Small business firewall / router recommendation

scottjohnson12 · 2021-04-14T15:28:26.000Z

I’m looking to help a small business (30 employees) change over to a new firewall / router. They’ve been using a Palo Alto PA200 which worked great in the past, but they need one to handle 200Mb+ WAN speed. They no longer need any inbound connections (all cloud based now) nor do they need VPN capabilities anymore. It’s a simple outbound only connection for them now. They haven’t kept up to date on the Palo Alto subscriptions for threat management, etc., so something that doesn’t require subscriptions is preferable. They would like dual WAN ports for failover. I’ve looked at the Cisco RV340 but Cisco is quiet about normal throughput speeds (they only quote VPN speeds) and about how many users it would realistically support.

I’ve read the other recommendations for SMB firewalls here, and most seem more complex than what is really needed in this situation.

WarKraft · 2021-04-14T16:01:55.000Z

Meraki would be a great choice

Cisco Meraki

MX67

Discover Cisco SD-WAN powered by Meraki, the world's most trusted cloud-managed SD-WAN provider. Learn about the different models, their features, and more.

Price: $823.00

@Cisco_Meraki_1

tommctomerson · 2021-04-14T16:13:26.000Z

Sounds pretty simple, both Ubiquiti and Pfsense are good options, neither require a subscription to keep them updated. With something so simple I would lean toward a Ubiquiti edge router. I would say the dream machine but the WAN fail over on that is still kinda odd on that one, it only has two ports for WAN one is Rj45 and the other is SPF.

WarKraft · 2021-04-14T16:27:50.000Z

Before you jump on the Ubiquiti train I would read the comment here

Need to leave Ubiquiti. Looking for input for next level replacement vendor. Networking

Ok. Look, Let’s not get into how awesome Ubiquiti is. I’m not living the dream with their platform and it’s time to leave them behind. Just far too much pain with this platform. I’ve put in Cisco 1850 APs with Mobility Express at another location. Do I think that platform is as feature rich as what Ubiqiti APPEARs to offer on the surface in terms of WAC features? no. But that platform has been rock solid for small-ish (<50) devices running on a LAN. This is my only cisco WAP / WAC experience. I…

kevinhsieh · 2021-04-14T16:31:18.000Z

How about upgrade them to a PA 220 and don’t buy any subscriptions? It might cost a little bit more in hardware, but could be less labor to implement as you can just export the old co fug and import into new.

200 Mbps for < 50 users? I have 200 Mbps for 1300 users, of which several hundred are working remote over VPN.

arnold-non · 2021-04-14T18:40:22.000Z

WarKraft:

Before you jump on the Ubiquiti train I would read the comment here

Need to leave Ubiquiti. Looking for input for next level replacement vendor.

Oh give me a break, don’t shitpost. One guy complains about UBNT because he’s running 10 year old APs in a questionable method and doesn’t know enough about what he’s working on to work through the problem, so you post a thread about a totally different product than what the OP is looking for (APs vs Router).

I can point to the 10Gig EdgeRouters, huge line of EdgeSwitches, and pile of UAC Pros we’re running for years with literally zero problems, and EdgeSwitches that have been whacked by lightning and UBNT still replaced them under warranty with brand new in box switches.

Scott, the big question is, are you looking for a real UTM with a subscription, or a non-subscription router. It’s either you want that security package, or you don’t. That’s the big question.

If you want UTM, I’d go Watchguard. Reasonable pricing, renewals aren’t the end of the world, and they’re up front with performance.

If you don’t want UTM, then there’s nothing wrong with UBNT.

bojanzajc6669 · 2021-04-14T20:30:38.000Z

Just a moment!

On the top it was said, that the customer is from INSURANCE INDUSTRY.

That means, the customer should have to comply with different regulation, deal with a lot of personal data - and it is probably not one of the ‘poor’ customers who can not afford any proper security solution.

So what is going wrong here? Something for sure!

In your place, I would upgrade to a new PA220, as Kevin suggested - but with all the standard subscriptions!

I wouldn’t want to be the idiot that everyone will be pointing a finger at, when the customer runs into compliance problems and gets fined for bad security!

scottjohnson12 · 2021-04-21T17:40:28.000Z

Great suggestions, thanks. It all boils down to the level of security I guess that they want to pay for. Bumping up to the PA 220 and bringing over the old config is intriguing, and then let them decide if they want to keep up with the subscriptions. I’ll also check out the Ubiquiti offerings, as I’ve worked with their AP’s before and they’ve been very reliable.

arnold-non · 2021-04-22T10:44:37.000Z

It’s really all about the subscriptions/security. For under $200, you can replace that with a new EdgeRouter from UBNT and even buy a whole spare.

If you need gateway level security - I would 100% advise against using UBNT. Bojan and I are both Watchguard users and like their products, and I would recommend them, as they even have a really good competitive trade-in offer.

My only complaint with Watchguard is their support response times.