Friendly SOHO router

[raffi at flossyourmind.com (Raffi Jamgotchian)]

I've set up and used a half dozen Astaro boxes and endorse them.

On Mar 6, 2009, at 9:46 PM, Jack Daniel wrote:

> I have not played with Palo Alto myself, but people I respect in the
> field speak well of them.  I tend to play in the SMB market, and Palo
> Alto is pretty far up the food chain for my world.
>
> Remember my previous disclaimer before reading on- I work for Astaro,
> a competitor in the SMB firewall/UTM network security market.
>
> As far as SonicWALL, a lot of folks use them, they have some very
> competitively priced systems, and they work.  I have installed and
> supported them in the past, they weren't bad, but I wasn't really
> impressed.  The do have a newer line of systems (NSAs) which appear to
> be a lot better, but I've heard from "Bob" that they may need some
> hardening/patching if you want them to stand up to advanced and
> sophisticated attacks (like fragmented packets from of-the-shelf
> tools).  I am sure they will be patched soon, if they haven't already.
> My experiences with them led me to look for alternatives, that's how
> I ended up working for Astaro.
>
> Most devices in the "UTM" space have more features than needed for
> this job, although some license the add-ons for web and email
> separately (like my corporate overlords' products), which might make
> them affordable enough.  At 20 IPs, even just going with the base
> features (Firewall/VPNs/IPSec) Astaro would be out of the target price
> range.  Astaro and some others offer leasing options if the initial
> purchase price is a stumbling block, but I don't know if anyone has
> options this far down the line- it might be worth asking, though.
>
> Watchguard was a leader in the UTM space, and they have new stuff
> coming, but I don't know how much real innovation they have had
> lately.
>
> There is a project, built on Open Source bits called Untangle.  It
> isn't a great product, especially compared to any of the commercial
> alternatives (I love competing against their commercial products)- but
> they have a free offering if a build-your-own unit is a possibility.
> The GUI isn't bad, especially for the price.  Just stay away from
> their stupid "Re-Router" technology, it is just arp-cache poisoning
> your network to redirect traffic to a VM on a Windows workstation on
> your network.
>
> And, remember to factor the annual renewals into your calculations-
> those can be a shock at the end of the year when renewals are due.
>
> Jack
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090306/a8756548/attachment.htm 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090306/a8756548/attachment.pgp