It is a pleasure to be in contact with you. I’m having a hard time trying to pick a Firewall that can serve our church , and at the same time, not spend more money than I have to.
We have 100Mbit symmetrical bandwidth. The ISP modem connects to a Cisco 3500 router (ISP owned), and that connects to our Edgerouter through LC3 fiber. All our switches are being fed by fiber too.
On busiest days, and at peak ours, we have around 200 clients connected to our network and a maximum peak of 25Mbit/s usage. (This includes: Guests, Staff, Volunteer networks)
I’m looking at something that can serve us for at least 4 to 5 years. My initial idea was a SonicWall NSa 2500, but I don’t know if that might be a bit overkilled.
I figured that if we have 200 clients, and we are only using 1/4th of our bandwidth, its probably people just having their devices auto-connect to our wifi, or maybe just reading something on their cellphones.
We have only one location, segmented in different buildings. Let me know if I can provide you with any other info. Thank you in advanced,
I would personally recommend a Fortinet 101E w/3 Year UTM Bundle (or 5 if you want) as top recommendation. If you go Sonicwall I would consider the 2650 over the 2600 due to the age of the model/limitations. (I assumed you meant 2600 not 2500.)
My first question would be what are your primary concerns that are leading you to look for a firewall? The answers to that question will direct what you should look for.
For that size network and wan speed, a sonicwall tz600 would be more than enough and considerably less than the nsa series units.
Even a tz500 would work well.
If you go sonicwall, make sure to get 3 years of the comprehensive gateway security suite.
And if you go sonicwall, reach out to Tom Templin at Ciber for great service and pricing,
You can also consider Watchguard appliances. Not so expensive but very good value, high performance and high reliability.
Maybe look at the entry level tier; T70 or M270 models. I have used Watchguard for many years without issues. Never had an unscheduled downtime by God’s Grace. The VPN client is easy to use as well and the ability to load balance ISP connections gives me more options in the future.
The definition of firewall has evolved with new technologies, faster and cheaper hardware. I think you you should be greedy and, besides a NAT firewall, you should ask for Intrusion Prevention System (IPS), Country Block, VPN, parental/employee control, automatic software and security upgrade, realtime notification when Internet is down, or when there is suspicious activity, or when a malware is caught, getting weekly report, simultaneous WiFi4 and WiFi5, gigabit performance, lifetime hardware warranty, etc.
Travis Phipps: I thought about a TZ 600. Its within our parameters (bandwith), but I’m not sure about the clients.
Norman Ho: I was thinking about WatchGuard too, but they are not that much inexpensive than a SonicWall.
Sezen Uysal: Will do research on Roqos.
The models run the same software, its the hardware that differs between them. I’m not sure how much the XG costs, but the little guy is $139 and their medium unit (the UniFi Security Gateway Pro) is $344 list.
All their USG’s include:
Traditional Firewall
VLAN Support
Site-to-Site VPN
QoS
Deep Packet Inspection (DPI)
Automatic WAN Failover
Automatic WAN Load Balancing
IDS/IPS
Did I mention there are no recurring license fees?
There is also Untangle, I haven’t used them in a few years (2012) but they offer an open source/free gateway with additional apps costing for specific security functions. I believe they also now have a HW device.
Finally, if you want to spend some money, I’d lean towards a Cisco ASA, but that may just be because I’ve been using them on and off for the past 13 years.
