- Jun 5, 2005
- 1,820
- 2
- 81
I'm looking into replacing our ISP provided hosted "cloud firewall" with hardware in house. We used to run a couple of sonicwall NSA240's prior to switching to the hosted solution. I haven't been happy with the usability of the web GUI or the increase in outages since we made the switch. They use a Palo Alto firewall that just takes forever to do anything. Just setting up a port forward with related security rule takes at the least 20-25 minutes to get committed. I'm going to ditch the ISP as well as our contracts expire. This is for a construction company with a lot of people working remotely from job sites as well as from home.
Seattle currently has a 20Mb EoC connection (~50 desks) while our smaller Portland office (~20 desks) has a 12Mb bonded T1 connection all going through the ISP firewall. We will likely get a 100mb point-to-point fiber connection between the two offices fairly soon.
The main things I'm looking for are:
1) Intuitive GUI for easy NAT and port forwarding, traffic shaping, monitoring.
2) Easy to set up site-to-site VPN’s. I'd like to be able to buy a cheap (<~$500) router and tie it into our network easily for construction job sites or executive's homes.
3) Easy to use VPN that hopefully “just works” and is intuitive for end-users. Palo Alto's GlobalProtect VPN client isn't the best. Deal-breaker if VPN is a per-user license.
4) I'd like to be able to have a 2nd ISP that we can switch over to in the event our main ISP goes down. Would like to potentially have a 2nd firewall at the HQ office in HA as well.
Anyway, I'm looking for some recommendations, preferably from people with first hand experience. I've been looking around at various options and I'm currently leaning towards Fortinet Fortigate UTM's. Cisco suggested going with an ASA-5512x paired with Meraki devices for the site-to-site VPNs.
Seattle currently has a 20Mb EoC connection (~50 desks) while our smaller Portland office (~20 desks) has a 12Mb bonded T1 connection all going through the ISP firewall. We will likely get a 100mb point-to-point fiber connection between the two offices fairly soon.
The main things I'm looking for are:
1) Intuitive GUI for easy NAT and port forwarding, traffic shaping, monitoring.
2) Easy to set up site-to-site VPN’s. I'd like to be able to buy a cheap (<~$500) router and tie it into our network easily for construction job sites or executive's homes.
3) Easy to use VPN that hopefully “just works” and is intuitive for end-users. Palo Alto's GlobalProtect VPN client isn't the best. Deal-breaker if VPN is a per-user license.
4) I'd like to be able to have a 2nd ISP that we can switch over to in the event our main ISP goes down. Would like to potentially have a 2nd firewall at the HQ office in HA as well.
Anyway, I'm looking for some recommendations, preferably from people with first hand experience. I've been looking around at various options and I'm currently leaning towards Fortinet Fortigate UTM's. Cisco suggested going with an ASA-5512x paired with Meraki devices for the site-to-site VPNs.
Last edited: