I would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.
pfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.
Network Administrator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-14T05:34:01Z
Mar 14, 2017
Go for Fortinet Firewall, Its interface is very user friendly, multiple features and easy implementation low cost compared to other high-end firewalls and good technical support.
At Corporate Headquarter analyze one of the following models.
Specification can be compared on the following link. However please note the specs are for ideal situations. I recommend to analyze each specs by 1/3 factor for practical implementation.
The FortiGate line is great for global networks. You need to size them for your traffic and type of protection (web filtering; IPS; antivirus; VPN; BotNet protection; etc) since each additional service enables requires a larger system. We find the FortiGates very affordable and very effective at keeping our networks secure globally. One bit of advice is that you consider the series when choosing hardware - a FG-100E is more powerful than a FG-100D and far more powerful than a 'C' series (although those should no longer be sold).
CTO & VP Systems Technology at a tech consulting company with 1,001-5,000 employees
Consultant
2017-03-13T18:21:48Z
Mar 13, 2017
I would recommend Palo Alto networks. Their NGFW platform is one of the only vendors affecting single pass. Single pass means no matter what services are turned on it's a single pass across the box. Also SSL decryption is need in this day an age with the ever increasing https traffic that is out there. They also have a great AWS solution for auto scaling VPN for remote users.
Vice President of Service Delivery at a tech services company with 51-200 employees
Consultant
2017-03-13T17:02:18Z
Mar 13, 2017
pfSense can do what you need it to do. We've deployed many firewalls for companies with geographically-dispersed locations, all with different needs and requirements. Hub and spoke could very well be the solution here. With the easy-to-use GUI and robust feature set, you'll certainly be happier with it than you are with your current product. Our professional services team can handle the configuration and deployment for you.
Check out Palo Alto Networks, maybe the PA-800 Series. You can manage all 6 locations from a single interface with Palo Alto Panorama. If you need expertise just find a local partner in your area with this link: locator.paloaltonetworks.com
Network and System Administrator at a pharma/biotech company with 501-1,000 employees
Real User
2017-03-13T16:57:31Z
Mar 13, 2017
Hi,
choosing right FW solution is not simple. must have on mind what we want to achieve, IT staff experience and etc. there are not good or bad solutions, only good or bad deployment.
in your case, i will suggest Meraki MX appliance.
cloud based management, automatically VPN between devices into same organization unit, L3-L7 FW, content filtering, AD integration, easy web management and many more.
BR
IT Infrastructure Engineer at a tech company with 11-50 employees
Real User
2017-03-13T16:26:02Z
Mar 13, 2017
I recommend FortiGate firewalls, but more information its needed (the scope, traffic, what to protect ...) to determine the model.
With FortiCloud service you can monitor the traffic (its not needed to be the administrator). You also, can schedule daily reports to send to a specific e-mail address.
Fortinet solutions are designed to work together as an integrated and collaborative security fabric to provide a powerful, integrated end-to-end security solution across the entire attack surface.
FortiGate also can act as an wireless controller, switch controller.
offers two factor authentication using FortiTokens (hardware or Mobile tokens)
you can create virtual domains without any additional license
another point is endpint managment
etc...
With FortiManager you can manage all FortiGates from a single platform or can create Administrative Domains based on geographically locations or your administrators access.
Network Security Coordinator at a energy/utilities company with 1,001-5,000 employees
Real User
2017-03-13T16:04:29Z
Mar 13, 2017
I agree you could look into Fortinet solutions. They're cost effective and offer a lot of other features you might want look at (UTM, WLAN Controllers, etc.). They're also fairly simple to configure and operate and can be centrally managed via FortiManager if it makes sense to you and your budget.
Hello,
i can highly recommend to use Sophos XG firewall as they are extremely easy to use, with all functions you ever need built in. You can also fully manage WI-Fi access points and VPN devices straight for firewall web interface.
As for monitoring there are many solutions - Sophos support more than 1000 reports on usage, but if you need real time security monitoring there is nothing batter than SIEM solutions.
Personally prefer Alien Vault a as customization to your needs are unlimited
Hope this helps :)
Senior Information Technology Support Analyst at E-Solution Tecnologia da Informação
Consultant
2017-03-13T15:52:29Z
Mar 13, 2017
Hello, arguably the Fotigate meets your need, with the Fortiview that is a feature present on the equipment itself, you can show all network traffic, with ports, Protocol, users, if the connection is TCP or UDP and for which firweall rule is coming out.
And to further expand the display, hire the Fortinet Forticloud service. Well, these are just examples, the Fortigate has more resources to provide for the protection of your company's networks.
I'm a big fan of opensource solution, now i'm very satisfied with
pfsense (www.pfsense.org) you can use your own hw or buy some
appliance from netgate.com ( sponsor of pfsense)
Works at a manufacturing company with 1,001-5,000 employees
User
2018-07-23T17:54:57Z
Jul 23, 2018
I use Fortigates as well - those are solid devices - @LZ good writeup in past firmware 5.0 and below Fortinet had issue with firmware upgrades, now it is very clean process. Also I would always recommend A/A or A/P configuration.
EMEA Corporate Business Development Director at a consultancy
Consultant
2017-07-12T10:28:53Z
Jul 12, 2017
I would recommend Zscaler and can introduce you to the head of technical operations who would be very happy to discuss this with you. No appliance required and can indeed replace much of your appliance based stack in your HQ. Cloud based solution, eliminates backhauling and reduces latency to cloud based apps. Takes out need for VPN. Gartner and Forrester leader. Get in touch with me and I will introduce you. Great company and great software.
Managing Director at DWN - Specializes in Meraki-Cisco since 2009
Real User
2017-06-21T16:25:13Z
Jun 21, 2017
All UTM is okay to use, however, I do highly recommend you with Cisco Meraki MX Security appliance (UTM) - the latest technology that all BIG Corp have applied it more and more recently.
Since the most important points you may need to consider for your company is
+ HOW to helps you centralised manage 6 sites with ability to remote control,
+ Intuitive interface to know what's happening at real time,
+ Save lots of cost from your IT labour work, and specially
+ Eliminate your VPN annual services among all the sites (such as MPLS, leaseline, etc) thanks to Meraki WAN optimization (iWAN) .
+ Finally, the cost-investment in long-term is very competitive with BIG SAVINGS compared to all other UTM solutions.
