2022-12-05T04:55:00Z

Which firewall solution is best for an educational institution?

Hello peers,

We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping.

Which firewall solution would you suggest our institution use?

Thank you for your help.

Gulzar C - PeerSpot reviewer
Senior IT Consultant at Gateway information networks
  • 12
  • 296
8
PeerSpot user
8 Answers
PraveenMoule - PeerSpot reviewer
System Network Administrator at Mungi Engineers Pvt. Ltd.
Real User
Top 5Leaderboard
2023-01-11T10:37:18Z
Jan 11, 2023

pfSense is the best. We have used it in our organization for the last 7 yrs without any issues. The best part is that it is completely open source. You can download images for free and install them on any old machine having more than 1 lan card, it can do that amazingly.

Search for a product comparison in Firewalls
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
2023-01-13T16:50:02Z
Jan 13, 2023

Ubiquiti Edge Infinity router, guaranteed. I am working in a school with exactly the same number of students and have never had a problem, the only drawback is that you must be a professional with routing knowledge, and the interface is not as friendly as other brands.

Besides that, any other options or functionalities are there.

Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
User
Top 5
Apr 14, 2023

Also Unifi can do the job, "Unifi dream machine SE", but you should change all equipment to this brand, highly highly recommend if you dont have already a lot of equipment for replace !!!

PeerSpot user
Harish (Kumar) - PeerSpot reviewer
Cyber Security and IT Head at Aeren
Real User
Top 5Leaderboard
2023-04-12T07:11:33Z
Apr 12, 2023

I would like to suggest Checkpoint QUANTUM SPARK SECURITY APPLIANCE - 1600 /1800.

Pro :
* Very simple installation. - One touch
* Clean User interface.
* Simple to use and easy to understand
* can handle 500+ nodes easily
* All standard features available IPS, AV, Sandboxing, VPN, etc
* Very competitive prices

Con :
* Support can be challenging sometimes.

BilalAslam - PeerSpot reviewer
Pre Sales Engineer /Network Engineer at Comstar - Information Systems Associates Ltd.
Real User
Top 10
2023-01-13T15:47:27Z
Jan 13, 2023

I would like to suggest you use pfSense for all the above-mentioned activities. You can even filter your content with pfSesne but in restricted options.

CL
Senior IT Infrastructure Engineer at Tecnoage
User
Top 20
2023-01-12T13:21:56Z
Jan 12, 2023

Hello Gulzar, It depends on what kind of protection you want. pfSense is a layer3 firewall, where you'll be unable to filter applications properly, because applications like Facebook, Instagram, etc, are layer 7 applications.
By the way, the web proxy cache used by pfSense (for example) has a lot of known issues with https protocol filter. So, if you intend to have improved protection I recommend Sophos XGS Firewall.

Richard Artes - PeerSpot reviewer
Senior Network Admin at a educational organization with 501-1,000 employees
Real User
Top 5Leaderboard
2023-01-11T08:13:51Z
Jan 11, 2023

We've been using Sophos UTM at a similar-sized school for the past 5 years, and it's been very good. But now they are stopping UTM development, so we looked at Sophos XG and Fortigate. Fortigate was slightly cheaper than Sophos (depends on your reseller of course). If you're in the UK, Smoothwall is also worth a look, it is specially designed for schools.

Learn what your peers think about Fortinet FortiGate. Get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
735,226 professionals have used our research since 2012.
CR
Director at REDCO
Reseller
Top 5Leaderboard
2022-12-07T20:01:00Z
Dec 7, 2022

Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings 

Shibu Babuchandran - PeerSpot reviewer
Regional Manager/ Service Delivery Manager at a tech services company with 201-500 employees
Real User
ExpertModerator
2022-12-07T06:11:39Z
Dec 7, 2022

Hi @Gulzar C ​, Some of the preferred solutions seen in educational institutes are mentioned below:



  • Sophos.

  • Fortinet Fortigate.

  • Juniper SRX Firewall.

  • SonicWall.

MK
Director at SafeSquid Labs
Real User
Jan 12, 2023

Default configuration of all standard routers does not allow incoming traffic.
Firewalls are broadly of two types - Network Layer and Application Layer.
Application Layer Firewalls (aka Proxy Servers) provide the application control / content security / filtering / etc. Essentially they isolate the applications such as HTTP / SMTP, by terminating them locally and creating a new outbound connection.
Network Layer Firewalls (NLF) isolate your internal network from the Internet.
You need an NLF, only if you are "forced" to use a static IP, and you have data assets that are accessible from the outside world.
Most UTMs and such devices are essentially just "glorified routers", that are made to seem important because the vendors have to sell stuff. These are basically just a router + NLF + some basic opensource software for ALF. Some vendors will also offer basic traffic shaping features.
If you really need a traffic shaper, look for "traffic shaper"! They have nothing to do with a Firewall.

