Looking to buy new firewall for small business

A

Aoreugif

n00b
Joined
Dec 3, 2008
Messages
11
Hi! looking to get the best Firewall for a Small business. We have about 55 workstations 1 SBS2003 (but will be upgrading to 2008 soon). I looked at Sonic & juniper firewalls but there is so many out there. right now we are running soothwall and my boss dont like the fact that its open source. Just wondering what you guys are running and if you like them. Also is there a firewall out there that can give me websites visited and by who?

Thanks for your time,
Craig
 
Take a peek at Untangle
Yes it begins with open source, but it's highly customized, starting with a free version, and they have special bundles and ala-carte packaging/pricing, support, etc.
Antivirus/antispyware/content filtering/spam cleaning/reports, etc.
 
pfSense. It's fantastic. And open-source. BSD Perimeter provides great deverloper-sanctioned paid support if you need it though.

If your boss is really that hardheaded though, the ASA5505 is pretty nice too. Per-user licensing for networking hardware really ticks me off though.
 
FYI, many organizations have policies that restrict the use of open-source software. It's not always about hard-headedness but often has to do with audit compliance. For example I am restricted to using only "approved" open-sourced based software within my customer's environment. I can't just grab whatever rpm or source code I like, compile it and stick it into production (or even the test environment for that matter).
 
mattjw916 said:
FYI, many organizations have policies that restrict the use of open-source software. It's not always about hard-headedness but often has to do with audit compliance. For example I am restricted to using only "approved" open-sourced based software within my customer's environment. I can't just grab whatever rpm or source code I like, compile it and stick it into production (or even the test environment for that matter).
Click to expand...

I'm the same way at my company, although i wrote the policy ;)

I do not allow any open source software to handle a critical role. Non Critical i'm ok with some of the time
 
k1pp3r said:
I'm the same way at my company, although i wrote the policy ;)

I do not allow any open source software to handle a critical role. Non Critical i'm ok with some of the time
Click to expand...

Sorry this is going to be rude, but that's pretty ass backwards in my book considering there is open source software out there that does a better job of some of the software you may be talking about in your policy.

Flame away... I'm sorry just had to put it out there.

Also I know there might be some policies out there for open source, but do take into consideration that some of these open source companies such as untangle sell you support directly for their software and if you look over their company information they are pretty reputable for their products.
 
calvinj said:
Sorry this is going to be rude, but that's pretty ass backwards in my book considering there is open source software out there that does a better job of some of the software you may be talking about in your policy.

Flame away... I'm sorry just had to put it out there.
Click to expand...

No need to flame,

If i put a piece of open source software in a critical role on a network, who do i call when it breaks? I generally don't deal with 15 person networks. I deal with multi location, 100 PC's plus. 3rd party support is HUGE and priceless

Edit, utangle i may trust, simple because you can get support through them
 
k1pp3r said:
If i put a piece of open source software in a critical role on a network, who do i call when it breaks? I generally don't deal with 15 person networks. I deal with multi location, 100 PC's plus. 3rd party support is HUGE and priceless
Click to expand...
You call the person you contracted to support the open source product you're using. Pretty much every major product either provides support directly or through third-party partners. Untangle and pfSense both included.

PS. How exactly do you audit software when you can't see the code? And what do you do when the vendor refuses to help you or gives you 'it might be fixed in a future version'?
 
keenan said:
You call the person you contracted to support the open source product you're using. Pretty much every major product either provides support directly or through third-party partners. Untangle and pfSense both included.

PS. How exactly do you audit software when you can't see the code? And what do you do when the vendor refuses to help you or gives you 'it might be fixed in a future version'?
Click to expand...

I think you missed my Edit, If there are support contracts available they the option may be considered. Why would i need to see the code, i'm not developer thats for darn sure
 
Look into Astaro. I believe it also started off as open source but is highly, highly customized.
 