In brief, it does not only helps escape you from the heavy & tough work-load, but also is an effective-investment solution for your company (your boss) and increase the capacity & development at each site.
Hope my sharing is helpful for you, and also to other friends. Thanks & Cheers!
Akamai has a comprehensive set of WAF solutions in the cloud. No capital expenditure, therefore no long term commitment to hardware that quickly becomes obsolete. The added value is increased performance, user friendly and a leading cloud security solution used by the worlds largest enterprises globally.
We have been using Sonicwall for about 12 years but over the last couple of years have been moving to the Sophos SG Series. I know many people complain about Sonicwall reliability issues, but for us the UI just didn't keep up with the features they have added on over the years. I also don't care for the perpetual "early release" firmware. We also have a couple of Fortigate units for specific uses. Very reliable but not nearly as user friendly.
Technical spec i won't say much here, it has to depends on your need (feature to turn on), size (office/datacenter/etc) and budget.
They (firewall maker) can say they are the leader, they have special ability (*haha), best in the world, etc.. but actually they have same purpose, the only difference is marketing term like AMP, ATP, Sandblast, Wildfire etc.
No perfect solution, if you have budget you can go for carrier grade firewall, is like no one can stop you to buying Ferrari.
Below is my view:
1. Checkpoint:
Pros - Good in security, pure-play security company, long history, very clean GUI, very user friendly GUI, large community, large knowledge base, complex deployment, good documentation but not so straight forward.
Cons - Expensive, due to the architecture easily get under size.
2. Fortigate:
Pros - Reasonable price with performance, purpose build ASIC to provide very high network throughput, very high VPN throughput among the competitor, large community, large knowledge base, complex deployment, good documentation and easy to understand explanation.
Cons - Got a lot of feedback that there are some issues when update the firmware (Suspect because ASIC chip compatibility with different firmware)
3. Sonicwall:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, user friendly GUI, good documentation some even have video.
Cons - Due to the Dell acquisition the development has slowdown, they told me they are catching up now, only 1 sale engineer in my country.
4. Sophos:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, very good integrate with their end point solutions.
Cons - There are a lot of users feedback that DPI slowdown the internet speed, very little referrer, they might more focus on their end point solutions.
5. Huawei:
Pros - Cheaper.
Cons - Very little referrer, consume more rack space.
6. Cisco ASA:
Pros - Stable, reliable, good CLI, large user community, good documentation but not so straight forward, more discount if you are Cisco house.
Cons - Need put more effort to understand how to use, GUI is not so user friendly, security is just a part of their business, a lot console need to take care.
7. Cisco FirePOWER (new firmware) :
Pros - FTD will be integrate NGFW feature (VPN and multi context still not support yet)
Cons - Is new release so no comment.
Please let me know if i was wrong, I looking if someone more experience can share his view so that i can add to my evaluation list.
If you are looking to get out of the security hardware business then I think you will want to review the capabilities of Network Box USA. We provide a Managed Security Services solution that does not require you to purchase any hardware or manage the hardware based on our 24x7x7 managed service from our Security Operations Center in Houston, TX.
I would be glad to discuss our unique approach which can be very cost effective and get you away from managing appliances for your six locations.
Depending on the size of the company, most enterprise-level firewalls will demonstrate a centralized management console capable of managing many disparate firewall locations, as well as the virtual elements within each. If you are at this level, my preference would be the Palo Alto system, that allows the administrator to create rules, and abstractions that ultimately lead to an administrator putting together a policy like: "Inbound reverse web proxy" -> "any external system" -> "our reverse proxies" -> "web protocols". So while, this terminology is still ancient rule-base logic, the wording of the policy is actually readable. in other areas of the system you define; what IP address belong to your reverse proxies; what web protocols you will allow, etc..
Like many complex systems, these FWs may be more capable than you need; IPS, FW, threat intelligence, malware detection, etc... just ignore the added features until you find the need to expand your requirements, and they will come naturally if needed.
Finally, traffic analysis - it too is there in the PAs, but relatively rudimentary. It will show volumes, but not keep the kind of traffic history that a good analyzer would provide. Still useful, but your requirements may be more complex than what can be presented.
Hi Terry - Management of diversified firewalls is at the heart of our FireMon solution. We can aggregate all of your firewall traffic, regardless of location and firewall vendor, into a web-based firewall management platform that provides continuous visibility into and analysis of your network security policies and underlying IT risks. The platform proactively delivers cleanup, compliance, and change management through a centralized dashboard. FireMon simply needs to have connectivity from where the FireMon data collector is deployed, along with the traffic and change logs. If you already have a central locations for logs like a SIEM, that can also be used. Check out the list of firewall vendors we support @ www.firemon.com , as well as our capabilities @ www.firemon.com .
DevOps Engineer at a consultancy with 51-200 employees
Real User
2017-03-14T07:42:18Z
Mar 14, 2017
The original question did mention ease of use, showing throughput, and the need to connect several regions which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.
If you know what you're doing then I'd go with pfSense. Powerful and affordable (free even if you can do without the support).
We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data centre rack.
Having spent a long time with Cisco ASAs I'd certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they're rather good if you know what you're doing.
Fortigate Firewalls are best suited for these purpose. You may select the appropriate model either by comparing specs on their website or talking to one of their consultant. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.
Associate Consultant at a tech services company with 10,001+ employees
Consultant
2017-03-14T05:51:40Z
Mar 14, 2017
Please reply the below questions
what kind of traffic to be allowed ? example https, FTP, SFTP etc.,
How many Users will have connection to the Firewall?
Do you want IPS to protect the network ?
Do you want Firewall with redundancy or Standalone ?
Whether Site to Site VPN or Remote Access VPN required ?
Would recommend Cisco Next Generation Firewall Cisco ASA 5500-FTD-X Model based on the business requirement.
Senior Network Engineer at a financial services firm with 501-1,000 employees
Vendor
2017-03-14T04:55:18Z
Mar 14, 2017
I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user friendly and you can generate an efficient reports etc. We are also using Fortigate 310B for web filtering.
Netwrok Admin IT INFRA Team Leader at a comms service provider with 1,001-5,000 employees
Vendor
2017-03-14T04:52:42Z
Mar 14, 2017
I would recommend you fortunate firewall, its provide user friendly gui interface. and nice UTM protection. you can monitor your want traffic on dashboard.
Let me start by asking, what vendors, equipment is in your infrastructure? What are you and your team familiar with? I ask for this reason, I am familiar with Cisco, that may not be what you are familiar with.
