Hello peers,
We are looking for a firewall solution in Fortigate for a software training institution with 2000 students. Each student has one laptop and two mobile phones (maximum). There are four Internet connections, two broadbands, and two leased lines (optical fiber). There is no need for content filtering and application control. We need a solution for load balancing and traffic shaping.
Which firewall solution would you suggest our institution use?
Thank you for your help.
Ubiquiti Edge Infinity router, guaranteed. I am working in a school with exactly the same number of students and have never had a problem, the only drawback is that you must be a professional with routing knowledge, and the interface is not as friendly as other brands.
Besides that, any other options or functionalities are there.
pfSense is the best. We have used it in our organization for the last 7 yrs without any issues. The best part is that it is completely open source. You can download images for free and install them on any old machine having more than 1 lan card, it can do that amazingly.
I would like to suggest you use pfSense for all the above-mentioned activities. You can even filter your content with pfSesne but in restricted options.
Hello Gulzar, It depends on what kind of protection you want. pfSense is a layer3 firewall, where you'll be unable to filter applications properly, because applications like Facebook, Instagram, etc, are layer 7 applications.
By the way, the web proxy cache used by pfSense (for example) has a lot of known issues with https protocol filter. So, if you intend to have improved protection I recommend Sophos XGS Firewall.
We've been using Sophos UTM at a similar-sized school for the past 5 years, and it's been very good. But now they are stopping UTM development, so we looked at Sophos XG and Fortigate. Fortigate was slightly cheaper than Sophos (depends on your reseller of course). If you're in the UK, Smoothwall is also worth a look, it is specially designed for schools.
Untangle was born in the educational sector, and now it has been acquired by Arista in case you would like to check it out. Any solution is recommended, it all depends on the budget, you can also check pfSense which is free. fatpipeinc.com is a native solution for balancing WAN, VERSA for 8 wan, FortiGate, Sophos, VMware and Cisco are the leaders on Gartner. Greetings
Hi @Gulzar C , Some of the preferred solutions seen in educational institutes are mentioned below:
Default configuration of all standard routers does not allow incoming traffic.
Firewalls are broadly of two types - Network Layer and Application Layer.
Application Layer Firewalls (aka Proxy Servers) provide the application control / content security / filtering / etc. Essentially they isolate the applications such as HTTP / SMTP, by terminating them locally and creating a new outbound connection.
Network Layer Firewalls (NLF) isolate your internal network from the Internet.
You need an NLF, only if you are "forced" to use a static IP, and you have data assets that are accessible from the outside world.
Most UTMs and such devices are essentially just "glorified routers", that are made to seem important because the vendors have to sell stuff. These are basically just a router + NLF + some basic opensource software for ALF. Some vendors will also offer basic traffic shaping features.
If you really need a traffic shaper, look for "traffic shaper"! They have nothing to do with a Firewall.