Jump to content

Question

Posted

So in like a couple of weeks I'm gonna start studying/practicing in my home lab these (and if there are others they are welcomed) firewalls / UTM.

 

What i really want to know is how they behave (as in performance), the kind of features they have (if they support VPNs and how many, ease of publishing rules, the amount of updates released by the vendor, etc.), your experience of this products versus commercial ones (like Cisco, Juniper, SonicWall, Fortinet, etc.). I'm a ISA / TMG guy but i must learn other alternatives since TMG isn't available right now (and it's phased out) and the recommended ones by Microsoft are way too much expensive ones for the clients i have (small/middle sized business).

 

oh also very important: most of the clients i have they publish OWA (exchange) via ISA / TMG, so this firewall must support this as well.

Share this post


Link to post
Share on other sites

17 answers to this question

  • 0

Posted

Well you won't necessarily be publishing it like you do with tmg or isa, you will be sending the port over to that server either through one to one nat or simply forward the port over.  All of these support this, even still none support publishing like tmg does all firewalls either forward ports or support one to one nat.

Share this post


Link to post
Share on other sites
  • 0

Posted

You forgot IpCop which if I'm not mistaken does everything you mentioned and has a shitload of plugins which you can add according to your needs.

The other ones probably too.  Why not Dragon as IDS while you're at it? :b

Share this post


Link to post
Share on other sites
  • 0

Posted

SphireWall seems to be another interesting one... although I can't ascertain with development is continuing or is dead.

 

Big fan of pfSense myself.

Share this post


Link to post
Share on other sites
  • 0

Posted

SphireWall seems to be another interesting one... although I can't ascertain with development is continuing or is dead.

 

Big fan of pfSense myself.

 

 

Sphirewall is still under development! :) 

Share this post


Link to post
Share on other sites
  • 0

Posted

Never heard of SphireWall. But it does look good. I am going to give this a try.

Share this post


Link to post
Share on other sites
  • 0

Posted

Sphirewall is still under development! :)

 

How do you know?

Share this post


Link to post
Share on other sites
  • 0

Posted

Do a quick search and their last release was in July 2013 ;)

Share this post


Link to post
Share on other sites
  • 0

Posted

Sophos UTM (formerly astaro) is a pretty decent free for home use product.  The reporting is decent and the features are pretty nice.  I like it over Untangle.

Share this post


Link to post
Share on other sites
  • 0

Posted

Do a quick search and their last release was in July 2013 ;)

 

No news on progress since does make me wonder.

Share this post


Link to post
Share on other sites
  • 0

Posted

hum...my main concern is:

- easiness of deployment (install, configure and maintain).

- cost.

- support.

 

I my opinion, ISA / TMG had a huge advantage as the cost was low for the amount of features it had; now i have to find a similar product for enterprise environments (small/middle sized) with cost, feature wise and support as my #1 priorities. Cisco / Juniper / Fortinet have good produts but the cost is prohibitive for some of the clients i have.

Share this post


Link to post
Share on other sites
  • 0

Posted

A Cisco 5505 is an entry level appliance and will do that of the firewalls you are looking at

Share this post


Link to post
Share on other sites
  • 0

Posted

Sophos UTM (formerly astaro) is a pretty decent free for home use product.  The reporting is decent and the features are pretty nice.  I like it over Untangle.

 

Very interesting! I tried to download it but all I get is ...

 

Il s'est produit une erreur inattendue.

 

Can anyone else download it?

Share this post


Link to post
Share on other sites
  • 0

Posted

How do you know?

 

Because according to their website:


July 31, 2013

Sphirewall 0.9.9.6 Released Today

Today we have pushed out another Sphirewall release. This release was spent working on stability and performance, ironing out a whole heap of issues. Users can expect a new level of stability and performance with both the management interfaces and core system. We have also reintroduced some of the functionality that was removed with the wmi migration to python flask such as logging, and validation.

For the full release notes click here

Share this post


Link to post
Share on other sites
  • 0

Posted

You mentioned for your clients, so I'm assuming you will be responsible/liable for the firewall in the clients production environment? Why are you looking for free high-risk options for your clients? Most cisco/sonicwall/watchguard firewalls are affordable for any size business. Do yourself a favor and don't offer free/unsupported/outdated solutions to your clients. Besides, once you become an expert in Cisco or Sonicwall, your value goes up (more companies use cisco/sonicwall, so you have more chances to land new clients)

Share this post


Link to post
Share on other sites
  • 0

Posted

pfsense, for example of a free solution, does offer support and is current.  I am not sure exactly where you are coming from bnelson...because it isn't cisco or sonicwall doesn't mean that it can't do the same or has support for. 

 

http://pfsense.com/index.php@option=com_content&task=view&id=63&Itemid=69.html

 

Current update as of this post is September 15th, 2013, not bad only 5 days old.

Share this post


Link to post
Share on other sites
  • 0

Posted

Unsupported? Outdated?  Free yes the product is free..  But that has little to do with its ability to run in an enterprise environment or small ma and pa shops.

 

To be honest your going to get better support from a pfsense then you would cisco or sonicwall, etc..  Have you looked into their support model?

 

https://portal.pfsense.org/support-subscription.php

 

What is the cost of cisco or sonicwall support?  Do they offer to directly support your customers with reseller support for 2k a year?

https://portal.pfsense.org/reseller-subscription.php

 

So while your statement that pfsense is free is quite valid - to think its not supported or outdated is just ludicrous.

1 person likes this

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.