We have been successful with Fortinet.
The advantage is that depending on the sites, you might want to setup higher levels in one location and lower level firewalls in others, but since all of them use the same Operating system you can program them similarly.
The other advantages are that you get many functions from these firewalls such as:
1. Fastest firewalls
2. Next Generation Firewalls
3. NSS Labs Recommended
4. ICSA Labs Certifications – 1. Anti-Virus 2. Firewall-Corporate 3. IPSEC-Basic 4. SSL-VPN 5. Network IPS
5. Real-time updates 24x7 from Fortinet automatically
6. Anti-Virus
7. Anti-Malware (ATP)
8. Anti-Spam
9. Web Content Filtering
10. Intrusion Detection and Prevention
11. Firewall
12. Data Loss Protection (DLP)
13. And many more functions….
As to traffic, you can see all of them separately or you can get the FortiAnalyzer and analyze traffic from all of them since you would point all of them to the FortiAnalyzer for that.
For management of all the firewalls and for updating them uniformly, I suggest getting the FortiManager – that will help tremendously.
Cisco is always a good bet. They are reliable and support is good. The down side is that the more advanced features are done via script. Their UI is not that fantastic. Maybe that’s because I am using the old ASA model. However, Cisco engineer are a plenty so it will be easy to get support. I am testing out Fortigate now and their UI is a lot better. Much easier to administer though.
If you are not a regular firewall service manager and this is a first run into the corporate firewall systems, I might suggest checkpoint solutions as a first name in easy to learn and quick to get up and running appliances. Check point take a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.
Regards,
Nige Williamson
Black Dragon Limited
Lead System Administrator at a manufacturing company with 51-200 employees
Vendor
2017-03-13T21:05:10Z
Mar 13, 2017
Personally i suggest pfSense.
I used it for over 6 years in a corporate with 6 different locations and it works perfectly.
It scale very well from small offices to big company datacenter with multiple Gpbs internet connection.
Network Administrator at a non-profit with 201-500 employees
Real User
2017-03-13T20:37:28Z
Mar 13, 2017
I've been running Cyberoam (now SOPHOS) for over 10 years for my firewalls. I've really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.
Consultant at a tech services company with 51-200 employees
Consultant
2017-03-13T20:29:39Z
Mar 13, 2017
My notes.
If it's technically possible and affordable you could consider going with a different provider that lets you have a central firewall and your offices connect to this firewall via a mpls network. That way you have point of entry and you can build one set of rules
If not then you can look for a firewall solution that lets you manage from a central management point as well as provides central reporting. I don't think you need the functionality of deploying firewall based on a template as it sounds like 6 sites.
Sophos provides that using either Sophos XG or Sophos SG firewall, Sophos firewall manager for XG or Sophos utm manager for Sophos SG and Sophos iview for reporting.
If you just require web filtering the. Go with Sophos xg. If you have a bunch of http/s web applications (eg your web site) that you are also wanting the firewall to manage then the Sophos sg is still the way to go.
For user reporting you need to have the ability to identify the user. Assuming you have active directory then this will work using the STAS agent. If not, then you need set up local identitification on the firewall.
Hope that helps
IT Infrastructure Engineer at a tech services company
Consultant
2017-03-13T18:50:23Z
Mar 13, 2017
I would go for fortinet firewall, like FortiGate 90-60 Series and probably 90 at main site and FortiWiFi 60E at remote location given you security well as wireless solutions. VPN to VPN between firewalls for connectivity between sites
Manager of Architecture/Design at a tech services company
Consultant
2017-03-13T18:42:43Z
Mar 13, 2017
Hi we have approx 30 different locations and are using the SonicWall Firewalls with The Global Management Server. Must say the product works like a charm and provides al needed security logging, anything you would need and want to see with regards to your corporate firewalls.
Network Engineer at a tech services company with 1,001-5,000 employees
Consultant
2017-03-13T18:39:28Z
Mar 13, 2017
There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:
1. What is the budget for the hardware
2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)
3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)
4. What throughput is needed per site
5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?
If you can pinpoint these you're on a good course to selecting a vendor.
To name but a few my personal preference would be:
Cisco Meraki (if you want to have a cloud managed SD-WAN solution) Expencive based on throughput
Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based) SD-WAN ready out of the box (really read into this as the benefits aren't as peachy as they may first seem), its Cisco so a very steep learning curve. Very feature rich.
FortiNet (if you need UTM/Application firewall) Cost effective, one of the top Vendors in the Garner magic quadrant
Very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Checkpoint but in the same league all throughout the product range), FortiNet have a fill security fabric, so in the future if you're looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load balancers, Traffic Analysers, access switches, Cloud-based network logging ect.. They have solutions for this that seamlessly integrate.
WatchGuard basic Firewall VPN and access rule functionality. Cost effective: does what it says on the tin VPN standard firewall policies.
Not used personally but have customers who do, look extremely simple to set up and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what's on the tin in a basic way.
Corporate Trainer / Systems Administrator at a computer software company with 51-200 employees
Vendor
2017-03-13T17:48:56Z
Mar 13, 2017
I recommend pfSense firewall. It is a free, user-friendly, BSD based Enterprise level firewall that can handle IPSec connections, failover, multiple WAN, multiple LAN, VLANs, filtering, and more. Always the best, and very easy to setup and maintain. Have used it for over 10 years in Enterprise environments using the simplest of machines and esxi builds.
My recommendation is Cisco ASA firewalls. Other brands I've used Sonicwall, Watchguard, and Checkpoint. These other brands have run into issue with L2L VPN and VoIP. The VoIP service was not reliable and would drop service unexpectedly or would not connect. The ASA's have been extremely reliable with L2L and VoIP. I have locations in California, Germany and Ireland, all using ASA's with no issue.
It depends on the size of each one of the six structures (number of stations, for example),
but for SOHO structures we use to implement PFSENSE, wich have most of the resources that you miss in
your firewall, and can implement IPSEC, L2TP or OpenVPN.
One of our clients connects its Brazilian office with Chinese Office. In China they have a Fortigate (a Fortinet Firewall), and
here in Brazil they have a PfSense.
Owner at a tech services company with 51-200 employees
Real User
2017-03-13T16:24:22Z
Mar 13, 2017
Next generation firewall like WatchGuard.
