Hi All, I am a pro open source advocate to my clients when I can be. I am looking at using a PFSense appliance ‘Netgate’ or even Mikrotik, or Ubiquity product for a new clients firewall. The were previously using a Sonicwall but they were getting tired of the fees. They are fine with using a contractor for service issues and don’t want subscription-based support.
I searched the forum to see if there is any type of list or chart or a ‘Top 10’ preferred firewalls. I am especially looking for one with the highest bang for the buck. One that offers at or more than 250mbps throughput after applying IPS, DPI and can rival the larger vendors like Sonicwall.
Can anyone give me their opinion on their favorite firewalls that offer high throughput over 250mbps after applying filtering/IPS/DPI ?
Well, isnt a sonicall more a UTM device whereas pfSense isnt really, its a firewall with add-on packages that can handle IPS/IDS etc, A better comparison product next to a Sonicwall maybe Untangle
Got a few out in the wild, love it as much as I do pfSense.
Yes correct Sonicwall is a UTM. The client wants a non subscription based appliance but with IPS and Filtering capabilities. They are aware they will need to do updates and may have to get a consultant as needed if problems occur but are fine with that.
While I do like using Suricata & pfblockerNG with pfsense, Untangle is a really more complete automated solution. But if they are really wanting the no-fees, pfsense is a nice system. But pfsense is still a solid choice for people not wanting a subscription.
The Mikrotik are cheap, complicated and not that easy but have plenty of features at the cost of steep learning curve. UniFi are really nice, but very basic in terms of features.
The two that I use the most, are pfSense and Unifi Security Gateway where budget and needs are at.
I definitely want to give Untangle a shot and test it out.
I am liking the Untangle option more. I talked to the client and for $250 yr for live support with less than 25 protected points that can work for them. They dont need all the paid apps, the free ones work for them. Its much less than Sonicwall prices were.
One of the things a subscription provides is current lists and definitions (AV/spam/ads/malware/bad-ips). With alternative firewalls that are not sub-based you rely on public lists (generally they’re very good) that may not be as up to date. So depending on how the sonicwall was configured / being used, they may notice a difference, or may not.
Now it looks like your question - a solution that is faster than 250mbps after IPS / filtering - is a hardware one. You can install RouterOS / pfSense / OPNsense / untangle on any hardware and still purchase support from them. All of the solutions can achieve greater than 250mbps with the right hardware.
If they are a growing company with a 250mbps connection to the internet, I would plan for gigabit (5 year planning). Some services may be later off-loaded to a dedicated appliance (IPS) to reduce the load and extend the longevity of the firewall however. Something to consider anyway.
Great ideas. I will stay away from Mikrotik for now. UniFi I like them as I have setup a USG before and used CLI. I would do a USG Pro 4 but the throughput after Smart Ques & IPS bring it down to ~200 mbps and they may end up getting a 1gb ISP in the future.