UTM Firewall Replacement

RudyM · 2019-04-25T03:08:07.000Z

Good day gurus,

I need some real life advice on upgrading or replacing all my Sonicwalls, I have been a faithful Sonicwall users for years, but I think the time has come to move away from the lack of support and some basic features.

Currently I have about 11 (all interconnected using VPN) units between main offices and remote location ranging in users between 8-50 and endpoints between 16-100. I am running tz-200 (lowest) and nsa-250m (highest).

I find the Sonicwall’s have a good job protecting my infrastructure considering I have never been hit with a virus, or hacking, or ransomware, they are easy to configure, but I feel they lack a lot when it comes to monitoring features including traffic, user activity, blocking, as well as handling VoIP, I also find them a bit slow when all the services are activated.

I have been talking to my vendor and he is recommending Fortinet, WatchGuard, Sophos, and I have personally considered pfSence.

Some of the features I would like to have are GW antivirus, IDS, IPS, Botnet, Geo protection, users control, application control, the ability to control what users can do on the web including by group. GOOD monitoring, reporting and alerting.

Of course budget is a big issue.

Any advice is greatly appreciated.

Rudy

anthony4190 · 2019-04-25T03:19:59.000Z

So since budget is a big issue, what would be the price per unit you would be looking to allocate? For small to medium sized businesses, Fortinet is a good choice I’ve heard although I haven’t used them and pfsense is also a really good choice considering cost and features available. Palo Alto makes a really solid box but is probably (maybe PA-220 or higher depending on your requirements) to expensive. I generally deal with Cisco but the newer models have issues with software when it comes to FirePower I’ve heard and this NGFW will probably be out of range anyway.

bojanzajc6669 · 2019-04-25T04:27:33.000Z

Just looking at your demands in combination with performance and budget… I don’t believe anyone can beat the WatchGuard offering in this area.

The point is, that WatchGuard comes WITH their log&report server Dimension at no additional cost. Any other vendor will charge you for advanced logging and reporting.

Also they will offer you a TradeIn price, that comes close to renewing the maintenance and security services on a Sonicwall for a 3year term.

Management is a bit different, but still using a logic, that is close enough to SonicWall’s, so it’s not completely a different approach you have to adopt.

pfSense may be the cheapest solution on your list, but when you complain about features on the SonicWall side, than it’s even worse on the pfSense side, where quite a few of the security services you are using on a commercial solution are not available or are of far lower quality. Would you want to upgrade them with come commercial grade subscriptions, than you would soon end up with a far higher price as with a commercial UTM bundle.

Check it out on your own. Install, configure, see what each solution can offer you. Than do the math, how much it will really cost you.

philmcnamara7275 · 2019-04-25T08:14:20.000Z

If its visibility and monitoring you want, Sophos is the way. Fortinets are solid but lack the out of box functionality of monitoring which requires a subscription based Forti Analyzer add-on.

Another Sophos advantage, for small remote sites, you can use a RED device which doesn’t require any individual licencing (one off CapEx cost) can operate in a split or tunnel mode to control remote traffic depending on the speed of the circuit, for larger sites I’d deploy a site specific UTM. Combine Endpoint Protection with Intercept X EDR & Encryption manged via Sophos Central all bases are covered

I am currently a Fortinet user in a large enterprise environment but cannot knock Sophos for functionality & usability

rebelscum · 2019-04-25T09:13:21.000Z

pfSense is a good option. I’ve been using it in production for years. Build your own or snag some hardware from Netgate.

It can do those things you’re looking for by adding packages from.the package manager. I’ve been using pfblocker for Geo blocking and suricata for IDS/IPS for a while.

The biggest drawback is the lack of reporting you get out of the system. Otherwise, it’s rock solid.

eugenebrowne3970 · 2019-04-25T14:02:58.000Z

PhilMac:

If its visibility and monitoring you want, Sophos is the way. Fortinets are solid but lack the out of box functionality of monitoring which requires a subscription based Forti Analyzer add-on.

Another Sophos advantage, for small remote sites, you can use a RED device which doesn’t require any individual licencing (one off CapEx cost) can operate in a split or tunnel mode to control remote traffic depending on the speed of the circuit, for larger sites I’d deploy a site specific UTM. Combine Endpoint Protection with Intercept X EDR & Encryption manged via Sophos Central all bases are covered

I am currently a Fortinet user in a large enterprise environment but cannot knock Sophos for functionality & usability

I can confirm that statement. Fortigates are great. We haven’t had any real breach but the visibility is lacking. We’ve been told that later OS versions with the FortiView offer a little more visibility though.

brianmonte · 2019-04-25T15:38:09.000Z

I am roughly in the same place as you are regarding Sonicwall but I don’t have as many devices as you. Especially because the newest version of their Analyzer software will only work with Gen 6 devices. Not that it was good anyways.