-Multi site VPN
-Antivirus/malware protection
-app blocking
-site category blocking
-user / group policy roles
-AD integration
-reporting
-two was to manage it. Web interface and local PC policy manager.
*dimensioning report server to log all information that is under Hippa and PCI.
With the rise of cloud services, organisations are going more for local breakout to optimise the traffic performance from their site to the closest cloud service node. Access to the internet in general would also benefit from this design. If this make sense in the context of our colleague then an implementation of local FW on each of the 6 sites could be a solution. This design would also allow internal segmentation as each site could be protected against a potential propagation of a threat one site to the other. On the operation side FW technologies allow central management and push of rules to the sites FW. Visibility of traffic would be available as FW technology allow delegation of rights such as read only mode to the customer in case this is a FW managed service operated by a service provider.
The Esdenera Firewall 3 is a trusted and intelligent enterprise network firewall for the cloud. It has a very user friendly interface. You will find more information at www.esdenera.com
If you intend to use a cloud based firewall you may want to get a deep dive into virtualization technology for all the available vendors. Then decide which features versus ease of use you need. Also, if it is no only firewalling but security as a service, you might go deep on CASB (Cloud Access Security Broker) and get some insight of the trending around cloud security, such as cloud mail protection and cloud endpoint management. I might as well suggest you to talk with your service providers and see where their managed services stand.
systems engineer at a retailer with 11-50 employees
Real User
2017-03-13T16:11:22Z
Mar 13, 2017
The Watchguard System Manager utility gives firewall traffic on one of its windows called the Firewall system manager. I suspect it only works with Watchguard firewalls.
It depends on the security services that you want to implement, you must have at least IPS, Anti virus, web filter, application control, desirable anti malware feature, these features comes with a Next Generation Firewall. In order to manage the solution, monitor the equipment and view the statistics, you must use a manufacturer's own management tool that can collect event logs, snmp traps or X-Flow flows, and help you with centralized policy deployment.
Director de Tecnologías de Información at a retailer
Vendor
2017-03-13T16:07:04Z
Mar 13, 2017
For an OnPremise solution I agree with the fortinet recommendation, the UTM funcionality is easy to deploy and the user interface (Fortiview) is very useful even to non-experts.
For an open source solution I will rely on the PFSense implementations.
For a 100% cloud base solution, Zscaler works well.
See Webroot - it's a web-based security via API and a leader in security. Peripheral firewalls aren't the answer. You should also keep upto date with your SSL certificates and tracking. But that's next steps
Account Manager at a integrator with 201-500 employees
Vendor
2017-03-13T15:55:14Z
Mar 13, 2017
If you look for excellent security with the best possible insight in whats actually traversing your FW, AND wants something that is the easiest one to manage you should check out Palo Alto Networks Firewalls. They are the only TRUE application Firewalls, so if you don't wont to keep on the hopeless fight with opening ports and thus damage your security that is what you should go for. With their new models you might be able to solve it with the PA-220 and possibly the PA-820 if you have some site that is large with a lot of traffic. And forget all you might have heard about Palo being expensive - the new models are actually fairly cheap. So go check them out...
Sr. Systems Engineer at a tech services company with 51-200 employees
Consultant
2017-03-13T15:55:00Z
Mar 13, 2017
I recommend Sophos (formally Astaro), their SG firewalls and then the RED remote units are easy to setup and will allow reporting based off the traffic.
Product Support Engineer at a tech company with 1,001-5,000 employees
Vendor
2017-03-13T15:53:44Z
Mar 13, 2017
Hi Terry,
Generally speaking, you can implement hub-and-spoke where all traffic from remote sites are routed to the internet through hub (main) firewall where you can implement some IDS/IPS/Web filter policies. Also, remote sites are connecting to hub either by site-to-site VPN or MPLS link.
-Hub (main): The firewall must be able to handle traffic from local (main) and remote sites. For WAN redundancy, use two internet links from two different ISPs.
-Spoke (remote): Two default routes with different metric, one to go out to the internet via Hub and in case the hub is not available, the second default route to route internet traffic via spoke ISP link.
-You can use Fortigate as they have many models to fit your needs along with many security features (IPS,IDS,Web Filter, DLP,Anti-Virus ... etc ). For reporting, you can use FortiAnalyzer to give you nice reporting about traffic from local / remote sites.
I recommend a next generation firewall! Preferably cloud based unless you have a data center or servers that all your employees need to access from all 6 locations?
I'd recommend the Meraki MX series of firewalls - if you have several locations that you need to monitor the dashboard is great for making changes with out having to be at the location. you can also monitor the traffic for each one separately ....
You could use WatchGuard company for the firewall, it's ideally suited for SMB companies. A model like M300 for the headquarters and maybe T50(or T70) for the other locations (depends on the bandwidth between the sites and the number of employees at each site).
The user interface is really simple. You also have good visibility of your traffic through Dimension (which comes freely with the solution) and with the Total Security Bundle you have all the services that you need. Hope this helps you decide.
hi, I can assure you that 6 fortigate 100d can do the job, also if you want to extend your monitoring experience, with splunk you can do a lot of things...
A firewall is a device used for network security. It monitors network traffic (both incoming and outgoing) and then, based on a set of security rules, either permits or blocks data packets.
I would recommend Sophos UTM9. We've been using it for more than 2 years and it's stable. Although Sophos is already recommending their newest XG line the UTM9 version is very stable and still has a large community support. The UI is intuitive and features are up to par for your most demanding policy enforcement. Like all the posts before, you have to determine appropriately the scale and expected TPT for your traffic so that your organization can decide the appropriate device model for the task. Sophos also has a unified Management UI for managing all your firewalls in one place called Sophos Firewall Manager. Whether you like to deploy a full blown firewall appliance per site or RED devices, Sophos Firewall would most probably be one of your organizations top choice.
pfSence will easily let you interconnect all 6 locations. It has a terrific GUI interface and fantastic tools for openvpn. The support guys are the best I have ever worked with. And once you master it, it is entirely free.
Yo recomiendo FortiGate de Fortinet, que tiene una administración muy sencilla pero que es lider en el cuadrante de Gartner en UTM
Go for Fortinet Firewall, Its interface is very user friendly, multiple features and easy implementation low cost compared to other high-end firewalls and good technical support.
At Corporate Headquarter analyze one of the following models.
