Praetor Posted September 16, 2013 Share Posted September 16, 2013 So in like a couple of weeks I'm gonna start studying/practicing in my home lab these (and if there are others they are welcomed) firewalls / UTM. What i really want to know is how they behave (as in performance), the kind of features they have (if they support VPNs and how many, ease of publishing rules, the amount of updates released by the vendor, etc.), your experience of this products versus commercial ones (like Cisco, Juniper, SonicWall, Fortinet, etc.). I'm a ISA / TMG guy but i must learn other alternatives since TMG isn't available right now (and it's phased out) and the recommended ones by Microsoft are way too much expensive ones for the clients i have (small/middle sized business). oh also very important: most of the clients i have they publish OWA (exchange) via ISA / TMG, so this firewall must support this as well. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 16, 2013 Veteran Share Posted September 16, 2013 Well you won't necessarily be publishing it like you do with tmg or isa, you will be sending the port over to that server either through one to one nat or simply forward the port over. All of these support this, even still none support publishing like tmg does all firewalls either forward ports or support one to one nat. Link to comment Share on other sites More sharing options...
MidnightDevil Posted September 16, 2013 Share Posted September 16, 2013 You forgot IpCop which if I'm not mistaken does everything you mentioned and has a shitload of plugins which you can add according to your needs. The other ones probably too. Why not Dragon as IDS while you're at it? :b Link to comment Share on other sites More sharing options...
+Fahim S. MVC Posted September 16, 2013 MVC Share Posted September 16, 2013 SphireWall seems to be another interesting one... although I can't ascertain with development is continuing or is dead. Big fan of pfSense myself. Link to comment Share on other sites More sharing options...
MidnightDevil Posted September 16, 2013 Share Posted September 16, 2013 SphireWall seems to be another interesting one... although I can't ascertain with development is continuing or is dead. Big fan of pfSense myself. Sphirewall is still under development! :) Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted September 16, 2013 MVC Share Posted September 16, 2013 Never heard of SphireWall. But it does look good. I am going to give this a try. Link to comment Share on other sites More sharing options...
+Fahim S. MVC Posted September 16, 2013 MVC Share Posted September 16, 2013 Sphirewall is still under development! :) How do you know? Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted September 16, 2013 MVC Share Posted September 16, 2013 Do a quick search and their last release was in July 2013 ;) Link to comment Share on other sites More sharing options...
ndoggfromhell Posted September 16, 2013 Share Posted September 16, 2013 Sophos UTM (formerly astaro) is a pretty decent free for home use product. The reporting is decent and the features are pretty nice. I like it over Untangle. Link to comment Share on other sites More sharing options...
+Fahim S. MVC Posted September 16, 2013 MVC Share Posted September 16, 2013 Do a quick search and their last release was in July 2013 ;) No news on progress since does make me wonder. Link to comment Share on other sites More sharing options...
Praetor Posted September 16, 2013 Author Share Posted September 16, 2013 hum...my main concern is: - easiness of deployment (install, configure and maintain). - cost. - support. I my opinion, ISA / TMG had a huge advantage as the cost was low for the amount of features it had; now i have to find a similar product for enterprise environments (small/middle sized) with cost, feature wise and support as my #1 priorities. Cisco / Juniper / Fortinet have good produts but the cost is prohibitive for some of the clients i have. Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 16, 2013 Veteran Share Posted September 16, 2013 A Cisco 5505 is an entry level appliance and will do that of the firewalls you are looking at Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted September 16, 2013 MVC Share Posted September 16, 2013 Sophos UTM (formerly astaro) is a pretty decent free for home use product. The reporting is decent and the features are pretty nice. I like it over Untangle. Very interesting! I tried to download it but all I get is ... Il s'est produit une erreur inattendue. Can anyone else download it? Link to comment Share on other sites More sharing options...
ndoggfromhell Posted September 20, 2013 Share Posted September 20, 2013 I just downloaded it, but I have the FTP site saved. http://download.astaro.com/UTM/v9/software_appliance/iso/ Link to comment Share on other sites More sharing options...
MidnightDevil Posted September 20, 2013 Share Posted September 20, 2013 How do you know? Because according to their website: July 31, 2013 Sphirewall 0.9.9.6 Released Today Today we have pushed out another Sphirewall release. This release was spent working on stability and performance, ironing out a whole heap of issues. Users can expect a new level of stability and performance with both the management interfaces and core system. We have also reintroduced some of the functionality that was removed with the wmi migration to python flask such as logging, and validation. For the full release notes click here? or head over to our website for downloads and more information, http://sphirewall.net Link to comment Share on other sites More sharing options...
bnelsonjax Posted September 20, 2013 Share Posted September 20, 2013 You mentioned for your clients, so I'm assuming you will be responsible/liable for the firewall in the clients production environment? Why are you looking for free high-risk options for your clients? Most cisco/sonicwall/watchguard firewalls are affordable for any size business. Do yourself a favor and don't offer free/unsupported/outdated solutions to your clients. Besides, once you become an expert in Cisco or Sonicwall, your value goes up (more companies use cisco/sonicwall, so you have more chances to land new clients) Link to comment Share on other sites More sharing options...
sc302 Veteran Posted September 20, 2013 Veteran Share Posted September 20, 2013 pfsense, for example of a free solution, does offer support and is current. I am not sure exactly where you are coming from bnelson...because it isn't cisco or sonicwall doesn't mean that it can't do the same or has support for. http://pfsense.com/index.php@option=com_content&task=view&id=63&Itemid=69.html Current update as of this post is September 15th, 2013, not bad only 5 days old. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted September 21, 2013 MVC Share Posted September 21, 2013 Unsupported? Outdated? Free yes the product is free.. But that has little to do with its ability to run in an enterprise environment or small ma and pa shops. To be honest your going to get better support from a pfsense then you would cisco or sonicwall, etc.. Have you looked into their support model? https://portal.pfsense.org/support-subscription.php What is the cost of cisco or sonicwall support? Do they offer to directly support your customers with reseller support for 2k a year? https://portal.pfsense.org/reseller-subscription.php So while your statement that pfsense is free is quite valid - to think its not supported or outdated is just ludicrous. remixedcat 1 Share Link to comment Share on other sites More sharing options...
Recommended Posts