PaulDotCom mailing list archives
Friendly SOHO router
From: jackadaniel at gmail.com (Jack Daniel)
Date: Fri, 6 Mar 2009 21:46:42 -0500
I have not played with Palo Alto myself, but people I respect in the field speak well of them. I tend to play in the SMB market, and Palo Alto is pretty far up the food chain for my world. Remember my previous disclaimer before reading on- I work for Astaro, a competitor in the SMB firewall/UTM network security market. As far as SonicWALL, a lot of folks use them, they have some very competitively priced systems, and they work. I have installed and supported them in the past, they weren't bad, but I wasn't really impressed. The do have a newer line of systems (NSAs) which appear to be a lot better, but I've heard from "Bob" that they may need some hardening/patching if you want them to stand up to advanced and sophisticated attacks (like fragmented packets from of-the-shelf tools). I am sure they will be patched soon, if they haven't already. My experiences with them led me to look for alternatives, that's how I ended up working for Astaro. Most devices in the "UTM" space have more features than needed for this job, although some license the add-ons for web and email separately (like my corporate overlords' products), which might make them affordable enough. At 20 IPs, even just going with the base features (Firewall/VPNs/IPSec) Astaro would be out of the target price range. Astaro and some others offer leasing options if the initial purchase price is a stumbling block, but I don't know if anyone has options this far down the line- it might be worth asking, though. Watchguard was a leader in the UTM space, and they have new stuff coming, but I don't know how much real innovation they have had lately. There is a project, built on Open Source bits called Untangle. It isn't a great product, especially compared to any of the commercial alternatives (I love competing against their commercial products)- but they have a free offering if a build-your-own unit is a possibility. The GUI isn't bad, especially for the price. Just stay away from their stupid "Re-Router" technology, it is just arp-cache poisoning your network to redirect traffic to a VM on a Windows workstation on your network. And, remember to factor the annual renewals into your calculations- those can be a shock at the end of the year when renewals are due. Jack
Current thread:
- Friendly SOHO router, (continued)
- Friendly SOHO router Jack Daniel (Mar 06)
- Friendly SOHO router infolookup at gmail.com (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Raffi Jamgotchian (Mar 06)
- Friendly SOHO router xgermx (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Dan McGinn-Combs (Mar 06)
- Friendly SOHO router Gregory Baker (Mar 06)
- Friendly SOHO router Russell Butturini (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Jack Daniel (Mar 06)
- Friendly SOHO router Raffi Jamgotchian (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Russell Butturini (Mar 06)
- Friendly SOHO router Jack Daniel (Mar 06)
- Friendly SOHO router Karl Schuttler (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Kim White (Mar 07)
- Friendly SOHO router MV (Mar 08)