FG-200D FG-200E FG-300D FG-500D FG-600D
At remote site following models are recommended
FG/FWF-30E FG/FWF-50E FG/FWF-60D FG/FWF-60E FG-80D
Specification can be compared on the following link. However please note the specs are for ideal situations. I recommend to analyze each specs by 1/3 factor for practical implementation.
www.fortinet.com
The FortiGate line is great for global networks. You need to size them for your traffic and type of protection (web filtering; IPS; antivirus; VPN; BotNet protection; etc) since each additional service enables requires a larger system. We find the FortiGates very affordable and very effective at keeping our networks secure globally. One bit of advice is that you consider the series when choosing hardware - a FG-100E is more powerful than a FG-100D and far more powerful than a 'C' series (although those should no longer be sold).
I would recommend Palo Alto networks. Their NGFW platform is one of the only vendors affecting single pass. Single pass means no matter what services are turned on it's a single pass across the box. Also SSL decryption is need in this day an age with the ever increasing https traffic that is out there. They also have a great AWS solution for auto scaling VPN for remote users.
pfSense can do what you need it to do. We've deployed many firewalls for companies with geographically-dispersed locations, all with different needs and requirements. Hub and spoke could very well be the solution here. With the easy-to-use GUI and robust feature set, you'll certainly be happier with it than you are with your current product. Our professional services team can handle the configuration and deployment for you.
Check out Palo Alto Networks, maybe the PA-800 Series. You can manage all 6 locations from a single interface with Palo Alto Panorama. If you need expertise just find a local partner in your area with this link: locator.paloaltonetworks.com
Hi,
choosing right FW solution is not simple. must have on mind what we want to achieve, IT staff experience and etc. there are not good or bad solutions, only good or bad deployment.
in your case, i will suggest Meraki MX appliance.
cloud based management, automatically VPN between devices into same organization unit, L3-L7 FW, content filtering, AD integration, easy web management and many more.
BR
Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).
Forget all that code and text interface nonsense.
Meraki rocks. Cisco bought this company because they were such a threat. Thank me later
Frank Horwich
303.601.4009
I recommend FortiGate firewalls, but more information its needed (the scope, traffic, what to protect ...) to determine the model.
With FortiCloud service you can monitor the traffic (its not needed to be the administrator). You also, can schedule daily reports to send to a specific e-mail address.
Fortinet solutions are designed to work together as an integrated and collaborative security fabric to provide a powerful, integrated end-to-end security solution across the entire attack surface.
FortiGate also can act as an wireless controller, switch controller.
offers two factor authentication using FortiTokens (hardware or Mobile tokens)
you can create virtual domains without any additional license
another point is endpint managment
etc...
With FortiManager you can manage all FortiGates from a single platform or can create Administrative Domains based on geographically locations or your administrators access.
Sir,
I recommend SOPHOS in Head Office XG-310 & branches XG-85 or XG-105
Head Office Users 50 -100 / Branches Users from 5 - 25
I agree you could look into Fortinet solutions. They're cost effective and offer a lot of other features you might want look at (UTM, WLAN Controllers, etc.). They're also fairly simple to configure and operate and can be centrally managed via FortiManager if it makes sense to you and your budget.
Hello,
i can highly recommend to use Sophos XG firewall as they are extremely easy to use, with all functions you ever need built in. You can also fully manage WI-Fi access points and VPN devices straight for firewall web interface.
As for monitoring there are many solutions - Sophos support more than 1000 reports on usage, but if you need real time security monitoring there is nothing batter than SIEM solutions.
Personally prefer Alien Vault a as customization to your needs are unlimited
Hope this helps :)
Hello, arguably the Fotigate meets your need, with the Fortiview that is a feature present on the equipment itself, you can show all network traffic, with ports, Protocol, users, if the connection is TCP or UDP and for which firweall rule is coming out.
And to further expand the display, hire the Fortinet Forticloud service. Well, these are just examples, the Fortigate has more resources to provide for the protection of your company's networks.
Hi,
I'm a big fan of opensource solution, now i'm very satisfied with
pfsense (www.pfsense.org) you can use your own hw or buy some
appliance from netgate.com ( sponsor of pfsense)
Other payed solution can be Mikrotik (is a linux base), Ubiquiti
www.ubnt.com or Fortinet
www.fortinet.com
I use Fortigates as well - those are solid devices - @LZ good writeup in past firmware 5.0 and below Fortinet had issue with firmware upgrades, now it is very clean process. Also I would always recommend A/A or A/P configuration.
I would recommend Zscaler and can introduce you to the head of technical operations who would be very happy to discuss this with you. No appliance required and can indeed replace much of your appliance based stack in your HQ. Cloud based solution, eliminates backhauling and reduces latency to cloud based apps. Takes out need for VPN. Gartner and Forrester leader. Get in touch with me and I will introduce you. Great company and great software.
All UTM is okay to use, however, I do highly recommend you with Cisco Meraki MX Security appliance (UTM) - the latest technology that all BIG Corp have applied it more and more recently.
Since the most important points you may need to consider for your company is
+ HOW to helps you centralised manage 6 sites with ability to remote control,
+ Intuitive interface to know what's happening at real time,
+ Save lots of cost from your IT labour work, and specially
+ Eliminate your VPN annual services among all the sites (such as MPLS, leaseline, etc) thanks to Meraki WAN optimization (iWAN) .
+ Finally, the cost-investment in long-term is very competitive with BIG SAVINGS compared to all other UTM solutions.
In brief, it does not only helps escape you from the heavy & tough work-load, but also is an effective-investment solution for your company (your boss) and increase the capacity & development at each site.
Hope my sharing is helpful for you, and also to other friends. Thanks & Cheers!
Akamai has a comprehensive set of WAF solutions in the cloud. No capital expenditure, therefore no long term commitment to hardware that quickly becomes obsolete. The added value is increased performance, user friendly and a leading cloud security solution used by the worlds largest enterprises globally.
We have been using Sonicwall for about 12 years but over the last couple of years have been moving to the Sophos SG Series. I know many people complain about Sonicwall reliability issues, but for us the UI just didn't keep up with the features they have added on over the years. I also don't care for the perpetual "early release" firmware. We also have a couple of Fortigate units for specific uses. Very reliable but not nearly as user friendly.
I'm also evaluating firewall: Checkpoint, Fortigate, Sonicwall, Sophos, Huawei, Cisco ASA, Cisco FirePOWER, Juniper
Technical spec i won't say much here, it has to depends on your need (feature to turn on), size (office/datacenter/etc) and budget.