Last edited:
keenan said:
PS. How exactly do you audit software when you can't see the code? And what do you do when the vendor refuses to help you or gives you 'it might be fixed in a future version'?
Click to expand...

Most people do not go in and modify open source code. The very fact it is open source doesn't even matter to most administrators - only that it is free. I always see that in the top 5 list of benefits of OSS. Of course, those lists are made by the OSS people themselves. Also, I can't tell you how many open source programs I've used over the years that the updates just.....stopped. Things get abandoned all the time. I've got too much going on than to decipher their spaghetti mess of code.

I have access to support at Cisco to get bugs fixed and features added in their products. I've done that several times over many years. It's no different than OSS/FOSS except they get paid to do it. And unless the company goes under, there is always somebody there to call.
 
Valnar said:
Most people do not go in and modify open source code.
Click to expand...
No, but you can go read it if you like. If you're auditing something for technical competence, security or anything else, I don't see how you could possibly do a reasonable job without access to the sourcecode. Some vendors will provide it under NDA, but likely only if you're big enough that they're willing to go to the trouble to get your business, which isn't most of us.

Also, if the code ever is abandoned, at least you have the option of continuing to use it and maintain it in house or hire it out, rather than abandoning the product entirely and incurring the cost of a new product, training, migration and so on.

But this is going way offtopic so I'll just say I think it's silly to make a decision solely based on whether something is open-source or not. There are legitimate advantages on both sides. IME as a small customer you're much more likely to get serious help leading to timely patches and bugfixes with an open source product than you are with a big commercial vendor.
 
On-topic: While there are tons of devices out there that can meet the OP's requirements I still favor Cisco as well for a variety of reasons. They aren't cheap or simple though. If you like flashy GUI's and colorful reporting tools look elsewhere.

An ASA with the appropriate license would work quite well.
 
keenan said:
No, but you can go read it if you like. If you're auditing something for technical competence, security or anything else, I don't see how you could possibly do a reasonable job without access to the sourcecode. Some vendors will provide it under NDA, but likely only if you're big enough that they're willing to go to the trouble to get your business, which isn't most of us.

Also, if the code ever is abandoned, at least you have the option of continuing to use it and maintain it in house or hire it out, rather than abandoning the product entirely and incurring the cost of a new product, training, migration and so on.

But this is going way offtopic so I'll just say I think it's silly to make a decision solely based on whether something is open-source or not. There are legitimate advantages on both sides. IME as a small customer you're much more likely to get serious help leading to timely patches and bugfixes with an open source product than you are with a big commercial vendor.
Click to expand...

I never been through an audit where the source code of any device was examined... just sayin'

I've been through so many audits I can't even count... Audits generally include interviews, providing piles of documentation, and running some scripts against your installed devices to check for things like weak passwords or ciphers, missing patches, etc, etc...
 
keenan said:
No, but you can go read it if you like. If you're auditing something for technical competence, security or anything else, I don't see how you could possibly do a reasonable job without access to the sourcecode. Some vendors will provide it under NDA, but likely only if you're big enough that they're willing to go to the trouble to get your business, which isn't most of us.
Click to expand...

My customers have been through SEC audits, With the recent Minn changes, trust me, they audit EVERYTHING, and Source code was never discussed.

It is just a rule of mine not to use OSS in critical roles. Now if you want to use a OSS pdf converter, i could care less. But if its critical (Network edge, Spam filtering, Mail server) any critical network component, its not going to be OSS.
 
Back on topic . . . .

Untangle and Astaro are awesome firewall/UTM appliances for the SMB market. Untangle is cheaper and easier to manage. If you just need a firewall and no web/spam filtering then just go buy an ASA5505 and be done with it.
 
Another thumbs up for the ASA 5505. Picked up a ASA5505-50-BUN-K9 and love it. You can add a SEC license to it if you want it to act as a UTM.
 
You must log in or register to reply here.
Back
Top