Hey folks—looking for real‑world input.
I’m planning to replace a company’s SonicWall. Besides general security concerns with SonicWall, we’re also fighting very slow SSL VPN performance even after tweaking MTU. The environment is small: a PBX in a DMZ, a handful of SSLVPN users, and pretty standard needs.
Question: Would you go with a UniFi (Ubiquiti) gateway or stick with a more traditional UTM platform like SonicWall/FortiGate? Which firewall would you recommend for a growing small business?
Stay far away from FortiGate and SonicWall. Those are literally the worst firewall solutions that exist today. Go for Ubiquiti if you want simplicity, or Netgate if you need more capabilities.
Does their insurance require any specific devices?
We have Cisco here, but they were thinking of Forti products, not sure if my warning will have any effect on choices.
Zero effect. They dont care what you have to say. People in charge work with firewall vendors. They get paid by them to push their solution. They dont care if it works or not. They are not the ones that will have to deal with it when it breaks. Thats your job. Thats the cruel reality.
UniFi has come a long way with their firewalls and now have their Cybersecure subscription which is pretty good for the price. Netgate / pfsense is still a good option and can handle more complex configurations if needed. I would agree with others here about staying away from Is Fortinet That Bad? - Networking & Firewalls - Lawrence Systems Forums and Sonicwall.
I still prefer the Netgate appliances over the unifi, we lost a customer over a failed USG Pro years ago and we’re still not over that.
What model of sonicwall are you replacing? We are a partner with them but are actively moving closer to mostly Netgate or Cisco Meraki.
It’s one of the small tz series with 8 ports if I’m not wrong.
USG is the old version of their firewalls right? I did a side project for a company with the UDM Pro and it’s been over a year with no hardware issues so far
If you need a NGFW with layer 7 services, I recommend Palo Alto as one of the best solutions on the market. It’s not the cheapest, but their security services are probably the best available.
Fortinet security bad - I let you make up your own mind
Rather than exploiting zero-days, as we commonly see targeting FortiGate devices, the actor used brute-force attacks with common passwords to gain access to devices.
I will give Fortinet a pass on that one as poor admin was to blame.
But AI would never harm us, would it?
Sorry I never got back to you! The smallest TZ is the TZ80 that requires a subscription to function like Meraki. The next up would be the TZ270 or 280. We sold a lot of those and they work “okay”. But can’t believe in 2026 they still don’t have an acme client on them.
Yes the USG was the old line.
We have SonicWall NSa3750, but I wish we picked Unifi or pfSense. v7 is not that bad, but I found pfSense and Unifi’s UI more intuitive. After SonicWall had SSL VPN issues we switched all remote workers to Tailscale (despite having VPN licenses.)
Maybe it is not true for all Netgate devices, but I had MMC failure on SG4100 after 1,5 years.
I tend to hear a lot about the MMC failure. It makes me wonder if users are turning on a lot of logging or something.
Anyway, I moved to VyOS from pfsense for home use and like it so far. It’s CLI only though. I still might try UniFi if I get a little extra cash. You can get a lot better price to performance going UniFi. Pfsense is really expensive.
Is this of any value for vyos?
I’m the one spearheading that project actually lol