PaulDotCom mailing list archives
Friendly SOHO router
From: rsreese at gmail.com (Stephen Reese)
Date: Fri, 6 Mar 2009 23:05:12 -0500
On Fri, Mar 6, 2009 at 9:46 PM, Jack Daniel <jackadaniel at gmail.com> wrote:
I have not played with Palo Alto myself, but people I respect in the field speak well of them. ?I tend to play in the SMB market, and Palo Alto is pretty far up the food chain for my world.
The Palo Alto devices do seem to be a bit more than what a SOHO network would need.
Remember my previous disclaimer before reading on- I work for Astaro, a competitor in the SMB firewall/UTM network security market. As far as SonicWALL, a lot of folks use them, they have some very competitively priced systems, and they work. ?I have installed and supported them in the past, they weren't bad, but I wasn't really impressed. ?The do have a newer line of systems (NSAs) which appear to be a lot better, but I've heard from "Bob" that they may need some hardening/patching if you want them to stand up to advanced and sophisticated attacks (like fragmented packets from of-the-shelf tools). ?I am sure they will be patched soon, if they haven't already. ?My experiences with them led me to look for alternatives, that's how I ended up working for Astaro. Most devices in the "UTM" space have more features than needed for this job, although some license the add-ons for web and email separately (like my corporate overlords' products), which might make them affordable enough. ?At 20 IPs, even just going with the base features (Firewall/VPNs/IPSec) Astaro would be out of the target price range. ?Astaro and some others offer leasing options if the initial purchase price is a stumbling block, but I don't know if anyone has options this far down the line- it might be worth asking, though.
The sales staff at your firm were very quick to get back to my response so I may recommend my friend test drive one if he feels it may work out better than the Cisco 1800 he's currently running that way he could test support of the product and whatnot...
Watchguard was a leader in the UTM space, and they have new stuff coming, but I don't know how much real innovation they have had lately.
He was initially leaning towards the Watchguard product because the price was quite affordable.
There is a project, built on Open Source bits called Untangle. ?It isn't a great product, especially compared to any of the commercial alternatives (I love competing against their commercial products)- but they have a free offering if a build-your-own unit is a possibility. The GUI isn't bad, especially for the price. ?Just stay away from their stupid "Re-Router" technology, it is just arp-cache poisoning your network to redirect traffic to a VM on a Windows workstation on your network.
This sounds fun. I don't think he would be interested in tooling with this but I just may!
And, remember to factor the annual renewals into your calculations- those can be a shock at the end of the year when renewals are due. Jack
I really appreciate your in depth response! Insight like this is what makes individuals such as myself want to become security samurai ;-) -Stephen
Current thread:
- Friendly SOHO router, (continued)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Raffi Jamgotchian (Mar 06)
- Friendly SOHO router xgermx (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Dan McGinn-Combs (Mar 06)
- Friendly SOHO router Gregory Baker (Mar 06)
- Friendly SOHO router Russell Butturini (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Jack Daniel (Mar 06)
- Friendly SOHO router Raffi Jamgotchian (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Russell Butturini (Mar 06)
- Friendly SOHO router Karl Schuttler (Mar 06)
- Friendly SOHO router Stephen Reese (Mar 06)
- Friendly SOHO router Kim White (Mar 07)
- Friendly SOHO router MV (Mar 08)