1

its been a while since i have had the chance to purchase a brand new firewall.
i have recently had dealings with Sophos and Juniper units.

Must have would be.
Decent SSLVPN with 2FA - preferable as user friendly as is possible and compatible with win 10
Easy to administer.

Whats the current flavor of the month ?

Model wise it would be nice to be able to handle a 100mb line.

Cheers Much.

15 Spice ups
2

Watchguard Firebox + Watchguard AuthPoint

6 Spice ups
3

the only watch guard boxes i have seen in the last 5-6 years have all been at the bottom of cabinets powered off and gathering dust.

4 Spice ups
4

Sonicwall

3 Spice ups
5

There was a time where it would have been Sonicwalls all over the shop.
but then Dell messed it up.

Lately i found the Sophos units to be a lot nicer.

2 Spice ups
6

Sophos XG has a feature to handle MFA on SSL VPN Host to client connections and depending on the model and the number of users your requirement would be varied. The starting model specs are able to support 1Gbps connection.

AP

1 Spice up
7

FortiGate great SSLVPN, has the ability to do 2FA via a hardware token or the FortiToken app on a smartphone.

4 Spice ups
8

We typically suggest Palo Alto, Fortinet and Cisco Meraki

100mb line would be the following:

Palo Alto 220
Fortinet 80E or 100E
Cisco Meraki MX64 or MX67

Drop me a line if you want any advice on any of them

1 Spice up
9

Pretty strange shops you are visiting in the last 5-6 years.

10

Robert cheers for the info.
i do like the Sophos units…

What mechanisms for 2FA do the units support for VPN users ?

@robert-sophos

1 Spice up
11

Dell doesn’t own Sonicwall anymore, if that helps.

3 Spice ups
12

XG Firewall can generate one-time passwords using an authenticator app (and backup codes in case the app is unavailable). Alternately, you can use an external RADIUS server to authenticate SSL VPN users; that would allow you to connect in to any 2FA system you want.

13

We are moving from SonicWall to WatchGuard. Not because we dislike SonicWall though. We simply like WatchGuard better.

3 Spice ups
14

We have 11 Watchguard units in 10 different offices - all working great - have used sonicwalls before and would never touch one again.

4 Spice ups
15

We are using Fortigate 60Ds, but are looking to upgrade to the 100E. I can’t respond to the 2FA, as we are just starting to look into it. Their SSL VPN is rock solid for us.

16

+1 Watchguard. We had an old Watchguard X550e that was past it’s life expectancy, but it worked with few problems for a long time. We finally got a new Watchguard M470 last year and it has been rock solid.

We use both SSL VPN and a few users are using the newer IKEv2 VPN (with the native Windows 10 client). I know Watchguard can do 2FA, but haven’t done it yet. If you every need help, there are a lot of articles and threads on Watchguard’s site as well as other sites to help you configure most anything and Watchguard’s own support is awesome (at least in my few dealings with them).

We have 50/50 Mbps and 150/20 Mbps Internet connections and I haven’t seen any speed limiting issues (all ports are GbE on M470).

@tiffany-for-watchguard

4 Spice ups
17

Sonicwall + DUO

18

+1 for Watchguard, but then maybe I only like it because it’s red, the same color as my favorite Kool-Aid :stuck_out_tongue:

19

All things being equal, you might look at those that have a competitive trade-up program. Often you get get the hardware free by paying for a couple years of the UTM services up front. That’s what I did when I moved to Watchguard.

2 Spice ups
20

I’ll put in a plug for pfSense. Rock solid with many features.

And if you don’t want to build a unit yourself, just buy one

@pfSense

2 Spice ups