New Firewall System Suggestions

[VulcanAndroid]

Hey all,

My company is running an older Sonicwall  NSA 3500

We are looking to upgrade our system. 

 

Currently this unit runs not only our gateway, it is also a firewall and Wireless controller

We have approx. 50 employees running mostly Windows, with a few Linux and Mac systems as well as a few remote employees.

 

Do you have any suggestions for a replacement system?

 

I personally like to see dedicated hardware to do the separate roles. (Dedicated Firewall, Dedicated Router, etc.) but that can get expensive and the higher ups don't want that.

[Guest]

Where do you work? Just curious

[VulcanAndroid]

2 minutes ago, Bobby_Joe_90 said:

Where do you work? Just curious

I will leave that to the enigma of space and time. Where I work should not matter on a suggestion of a firewall appliance. 

[thedigitaldoctor]

9 minutes ago, VulcanAndroid said:

Wireless controller

This narrows down your selection significantly.  If you could convince the reigning monarchy to spend the money to separate out that function, you can use pretty much any gateway security appliance (that can handle the traffic) you like.

 

Personally I like the Sonicwall appliances (straight forward, pretty much plug-and-play), with my second choice being Untangle (most flexible solution I've ever seen).  As for a wireless controller, what make/model of WAPs are you using?

[VulcanAndroid]

2 minutes ago, thedigitaldoctor said:

This narrows down your selection significantly.  If you could convince the reigning monarchy to spend the money to separate out that function, you can use pretty much any gateway security appliance (that can handle the traffic) you like.

 

Personally I like the Sonicwall appliances (straight forward, pretty much plug-and-play), with my second choice being Untangle (most flexible solution I've ever seen).  As for a wireless controller, what make/model of WAPs are you using?

We are using SonicPoints as our AP's. Luckily if I make a good enough case there might be a chance to upgrade those as well since they are only 802.11n compliant.

[thedigitaldoctor]

If you have to keep the SonicPoints then you're stuck with using a Sonicwall appliance for a wireless controller.  Given the opportunity to upgrade you'd go with whatever controller goes with the WAPs you like.  I only have experience with Ubiquiti managed APs (the "Pro" ones are bleeding expensive), but one day I'd like to try an Engenius solution (also expensive). 

[VulcanAndroid]

Just now, thedigitaldoctor said:

If you have to keep the SonicPoints then you're stuck with using a Sonicwall appliance for a wireless controller.  Given the opportunity to upgrade you'd go with whatever controller goes with the WAPs you like.  I only have experience with Ubiquiti managed APs (the "Pro" ones are bleeding expensive), but one day I'd like to try an Engenius solution (also expensive). 

Thanks for the advice. 

[unijab]

The company I work for likes their Palo Altos

[Guest]

8 hours ago, VulcanAndroid said:

Hey all,

My company is running an older Sonicwall  NSA 3500

We are looking to upgrade our system. 

 

Currently this unit runs not only our gateway, it is also a firewall and Wireless controller

We have approx. 50 employees running mostly Windows, with a few Linux and Mac systems as well as a few remote employees.

 

Do you have any suggestions for a replacement system?

 

I personally like to see dedicated hardware to do the separate roles. (Dedicated Firewall, Dedicated Router, etc.) but that can get expensive and the higher ups don't want that.

As mentioned you're up a creek on this one. You'll be restricted to Sonicwall equipment because of the wireless controller function. The solution to this is to seperate this out - as also mentioned Ubiquiti UAP-AC-Pro's are a decent upgrade, relatively cheap for enterprise AP's, no cloud fee (cough Meraki) and the controller for them is only ~$120.

 

If you can convince your management to upgrade the AP's at the same time then pretty much any firewall can be used. What is your level of technical skill?

 

[VulcanAndroid]

14 hours ago, Windspeed36 said:

As mentioned you're up a creek on this one. You'll be restricted to Sonicwall equipment because of the wireless controller function. The solution to this is to seperate this out - as also mentioned Ubiquiti UAP-AC-Pro's are a decent upgrade, relatively cheap for enterprise AP's, no cloud fee (cough Meraki) and the controller for them is only ~$120.

 

If you can convince your management to upgrade the AP's at the same time then pretty much any firewall can be used. What is your level of technical skill?

 

I like to think that I have a fair amount of technical skill.  Sometimes I have a failure or two though.

[thedigitaldoctor]

14 hours ago, Windspeed36 said:

no cloud fee (cough Meraki)

OT; probably deserves it's own thread; may create one when I'm feeling less lazy...

 

*puts tinfoil hat on*

Why would people be willing to trust their network to a cloud service?  I get the convenience, but is it really worth the security trade-off?

[leadeater]

My personal choice of firewalls right now is FortiGate. Sophos UTM, Juniper SRX, Palo Alto and Sonicwall are all also good but I've personally only used FortiGate, Sophos and AGESS ago Forefront TMG/ISA.

 

For 50 computers anything between a FortiGate 60D to 100D would work.

 

I'd avoid locking yourself back in to having the wireless and firewall controlled from the same device. You could do a slower migration and put a new firewall in and use the current Sonicwall as a wireless controller only and then replace that later.

[VulcanAndroid]

2 hours ago, leadeater said:

My personal choice of firewalls right now is FortiGate. Sophos UTM, Juniper SRX, Palo Alto and Sonicwall are all also good but I've personally only used FortiGate, Sophos and AGESS ago Forefront TMG/ISA.

 

For 50 computers anything between a FortiGate 60D to 100D would work.

 

I'd avoid locking yourself back in to having the wireless and firewall controlled from the same device. You could do a slower migration and put a new firewall in and use the current Sonicwall as a wireless controller only and then replace that later.

I have thought of that and plan to suggest that.