Plus, logging in general has always stunk compared to others.

As a UTM replacement, I will most likely move towards Watchguard after my services expire but would really love to move towards a PA-220 if I had/have the resources. I like that Watchguard bought Strongarm.io and incorporated that into its TotalSecurity Package.

In the meantime, (Food for thought) - I am deciding whether a UTM is actually worth the money they charge. Ubiquity ER-L will take of IPS and DPI (like 99.99% of all Routers/FW’s do), G-Anti-VIrus/AntiSpan - Almost worthless with AV/AS is internal devices and email. IDS doesn’t amount to much and other tools can be put in-line to cover the rest. My ultimate goal before deciding on UTM in the future is whether the $2.2K (Sonicwall 250M) actually blocks/stops more malicious activity or is it just Security Theater.

johnnelson3 · 2019-04-25T15:58:59.000Z

Lots of good advice already. Watchguard’s offering appears to have the edge when it comes to visibility. I can speak with authority on Sophos, and say that it’s a good value, but the UI will take some getting used to. The Sophos RED devices make deploying at remote offices almost a no-brainer.

You mentioned budget being an issue. In that case, you should certainly consider pfsense. There’s no support for gateway AV, out of the box, but IMO, that’s of dubious value anyway. Our mail server’s AV functionality (ClamAV) regularly catches suspect traffic. Our gateway product? Never. I wouldn’t bother with it, but it can be added to a pfsense stack (based on Clam, BTW) if you really feel the need.

tiffany-for-watchguard · 2019-04-25T16:03:49.000Z

Thanks for everyone who mentioned WatchGuard! I don’t have anything additional to add to the comments that hasn’t already been addressed, however definitely feel free to reach out to me directly if you have any questions and would like more info on WatchGuard, I’d be more than happy to assist!

nickcasagrande · 2019-04-25T23:27:57.000Z

i’m in the process of dumping my sonicwalls, not because they’re not good, but because i want an msp to take over my network, i got too much other stuff to do, however i do have a suggestion. i am doing this with my current sonicwalls and the new solution i am moving too, i have tz’s at the remote sites basically acting as routers sending all traffic, except voip, back to colo where an nsa5600 is licensed for all security services so that box does all the heavy lifting. tz have no licensed features at all. having a centralized device to handle all of the heavy lifting will save you a ton of money in the long run and give you a single pane of glass. actually you could use cheap erl3 routers at the remote locations for $100/each. just an idea, you already have sonicwall and are comfortable with it, so why throw out the baby with the bath water. i’ve found their support to be very good over the years.

mike-aerocominc · 2019-04-26T13:33:35.000Z

With multiple locations, the need for a UTM security solution, and if you’re looking to better-manage VoIP (or other cloud apps), it looks like it might be worth your time to browse some SD-WAN solutions that include a built-in UTM, nex-gen firewall.

As a long-time business ISP & WAN broker, I see this scenario a lot. Some SD-WAN vendors offer UTM security decision making, on-site (within their on-site appliance but managed by a cloud portal), while others do the security decision-making in the cloud (which can free up some Internet bandwidth).

PM me if you’d like to chat about your WAN and get some suggestions on vendors I’d recommend.

In the meantime, here is some content on SD-WAN features, pricing, security, etc.

@AeroCom_Inc

chad-untangle · 2019-04-30T14:03:23.000Z

RudyM:

Some of the features I would like to have are GW antivirus, IDS, IPS, Botnet, Geo protection, users control, application control, the ability to control what users can do on the web including by group. GOOD monitoring, reporting and alerting.

Of course budget is a big issue.

We should definitely talk! Our was built from the ground-up for SMB’s specifically, even the licensing (we can go as low as “up to 12” seats). Everything is modular and can be configured to match the situation/budget for just about any small biz. But first, feel free to hop on the demo server & kick the tires . If you have any questions or want an official test drive/etc., feel free to shoot me a PM.

RudyM · 2019-05-28T14:42:25.000Z

Thanks for everyone input, due to cast and I unfortunately had to go with sonicwall.