Advice on buying a firewall

Daniel A-S · Apr 6, 2017

Hi,

I've been asked to spec a firewall for the company I work for, and wanted to get peoples thoughts and advice before I start getting quotes in.

It's a small business with about 25 people in the office maximum, ideally the firewall would host a VPN server.

The firewall will be handling all layer 3 operations, though we won't have any vlans.. we just need a default route out to an ADSL interface.

I was considering a Cisco 5506-X with Firepower services, though I'm open to a Dell sonicwall or any other suggestions people put forward.

A silly question, but does the WAP function in the 5506W-X include the same functionality to that of a WLC? It would be great not to have to use a separate WLC with access points (we only need 3), but we need something fast and reliable.

The firewall would ideally have some kind of integration with our Windows active directory system also.

Does anybody have any suggestions or ideas?

Thanks

voyagerfan99 · Apr 6, 2017

@beers

beers · Apr 6, 2017

Hello,

I believe the 5506W-X contains an integrated 702i AP that supports either autonomous mode or being tied into a WLC as an access point. It doesn't really offer any WLC capabilities. Depending on your environment you might be able to deploy a vWLC if you wanted that controller functionality (or a relatively inexpensive WLC 2504).

I haven't procured much other than ASA on the FW side, but the 5506 or 5508 sound like suitable solutions for that requirement, just keep in mind the 5506 tops out at like 125 Mbps when using IPS. If you're using that for full layer 3 integration it would be pretty slow.

Daniel A-S said:
The firewall will be handling all layer 3 operations, though we won't have any vlans

Does this imply a single flat network/subnet and the device is simply used for the Internet edge?

Agent Smith · Apr 7, 2017

This is all you need right here: https://netgate.com/products/sg-1000.html

You can try PFsense in VMware. That's what I did. You could even install Snort.

beers · Apr 7, 2017

Agent Smith said:
This is all you need right here

You would get laughed at hard bringing that into our data center.

Geoff · Apr 7, 2017

Agent Smith said:
This is all you need right here: https://netgate.com/products/sg-1000.html

You can try PFsense in VMware. That's what I did. You could even install Snort.

A 600MHz CPU? The specs alone say it maxes out at 300Mbps. Try doing any sort of encryption, VPN, advanced routing, etc. and that will drop to single digit throughput. That's not even powerful enough for my home.

Agent Smith · Apr 8, 2017

beers said:
You would get laughed at hard bringing that into our data center.

It's not meant for Charles Schwab or some shit. He has 25 employees. I bet that would suffice well.

Or he can get an ITX comp or server and run pfsense.

Advice on buying a firewall

Daniel A-S

Member

voyagerfan99

Master of Turning Things Off and Back On Again

beers

Moderator

Agent Smith

Well-Known Member

beers

Moderator

Geoff

VIP Member

Agent Smith

Well-Known Member