 17, 2013 I don't think english is his native language.. screen shots of machines are in spanish I believe. Notice the "With pFsense you have to take 10 minutes." - and in his other thread he clearly states that he looked at pfsense but it was too complicated ;) "A way better firewall; pFsense seems complicated so Im thinking Cisco or DD-WRT." So I take it he wants the office to be able to understand the router, not the other way around. fusi0n 1 Share Link to comment Share on other sites More sharing options...
fusi0n Posted March 17, 2013 Share Posted March 17, 2013 pFSense.. it is free.. I am sure you have some old hardware you can put it on.. I am not sure why you would want the whole office to use it..? They'll just have that crap shredded to pieces.. Sonicwalls are ok for the money.. you get what you pay for in that aspect.. If you are dead set against doing what most of everyone here is recommending.. look into getting a nice Cisco Router and loading DD-WRT Link to comment Share on other sites More sharing options...
Boktai1000 Posted March 17, 2013 Share Posted March 17, 2013 I really like WatchGuard. Link to comment Share on other sites More sharing options...
1ON Posted March 17, 2013 Share Posted March 17, 2013 ZyXel USG100 http://www.smallnetb...ateway-reviewed Link to comment Share on other sites More sharing options...
+BudMan MVC Posted March 17, 2013 MVC Share Posted March 17, 2013 i think that is a bit overkill for what he is looking for, I think he is more in line for a 20 or 50 which I already suggested in his other thread. Crisp 1 Share Link to comment Share on other sites More sharing options...
danny62381 Posted March 17, 2013 Share Posted March 17, 2013 Let's be real for a second. Unless you're doing Site to Site VPNs, or need a remote access VPN for mobile users, then you might want to consider keeping a simple router setup. You really aren't going to find a "real" firewall that Joe Enduser can understand and operate. NAT, PAT, and VPN cryptography isn't something even the normal "admin" understands. This is just a pill that has to be swallowed. They might be able to set up users or something for remote access, but everything else should probably be left alone. If they don't then who do you think they will end up calling for help? That being said. If a true firewall solution is what's needed, then if you have the knowledge (and believe me it takes a good bit) then a Cisco ASA 5505 is going to be about the best you can get for a very small office or a spoke site. If the learning curve is to great, then go with SonicWall gear, as others have mentioned. Either way you go, make sure that (as with all technology implemented in a production/business environment) you get a support contract, to get updates/assistance etc. Don't waste time on unsupported freeware products. Not only is this very unwise, but you'll find yourself tearing all of them out if a merger ever happens because they aren't "standard" gear that most companies use. Link to comment Share on other sites More sharing options...
farmeunit Posted March 17, 2013 Share Posted March 17, 2013 Let's be real for a second. Unless you're doing Site to Site VPNs, or need a remote access VPN for mobile users, then you might want to consider keeping a simple router setup. You really aren't going to find a "real" firewall that Joe Enduser can understand and operate. NAT, PAT, and VPN cryptography isn't something even the normal "admin" understands. This is just a pill that has to be swallowed. They might be able to set up users or something for remote access, but everything else should probably be left alone. If they don't then who do you think they will end up calling for help? That being said. If a true firewall solution is what's needed, then if you have the knowledge (and believe me it takes a good bit) then a Cisco ASA 5505 is going to be about the best you can get for a very small office or a spoke site. If the learning curve is to great, then go with SonicWall gear, as others have mentioned. Either way you go, make sure that (as with all technology implemented in a production/business environment) you get a support contract, to get updates/assistance etc. Don't waste time on unsupported freeware products. Not only is this very unwise, but you'll find yourself tearing all of them out if a merger ever happens because they aren't "standard" gear that most companies use. I don't see how you think PFSense, Smoothwall, Monowall, Untangle, etc, aren't REAL firewalls? I agree they aren't at the same level of an ASA, but there is nothing wrong with them. I know a LOT of businesses that use PFSense. For one thing, to get any support with the ASA (including downloads for upgraded firmware), then that will be more money. For that matter, most of those firewalls have support options available, either through them or someone else. You also don't need a support contract. Just pay when you need it from one of those companies or vendors. If you can't figure out PFSense, or any other firewall, an ASA isn't going to be any easier. Karl L. 1 Share Link to comment Share on other sites More sharing options...
danny62381 Posted March 17, 2013 Share Posted March 17, 2013 I don't see how you think PFSense, Smoothwall, Monowall, Untangle, etc, aren't REAL firewalls? I agree they aren't at the same level of an ASA, but there is nothing wrong with them. I know a LOT of businesses that use PFSense. For one thing, to get any support with the ASA (including downloads for upgraded firmware), then that will be more money. For that matter, most of those firewalls have support options available, either through them or someone else. You also don't need a support contract. Just pay when you need it from one of those companies or vendors. If you can't figure out PFSense, or any other firewall, an ASA isn't going to be any easier. I didn't say that the ASA was the most "simple" solution, nor the most cost effective. I agree that it's quite the opposite. Just saying that amongst most large enterprises it's what I see the most of. If you have the knowledge, you can get a 5505 going for < $1000. If I couldn't go the ASA route, then I wouldn't hesitate going SonicWall simply because of the quality support and also due to the fact that most enterprise level engineers are familiar with them. If someone calls me in the middle of the night for a support call, and I have to tunnel into some homebrew PFSense box, then the first thing that pops in my head before I VPN to the customer's site is "Oh man, I wonder what kind of run down gear they are running this on".... In no way am I bashing PFSense, it's a wonderfull product made by very competent people, but at the end of the day, I'd rather be backed by either Cisco TAC, or Dell Support should something go wrong with the device and I need to have it RMAed out. This and many other reasons, stability, etc. Link to comment Share on other sites More sharing options...
Recommended Posts