Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all,
Vanilla are planning an update to the site on April 24th (next Wednesday). It is a major PHP8 update which is expected to boost performance across the site. The site will be down from 7pm and it is expected to take about an hour to complete. We appreciate your patience during the update.
Thanks all.

Small Business Firewall Sugestiones

  • 24-09-2014 3:24pm
    #1
    notmymark
    Registered Users Posts: 104 ✭✭


    Hey all,

    So I do some system admin for my parents company but am a little out of touch with respect to current hardware. They are mostly cloud based but their existing Routing Firewall is a little out of date so I am considering upgrading it.

    The company has 8-10 workstations in the office and 2 full-time remote users with the occasional extra remote user while on business trips. In the office all the workstations are wired to the network but we would need a separate Wi-Fi network for the use of visitors and personal staff phones.
    The switches and other H/W were purchased more recently so it is just the Firewall (+AP) I’m looking into.

    Can anyone make any suggestions for a good firewall based on what I said? Obviously since it is not an essential upgrade cost will be a strong consideration (but if we have to pay to get the features than that is OK). Also since I manage the network myself a nice UI would be a plus.

    Thanks for your help!


Comments

  • #2
    notmymark
    Registered Users Posts: 104 ✭✭notmymark


    Sorry I actually meant to post this under Servers & Systems (I had mutable tabs open). Mods feel free to move it if you think it is better served there. If not no worries…


  • #3
    Ctrl Alt Del
    Registered Users Posts: 357 ✭✭Ctrl Alt Del


    Ok,we need at few different options and requirements here...

    My working principle are that one device does one task at one time:

    -router is doing routing
    -switch is doing switching
    -WiFI AP or Router doing only Wireless

    Local router / firewall
    A cost effective firewall is the one that comes with your broadband,supplied by your ISP.
    Next level,any major brand will do it fine,just go by your taste...
    Top level,if you need good NATing rules and policies,some extra features,good CPU & RAM,also built-in hardware VPN capabilities (with optional VPN client installed on the remote workers laptops) i will look at Draytek or Sonicwall.(I'll chose Sonicwall)

    WiFi Network
    I definitevely chose a dedicated Wireless Access Point or Router so that will enable to separate the visitors and staff phones while creating an "external" LAN inside the LAN,just by separating logical(different IP addresing range) and physical (creating a dedicated portshield on the router and create routing/NAT/Polices) for WiFI guest access. Again,i will chose Sonicwall.

    WiFi Router / Access Point
    You'll need a dual band device that gives enough coverage to dont go outside your office and to cover the area intended to.Also, a good bandwidth as well.I'll chose a UniFI Pro WAP unit from UBNT,comes with nice management,PoE,2.4/5GHz bands,fast speed.

    What type of broadband are we talking in the office ? SDSL or ADSL ?
    I'll upgrade the switch to a 1GB port level to take advantage of the faster than 100MB broadband line.

    Have fun...
    Regards


  • #4
    ressem
    Registered Users Posts: 2,426 ✭✭✭ressem


    Not so sure about Sonicwalls. Maybe Ctrl Alt Del has experience with newer hardware but...

    If it is a UPC connection, the last experiences I've had with Sonicwall TZ2xx found them rather underpowered, causing them to slow and drop connections.
    The hardware is aimed more at aDSL speeds.
    They were less reliable and needed unscheduled rebooting more frequently than a software firewall on a secondhand dell optiplex.

    And Sonicwalls + Sonicpoints for wifi have not in the past allowed simple swapping out individual sonicpoints to support the current generation of wifi tech. (e.g. 802.11g to 802.11n)

    E.g. to support a future 802.11ac wifi Sonicpoint, the Sonicwall firewall hardware might need to be replaced.

    Don't look at the base sticker price. Make sure to price the sonicwall subscription addons before buying as stuff like the IDS expire after 90 days without a subscription, and they are pricy for a small business.


  • #5
    wandererz
    Registered Users Posts: 2,525 ✭✭✭wandererz


    I am biased about this because i work with these devices on a regular basis.
    At the same time though, Fortinet has grown to number 1 in Ireland so there should be multiple resellers to purchase from.

