Friendly SOHO router

[rsreese at gmail.com (Stephen Reese)]

On Fri, Mar 6, 2009 at 9:46 PM, Jack Daniel <jackadaniel at gmail.com> wrote:
> I have not played with Palo Alto myself, but people I respect in the
> field speak well of them. ?I tend to play in the SMB market, and Palo
> Alto is pretty far up the food chain for my world.

The Palo Alto devices do seem to be a bit more than what a SOHO
network would need.

> Remember my previous disclaimer before reading on- I work for Astaro,
> a competitor in the SMB firewall/UTM network security market.
>
> As far as SonicWALL, a lot of folks use them, they have some very
> competitively priced systems, and they work. ?I have installed and
> supported them in the past, they weren't bad, but I wasn't really
> impressed. ?The do have a newer line of systems (NSAs) which appear to
> be a lot better, but I've heard from "Bob" that they may need some
> hardening/patching if you want them to stand up to advanced and
> sophisticated attacks (like fragmented packets from of-the-shelf
> tools). ?I am sure they will be patched soon, if they haven't already.
> ?My experiences with them led me to look for alternatives, that's how
> I ended up working for Astaro.
>
> Most devices in the "UTM" space have more features than needed for
> this job, although some license the add-ons for web and email
> separately (like my corporate overlords' products), which might make
> them affordable enough. ?At 20 IPs, even just going with the base
> features (Firewall/VPNs/IPSec) Astaro would be out of the target price
> range. ?Astaro and some others offer leasing options if the initial
> purchase price is a stumbling block, but I don't know if anyone has
> options this far down the line- it might be worth asking, though.

The sales staff at your firm were very quick to get back to my
response so I may recommend my friend test drive one if he feels it
may work out better than the Cisco 1800 he's currently running that
way he could test support of the product and whatnot...

> Watchguard was a leader in the UTM space, and they have new stuff
> coming, but I don't know how much real innovation they have had
> lately.

He was initially leaning towards the Watchguard product because the
price was quite affordable.

> There is a project, built on Open Source bits called Untangle. ?It
> isn't a great product, especially compared to any of the commercial
> alternatives (I love competing against their commercial products)- but
> they have a free offering if a build-your-own unit is a possibility.
> The GUI isn't bad, especially for the price. ?Just stay away from
> their stupid "Re-Router" technology, it is just arp-cache poisoning
> your network to redirect traffic to a VM on a Windows workstation on
> your network.

This sounds fun. I don't think he would be interested in tooling with
this but I just may!

> And, remember to factor the annual renewals into your calculations-
> those can be a shock at the end of the year when renewals are due.
>
> Jack

I really appreciate your in depth response! Insight like this is what
makes individuals such as myself want to become security samurai ;-)

-Stephen