They (firewall maker) can say they are the leader, they have special ability (*haha), best in the world, etc.. but actually they have same purpose, the only difference is marketing term like AMP, ATP, Sandblast, Wildfire etc.
No perfect solution, if you have budget you can go for carrier grade firewall, is like no one can stop you to buying Ferrari.
Below is my view:
1. Checkpoint:
Pros - Good in security, pure-play security company, long history, very clean GUI, very user friendly GUI, large community, large knowledge base, complex deployment, good documentation but not so straight forward.
Cons - Expensive, due to the architecture easily get under size.
2. Fortigate:
Pros - Reasonable price with performance, purpose build ASIC to provide very high network throughput, very high VPN throughput among the competitor, large community, large knowledge base, complex deployment, good documentation and easy to understand explanation.
Cons - Got a lot of feedback that there are some issues when update the firmware (Suspect because ASIC chip compatibility with different firmware)
3. Sonicwall:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, user friendly GUI, good documentation some even have video.
Cons - Due to the Dell acquisition the development has slowdown, they told me they are catching up now, only 1 sale engineer in my country.
4. Sophos:
Pros - Seldom see in complex deployment but good in office/branch deployment, cheaper, clean GUI, very good integrate with their end point solutions.
Cons - There are a lot of users feedback that DPI slowdown the internet speed, very little referrer, they might more focus on their end point solutions.
5. Huawei:
Pros - Cheaper.
Cons - Very little referrer, consume more rack space.
6. Cisco ASA:
Pros - Stable, reliable, good CLI, large user community, good documentation but not so straight forward, more discount if you are Cisco house.
Cons - Need put more effort to understand how to use, GUI is not so user friendly, security is just a part of their business, a lot console need to take care.
7. Cisco FirePOWER (new firmware) :
Pros - FTD will be integrate NGFW feature (VPN and multi context still not support yet)
Cons - Is new release so no comment.
Please let me know if i was wrong, I looking if someone more experience can share his view so that i can add to my evaluation list.
Iz
Good Day Terry,
If you are looking to get out of the security hardware business then I think you will want to review the capabilities of Network Box USA. We provide a Managed Security Services solution that does not require you to purchase any hardware or manage the hardware based on our 24x7x7 managed service from our Security Operations Center in Houston, TX.
I would be glad to discuss our unique approach which can be very cost effective and get you away from managing appliances for your six locations.
Mark Manion
National Sales Manager
mark.manion@networkboxusa.com
www.networkboxusa.com
716-989-1134
Depending on the size of the company, most enterprise-level firewalls will demonstrate a centralized management console capable of managing many disparate firewall locations, as well as the virtual elements within each. If you are at this level, my preference would be the Palo Alto system, that allows the administrator to create rules, and abstractions that ultimately lead to an administrator putting together a policy like: "Inbound reverse web proxy" -> "any external system" -> "our reverse proxies" -> "web protocols". So while, this terminology is still ancient rule-base logic, the wording of the policy is actually readable. in other areas of the system you define; what IP address belong to your reverse proxies; what web protocols you will allow, etc..
Like many complex systems, these FWs may be more capable than you need; IPS, FW, threat intelligence, malware detection, etc... just ignore the added features until you find the need to expand your requirements, and they will come naturally if needed.
Finally, traffic analysis - it too is there in the PAs, but relatively rudimentary. It will show volumes, but not keep the kind of traffic history that a good analyzer would provide. Still useful, but your requirements may be more complex than what can be presented.
Hi Terry - Management of diversified firewalls is at the heart of our FireMon solution. We can aggregate all of your firewall traffic, regardless of location and firewall vendor, into a web-based firewall management platform that provides continuous visibility into and analysis of your network security policies and underlying IT risks. The platform proactively delivers cleanup, compliance, and change management through a centralized dashboard. FireMon simply needs to have connectivity from where the FireMon data collector is deployed, along with the traffic and change logs. If you already have a central locations for logs like a SIEM, that can also be used. Check out the list of firewall vendors we support @ www.firemon.com , as well as our capabilities @ www.firemon.com .
I recomend you to go with Fortinet or Sonicwall.
The original question did mention ease of use, showing throughput, and the need to connect several regions which is why I recommended Meraki products. IMO they are by far the easiest firewall to set up and a total no-brainer for distributed use. It is nigh on impossible to accidentally disconnect your remote offices due to configuration mess up and even if you do then the out-of-band management will allow you to correct the issue.
If you know what you're doing then I'd go with pfSense. Powerful and affordable (free even if you can do without the support).
We have Meraki MX in our HQ office as the needs there are simple and ease of management is a top priority along with all the stuff the Advanced Security license brings. We use pfSense in our data centre rack.
Having spent a long time with Cisco ASAs I'd certainly not recommend them to the OP due to being far too complex to set up without experience or training. Although they're rather good if you know what you're doing.
Fortigate Firewalls are best suited for these purpose. You may select the appropriate model either by comparing specs on their website or talking to one of their consultant. Only, shortfall with Fortigate is, one needs to be trained to configure and manage these devices. So, you either learn it yourself or signup a support partner. Online support is not very great for setting the device up. But, pretty quick and efficient in helping resolve specific issues faced.
Please follow answer of Irvin Gaerlan for sophos UTM.
Please reply the below questions
what kind of traffic to be allowed ? example https, FTP, SFTP etc.,
How many Users will have connection to the Firewall?
Do you want IPS to protect the network ?
Do you want Firewall with redundancy or Standalone ?
Whether Site to Site VPN or Remote Access VPN required ?
Would recommend Cisco Next Generation Firewall Cisco ASA 5500-FTD-X Model based on the business requirement.
I think you can use, Fortigate Firewall, Barracuda WebFilter Firewall. They are user friendly and you can generate an efficient reports etc. We are also using Fortigate 310B for web filtering.
I would recommend you fortunate firewall, its provide user friendly gui interface. and nice UTM protection. you can monitor your want traffic on dashboard.
Let me start by asking, what vendors, equipment is in your infrastructure? What are you and your team familiar with? I ask for this reason, I am familiar with Cisco, that may not be what you are familiar with.
We have been successful with Fortinet.
The advantage is that depending on the sites, you might want to setup higher levels in one location and lower level firewalls in others, but since all of them use the same Operating system you can program them similarly.