    So i would suggest a:
    FortiGate 60D (FW, AV, IPS, APP Control, WIFi Controller)
    + FortiAP (perhaps FAP-221C if you need 802.1ac)

    http://www.fortinet.com/sites/default/files/productdatasheets/FortiGate-60D.pdf
    http://www.fortinet.com/sites/default/files/productdatasheets/Wireless_Product_Matrix.pdf

    The WiFi can be configured with multiple SSID's that can be kept separate (e.g. business & guest).
    If you need guest management (i.e. receptionist can create a visitor/guest account) that can be done as well.

    Everyone can be web filtered (with multiple filtering policies) - including wired and wireless users. Also AV scanned, IPS applied, APP Controlled etc.

    For the 2 full-time remote users, the FAP-11C (remote access point) plugs into their home broadband ethernet port and creates a local corporate WiFI network that tunnels back to the main FortiGate unit at HQ, so the remote user does not have to mess about with VPN software etc.

    There is IPSec VPN software available as well for mobile users or use SSL VPN to connect.

    Note that the 802.11ac standard is due to be changed/ratified next year, so any existing 802.11ac Access Point purchase may or may not be subject to replacement.

    The FortiGate firewall/controller however can simply be upgraded to accommodate new access points.

    It does cost a bit more than some no-name solution, but if you consider incorporating the Web Filtering, network level AV, IPS, App Control & central wireless controller then it makes sense compared to multiple solutions.

    If you need a nice GUI the have a look at http://video.fortinet.com

    In terms of the following:
    "-router is doing routing
    -switch is doing switching
    -WiFI AP or Router doing only Wireless"

    Well, the FortiGate can do all of that.

    Of course there are other similar solutions out there such as Sonicwall, Juniper, Check Point etc. to be considered.

    ...and so i now wait for someone to knock this suggestion over in the best boardsie tradition.


  • #6
    moc moc a moc
    Registered Users Posts: 1,299 ✭✭✭moc moc a moc


    wandererz wrote: »
    Fortinet has grown to number 1 in Ireland

    Number 1 what in Ireland? In what context, and according to whom?


  • Advertisement
  • #7
    wandererz
    Registered Users Posts: 2,525 ✭✭✭wandererz


    moc moc a moc wrote: »
    Number 1 what in Ireland? In what context, and according to whom?

    Lots of different figures out there of course.
    But according to IDC.

    Security appliance factory revenue figures shipped for first half 2014 ( or something similar)

    Was Cisco, Check Point, Juniper, Fortinet
    then Cisco, Check Point, Fortinet, Juniper
    then Fortinet, Cisco, Check Point, Juniper

    This does not matter however. Just get the OP a range of solutions and let him make the decision?

    Any solution recommendation yourself for the OP?


  • #8
    moc moc a moc
    Registered Users Posts: 1,299 ✭✭✭moc moc a moc


    wandererz wrote: »
    Security appliance factory revenue figures shipped for first half 2014
    ...
    This does not matter however

    I agree.


  • #9
    notmymark
    Registered Users Posts: 104 ✭✭notmymark


    Thanks for the input everyone!
    I will do a bit of research on what has been said and report back.


  • #10
    TommyQ
    Registered Users Posts: 13 TommyQ


    My suggestion here would be two options. Both of which have already been mentioned.

    A sonicwall TZ105W would suit your requirements for a Firewall/router and and Wireless AP. Sonicwall is kinda the industry norm for small business as their cost is generally low and they are quite easy to use. The 105 supports SSLVPN so you have remote users covered without any additional cost and the Wireless support on the device gives flexibility.

    The other option was mention above, PFSENSE. In my time I must have installed and configured 1000 sonicwalls of varying degree's so I should be singing their praises but I can't tell you how impressed I am with PFSENSE. I run a PFSENSE router at home "Virtual" in vSphere on the equivalent of a P3 with 256megs of ram. It supports things that sonic wall haven't even thought of yet (or probably don't know exist) and the community support on PFSENSE is extensive. You total cost for setting up what you want is 2 x intel Pro NIC's (This is to guarantee great performance on the network) a wireless access point and (quite literally) any old pc you have lying around the office. The setup takes all of 20 minutes and the very basic config another 5. The hardest thing you will have to do is setting up the OPENVPN server for your remote users and the PFSENSE forums are full of tutorials on this.

    My recommendation is to go with PFSENSE. No Licensing, No Limitations and nearly unlimited free help and support from the community.


Advertisement