PeerSpot user
Related Questions
MA
Cloud Engineer at Inara Technologies
Jun 5, 2023
Hello community,  I am a Cloud Engineer at a small tech services company.  I am currently researching firewalls. Which solution do you prefer: Palo Alto Networks PA-3410 Firewall or FortiGate 601F? What are the pros and cons of each solution? Thank you for your help.
See 1 answer
Luis Apodaca - PeerSpot reviewer
IT Support and Network Admin at Escuela Carlos Pereyra
Jun 5, 2023
Hi Muhammad, You are telling us your company is small, but for choice active equipment you need to know how big the need for your client is, not yours. And also you may discuss if you are the provider of the tech service for management (local or remote), or if you're just going to provide the equipment for some internal IT by your customer.So, there are a few questions before choosing the Router/Gateway, but if you already have an answer for all that, I'll go for Sophos XG Firewall every time, if the customer can afford it or for smaller customer Ubiquiti Edge Infinity Router. Good luck
FM
Commercial Manager - Government at core tecnologia
May 16, 2023
Hello peers,  I am a Commercial Manager at a small tech services company. I am currently researching alternative firewalls for Hillstone. Which FortiGate firewall model can you replace with Hillstone? Thank you for you help.
See 1 answer
Bořivoj Tydlitát - PeerSpot reviewer
Chief Security Officer at The Mama AI
May 16, 2023
There is no simple answer. Like Hillstone, FortiGate firewalls are a line with a huge range of capabilities. Here are some ideas based on our experience: - Think about high availability? How stringent are your requirements? What would device reboot (minutes downtime), tripped circuit breaker (minutes to hours down), or hardware failure (days down or more) mean? Are you operating single or multiple installations? What is the availability of a replacement device? Based on that - are you considering a single device, a single device with a dual power supply, or a HA pair of devices? (We have quite good experience with a HA pair of 60F's.) - What are the Internet and local network connectivity requirements? Is 1Gbit Ethernet enough, or do you need 10Gbit? Will FortiGate serve as a router for multiple segments of your local network? That may mandate 10Gbit interfaces on the LAN side even where your Internet connectivity does not require that bandwidth. - Do you need a hard drive in the unit? Typically, it is used for local logging where remote logging options (FortiCloud, Syslog, etc.) are not practical or possible for technical, financial, or irregular reasons.  - Rackmount - do not worry too much about that - the low-end units (40F, 60F) are not rack-mounted per se, but you can get an original adapter kit or just use a shelf as we do. - Remember that the HW cost is just a fraction of TCO, the subscription being a substantial part. - On the HW capacity scaling - this one is tricky, as it heavily depends on the traffic patterns and on the depth of firewall scrutiny. Think more of the number of transactions (TCP connections, UDP "sessions") than the actual packet or byte rates. In our use case, it looks like the RAM is a more scarce resource than the CPU. FortiGate goes into Conserve Mode when hitting something like 75% RAM use, so it is a good idea to keep the normal usage around 50%. - If you are using a virtualized infrastructure, you may consider a FortiGate VM form factor. Or you can request a free trial VM (feature-restricted) or full-featured evaluation VM (available on request) and use it for evaluation. - Needless to say - FortiGate is a complex device with tons of features, and it has quite a learning curve. Additionally, some of the more advanced features are available in CLI only or have to be explicitly enabled to be visible in GUI. - One more piece of advice - be conservative about FortiOS (FG firmware) major/minor releases. New releases tend to be quite buggy and it is a good idea to avoid anything that ends with a patch level less than about 5-6. On the other hand, do apply security patches diligently, some of them close really critical holes. For example, we are on 7.0.11 firmware, even though 7.2.4 and now also 7.4.0 is out.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out what your peers are discussing and join in the conversation. Ask and answer questions on the topics that interest you most! Read and respond to articles or contribute your own! Trending These are the topics your peers are talking about on PeerSpot this week How do I estimate the requir...
See 1 comment
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Thank you to all the community members who share their knowledge with other peers! Also, special thanks to the articles' contributors included in this Community Spotlight: @Janet Staver, @Abhirup Sarkar, @Manoj Narayanan, @Beth Safire and @Shibu Babuchandran.
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 5, 2022
Dear PeerSpot community members, This is our latest Community Spotlight for YOU. Here we've summarized and selected the latest posts (professional questions, articles and discussions) contributed by PeerSpot community members.  Check them out! Trending See what your peers are discussing at the moment! What were your main pain points during the SIEM product purchase process? What...
EB
Director of Community at PeerSpot (formerly IT Central Station)
May 30, 2022
Hi peers, This is our new bi-weekly Community Spotlight that includes recent contributions (questions, articles and discussions) by the PeerSpot community members.  Articles Check the top products and solutions below (selected based on peer reviews) or contribute your own article! Top Security Orchestration Automation and Response (SOAR) Solutions Top 8 Data Loss Prevention (DL...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
RS
Performance and Fault-tolerance Architect with 1,001-5,000 employees
May 30, 2022
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Jul 11, 2022
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
EB
Director of Community at PeerSpot (formerly IT Central Station)
Aug 17, 2022
Community Spotlight #20
Hi dear community members, In this edition of PeerSpot's Community Spotlight, you can find out w...
Download Free Report
Download our free Fortinet FortiGate Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2023.
DOWNLOAD NOW
735,226 professionals have used our research since 2012.