The other advantages are that you get many functions from these firewalls such as:
1. Fastest firewalls
2. Next Generation Firewalls
3. NSS Labs Recommended
4. ICSA Labs Certifications – 1. Anti-Virus 2. Firewall-Corporate 3. IPSEC-Basic 4. SSL-VPN 5. Network IPS
5. Real-time updates 24x7 from Fortinet automatically
6. Anti-Virus
7. Anti-Malware (ATP)
8. Anti-Spam
9. Web Content Filtering
10. Intrusion Detection and Prevention
11. Firewall
12. Data Loss Protection (DLP)
13. And many more functions….
As to traffic, you can see all of them separately or you can get the FortiAnalyzer and analyze traffic from all of them since you would point all of them to the FortiAnalyzer for that.
For management of all the firewalls and for updating them uniformly, I suggest getting the FortiManager – that will help tremendously.
For FortiAnalyzer - www.fortinet.com
For FortiManager - www.fortinet.com
For FortiOS (Fortigate Operating System ) - www.fortinet.com
I would use Cisco ASA NG appliances.
I recommended fortigate 100d firewall..
Cisco is always a good bet. They are reliable and support is good. The down side is that the more advanced features are done via script. Their UI is not that fantastic. Maybe that’s because I am using the old ASA model. However, Cisco engineer are a plenty so it will be easy to get support. I am testing out Fortigate now and their UI is a lot better. Much easier to administer though.
Depending on size FortiNet for small to medium-sized and Palo Alto for
larger deployments and/or complexity. IMHO
If you are not a regular firewall service manager and this is a first run into the corporate firewall systems, I might suggest checkpoint solutions as a first name in easy to learn and quick to get up and running appliances. Check point take a very logical approach to security and it is up there with the best. As for bells and whistles, get a briefing from a vendor and see if it is a fit for your finances, pretty sure your 6 sites will be managed with ease.
Regards,
Nige Williamson
Black Dragon Limited
Personally i suggest pfSense.
I used it for over 6 years in a corporate with 6 different locations and it works perfectly.
It scale very well from small offices to big company datacenter with multiple Gpbs internet connection.
The support team, if you paid for it, is great.
I've been running Cyberoam (now SOPHOS) for over 10 years for my firewalls. I've really enjoyed the Cyberoam Support over the years those guys are great to work with. I have also been looking at the Meraki units for future upgrades to save a bit of money, and get a bit more visibility in one the traffic. You really have to weigh the money you have for the project and the number of users at each of the locations to know which solution is best for your organization.
My notes.
If it's technically possible and affordable you could consider going with a different provider that lets you have a central firewall and your offices connect to this firewall via a mpls network. That way you have point of entry and you can build one set of rules
If not then you can look for a firewall solution that lets you manage from a central management point as well as provides central reporting. I don't think you need the functionality of deploying firewall based on a template as it sounds like 6 sites.
Sophos provides that using either Sophos XG or Sophos SG firewall, Sophos firewall manager for XG or Sophos utm manager for Sophos SG and Sophos iview for reporting.
If you just require web filtering the. Go with Sophos xg. If you have a bunch of http/s web applications (eg your web site) that you are also wanting the firewall to manage then the Sophos sg is still the way to go.
For user reporting you need to have the ability to identify the user. Assuming you have active directory then this will work using the STAS agent. If not, then you need set up local identitification on the firewall.
Hope that helps
Pfsense is an excellent solution
I would go for fortinet firewall, like FortiGate 90-60 Series and probably 90 at main site and FortiWiFi 60E at remote location given you security well as wireless solutions. VPN to VPN between firewalls for connectivity between sites
Hi we have approx 30 different locations and are using the SonicWall Firewalls with The Global Management Server. Must say the product works like a charm and provides al needed security logging, anything you would need and want to see with regards to your corporate firewalls.
There are a few questions I would ask myself first before choosing a firewall vendor they would be as follows:
1. What is the budget for the hardware
2. What kind of connectivity is present at each site (e.g DSL, IPVPN, Leased Line, 3G/4G etc.)
3. What is the traffic profile for each site (running mostly web applications, SQL, social media etc)
4. What throughput is needed per site
5. Do you require more advanced UTM functionally to secure/protect internal infrastructure?
If you can pinpoint these you're on a good course to selecting a vendor.
To name but a few my personal preference would be:
Cisco Meraki (if you want to have a cloud managed SD-WAN solution) Expencive based on throughput
Very nice interface, lots and lots of detail about traffic on your network requires licensing (OpEx costs as cloud based) SD-WAN ready out of the box (really read into this as the benefits aren't as peachy as they may first seem), its Cisco so a very steep learning curve. Very feature rich.
FortiNet (if you need UTM/Application firewall) Cost effective, one of the top Vendors in the Garner magic quadrant
Very nice interface learning curve to overcome as a more advanced piece of kit (more cost effective especially when compared with the likes of Cisco, Palo Alto and Checkpoint but in the same league all throughout the product range), FortiNet have a fill security fabric, so in the future if you're looking for desktop AntiVirus/Email appliances (FortiClient), WAN Load balancers, Traffic Analysers, access switches, Cloud-based network logging ect.. They have solutions for this that seamlessly integrate.
WatchGuard basic Firewall VPN and access rule functionality. Cost effective: does what it says on the tin VPN standard firewall policies.
Not used personally but have customers who do, look extremely simple to set up and configure, would say cheapest and easiest to use of all mentioned but nowhere near as advanced or feature-rich. You get only what's on the tin in a basic way.
I recommend pfSense firewall. It is a free, user-friendly, BSD based Enterprise level firewall that can handle IPSec connections, failover, multiple WAN, multiple LAN, VLANs, filtering, and more. Always the best, and very easy to setup and maintain. Have used it for over 10 years in Enterprise environments using the simplest of machines and esxi builds.
My recommendation is Cisco ASA firewalls. Other brands I've used Sonicwall, Watchguard, and Checkpoint. These other brands have run into issue with L2L VPN and VoIP. The VoIP service was not reliable and would drop service unexpectedly or would not connect. The ASA's have been extremely reliable with L2L and VoIP. I have locations in California, Germany and Ireland, all using ASA's with no issue.
It depends on the size of each one of the six structures (number of stations, for example),
but for SOHO structures we use to implement PFSENSE, wich have most of the resources that you miss in
your firewall, and can implement IPSEC, L2TP or OpenVPN.
One of our clients connects its Brazilian office with Chinese Office. In China they have a Fortigate (a Fortinet Firewall), and
here in Brazil they have a PfSense.
I'd go for Meraki MX firewalls. Very easy to use and set up and a single web dashboard to access/configure all your sites.
Cyberoam NG series / Sophos UTM
I recommend Sophos UTM for ease of use, relatively low cost and flexibility.
or Fortigate if your budget allows
I am a huge fan of SonicWALL with Comprehensive gateway Security for all my firewall scenarios.
From an ease of use and security track record, they just work.
I have put 4 and 2 site medical practices in place with SonicWALL site to site VPNs without a hitch.
Cisco ASA 5500 series.
Next generation firewall like WatchGuard.
-Multi site VPN
-Antivirus/malware protection
-app blocking
-site category blocking
-user / group policy roles
-AD integration
-reporting
-two was to manage it. Web interface and local PC policy manager.
*dimensioning report server to log all information that is under Hippa and PCI.
I would recommend Meraki.
With the rise of cloud services, organisations are going more for local breakout to optimise the traffic performance from their site to the closest cloud service node. Access to the internet in general would also benefit from this design. If this make sense in the context of our colleague then an implementation of local FW on each of the 6 sites could be a solution. This design would also allow internal segmentation as each site could be protected against a potential propagation of a threat one site to the other. On the operation side FW technologies allow central management and push of rules to the sites FW. Visibility of traffic would be available as FW technology allow delegation of rights such as read only mode to the customer in case this is a FW managed service operated by a service provider.
Look at. Cisco's - Meraki - product line. Check out their waps as well as their security appliances (firewalls).
Forget all that code and text interface nonsense.
Meraki rocks. Cisco bought this company because they were such a threat. Thank me later
The Esdenera Firewall 3 is a trusted and intelligent enterprise network firewall for the cloud. It has a very user friendly interface. You will find more information at www.esdenera.com
If you intend to use a cloud based firewall you may want to get a deep dive into virtualization technology for all the available vendors. Then decide which features versus ease of use you need. Also, if it is no only firewalling but security as a service, you might go deep on CASB (Cloud Access Security Broker) and get some insight of the trending around cloud security, such as cloud mail protection and cloud endpoint management. I might as well suggest you to talk with your service providers and see where their managed services stand.
The Watchguard System Manager utility gives firewall traffic on one of its windows called the Firewall system manager. I suspect it only works with Watchguard firewalls.
The top UTMs/Corporate Firewalls:
1. Fortinet
2. CheckPoint
3. Watchguard
4. Sophos
5. Dell SonicWall
For ease of use, Meraki
For longevity and economy - Sonicwall
I recommend use pfSense in this scenario!
It depends on the security services that you want to implement, you must have at least IPS, Anti virus, web filter, application control, desirable anti malware feature, these features comes with a Next Generation Firewall. In order to manage the solution, monitor the equipment and view the statistics, you must use a manufacturer's own management tool that can collect event logs, snmp traps or X-Flow flows, and help you with centralized policy deployment.
Palo Alto Networks Next-Generation Firewalls gives you total control of your traffic based on Layer 7 policies and monitoring.
For an OnPremise solution I agree with the fortinet recommendation, the UTM funcionality is easy to deploy and the user interface (Fortiview) is very useful even to non-experts.
For an open source solution I will rely on the PFSense implementations.
For a 100% cloud base solution, Zscaler works well.
Hi,
I would recommend the Fortinet Firewall it is user friendly and it will show the traffic
I must use Sonicwall firewall with grate amount of support do not use Sophos there is no support for that product.
See Webroot - it's a web-based security via API and a leader in security. Peripheral firewalls aren't the answer. You should also keep upto date with your SSL certificates and tracking. But that's next steps
If you look for excellent security with the best possible insight in whats actually traversing your FW, AND wants something that is the easiest one to manage you should check out Palo Alto Networks Firewalls. They are the only TRUE application Firewalls, so if you don't wont to keep on the hopeless fight with opening ports and thus damage your security that is what you should go for. With their new models you might be able to solve it with the PA-220 and possibly the PA-820 if you have some site that is large with a lot of traffic. And forget all you might have heard about Palo being expensive - the new models are actually fairly cheap. So go check them out...
I recommend Sophos (formally Astaro), their SG firewalls and then the RED remote units are easy to setup and will allow reporting based off the traffic.
Hi Terry,
Generally speaking, you can implement hub-and-spoke where all traffic from remote sites are routed to the internet through hub (main) firewall where you can implement some IDS/IPS/Web filter policies. Also, remote sites are connecting to hub either by site-to-site VPN or MPLS link.
-Hub (main): The firewall must be able to handle traffic from local (main) and remote sites. For WAN redundancy, use two internet links from two different ISPs.
-Spoke (remote): Two default routes with different metric, one to go out to the internet via Hub and in case the hub is not available, the second default route to route internet traffic via spoke ISP link.
-You can use Fortigate as they have many models to fit your needs along with many security features (IPS,IDS,Web Filter, DLP,Anti-Virus ... etc ). For reporting, you can use FortiAnalyzer to give you nice reporting about traffic from local / remote sites.
checkpoint or forcepoint with single management (and logging) capabilities.
I recommend a next generation firewall! Preferably cloud based unless you have a data center or servers that all your employees need to access from all 6 locations?
Cyberoam products are really good i think you should make a research about it
Are you looking for in-house hw based units? If so I would recommend Fortinet's Fortigate solution.
I'd recommend the Meraki MX series of firewalls - if you have several locations that you need to monitor the dashboard is great for making changes with out having to be at the location. you can also monitor the traffic for each one separately ....
You could use WatchGuard company for the firewall, it's ideally suited for SMB companies. A model like M300 for the headquarters and maybe T50(or T70) for the other locations (depends on the bandwidth between the sites and the number of employees at each site).
The user interface is really simple. You also have good visibility of your traffic through Dimension (which comes freely with the solution) and with the Total Security Bundle you have all the services that you need. Hope this helps you decide.
I would recommend a hardware firewall on premise HQ
Then MPLS on the regional offices.
Have implemented a similar setup and its working so well.
hi, I can assure you that 6 fortigate 100d can do the job, also if you want to extend your monitoring experience, with splunk you can do a lot of things...
I recommend PA 5020 firewall.
I would recommend firewall devices from FortiNet. They can be configured as Full UTM, NG Firewall, Web Filtering device, etc…