Looking for a new router\firewall for our office (150mbps internet speed, 30 comps)

V

V4705

n00b
Joined
Jan 12, 2011
Messages
60
25 workstations, 5 servers.
150mbps internet speed, verizon fios.

this office provide services for multiple companies, we need a rock solid device, the most important thing is stability.

right now we're using ssg20, but it limiting us to around 55-60mbps internet speed.

our budget is $800 max, $600 approved already.

Many thanks!
 
V4705 said:
25 workstations, 5 servers.
150mbps internet speed, verizon fios.

this office provide services for multiple companies, we need a rock solid device, the most important thing is stability.

right now we're using ssg20, but it limiting us to around 55-60mbps internet speed.

our budget is $800 max, $600 approved already.

Many thanks!
Click to expand...

why such a low budget ?
 
For that budget, you're building your own pfSense system probably.

Firebox x750e running pfSense would work if you want to do with used hardware. I sell them to people all the time with almost the exact needs.

You could probably get a Lanner unit for $600 or so, tho.
 
Astaro might be able to get in that budget, easy to use and rock solid for me. I run as a VM and have no issue maxing my connection but thats only 35/35.
 
hmmm.. that's a hard nut to crack.


Zyxel USG 300 would probably work, as long as you don't turn on IDP or AV, but that's stretching it a bit.

I think the best fit for what you are asking for is a custom PFsense or Untangle box.

If you are looking for all the UTM features I'd suggest untangle.
 
pfSense. You're not getting anything with quality vendor support for less than $800 anyway, so you might as well roll your own and go with the best.
 
Thanks for the fast replies!

I actually using really basic features (network shaping, restricted ports by IP group and such).
My main focus is on stability and reliability, it will be unacceptable to lose internet connection "once in a while" until manually reset the router, or other stability issues (the whole office depend on internet connection, cloud apps, voip system and such).

What do you think about Cisco SA540?
Cisco 1921 might also be an option, but it's a bit higher than my budget.


Many thanks!
 
The reviews on the web say the SA 5xx series is unstable.
ASA5505 isn't going to make that level of throughput.

The 1921 may work, but that's not a UTM.

The only thing that fits here is a custom PFsense or Untangle box. Everything else limits his on one of his metrics.

The best non built yourself Untangle unit I saw was this: http://www.untangleappliances.com/next-gen-appliances/coming-soon-untangle-ng-25.html

But the Untangle subscription only is $432 per year.

Its $367 for the first year if you purchase the subscription upfront along with the device purchase.

That's $969 for the first year subscription included. and $432 each year following.

Me.... I'd probably purchase the NG25 hardware and upgrade to 4GB ram load PFsense on it.
 
Mackintire said:
The reviews on the web say the SA 5xx series is unstable.
ASA5505 isn't going to make that level of throughput.

The 1921 may work, but that's not a UTM.

The only thing that fits here is a custom PFsense or Untangle box. Everything else limits his on one of his metrics.

The best non built yourself Untangle unit I saw was this: http://www.untangleappliances.com/next-gen-appliances/coming-soon-untangle-ng-25.html

But the Untangle subscription only is $432 per year.

Its $367 for the first year if you purchase the subscription upfront along with the device purchase.

That's $969 for the first year subscription included. and $432 each year following.

Me.... I'd probably purchase the NG25 hardware and upgrade to 4GB ram load PFsense on it.
Click to expand...

Or if he's on a budget, just run the "free" version of Untangle on it if he doesn't mind supporting it himself. So only pay for the appliance. However....for 150 meg speeds he'll have to purchase the NG100 minimum. The NG25 (dual core Atom)....with PFsense..would be close to the 150 pipe speeds...last test I saw of PFSense on an Atom D510 with pair of Intel NICs I think it did about 140 megs.
 
CEpeep said:
pfSense. You're not getting anything with quality vendor support for less than $800 anyway, so you might as well roll your own and go with the best.
Click to expand...

Pfsense has paid support. And from what I hear is quite good.
 
jadams said:
Pfsense has paid support. And from what I hear is quite good.
Click to expand...

OK... I have a new plan.

Buy this: http://www.untangleappliances.com/next-gen-appliances/coming-soon-untangle-ng-25.html

Install PFSense on it.

Then buy this: https://portal.pfsense.org/index.php/support-subscription?gclid=CIyQlpj-tK4CFRIDQAodFG86Sg


Yes its $400 over your max budget , but look at what you are getting. AND its upgradable. If you need something more powerful you can upgrade your hardware without buying another device.
 
Last edited:
Thanks again for all the replies.

About pfsense\untangle:

1. I have i3-2100 w/ 4gb sitting over here, if I choose to go with pfsense\untangle I can get 2 gigabit cards for $70, would it be better\worst than those boxes you suggested?

2. Security-wise, what's the difference between pfsense\untangle and business hardware firewall (cisco/juniper and such), we do have competitors and it takes about 5 seconds to find our office IP, so I do, really, care about the security side.

3. Performance, how do I know what is the "firewall throughput" limit when I use a whitebox I build myself?
And generally what's your experience with those "OSs" in a business environment compare to basic hardware firewalls.



The Sonicwall also looks like a decent option,
What do you think about Juniper SRX210? kind of the same price. still under $1000.


About the budget, I can't do anything about that, it's not up to me and my managers rather stay with the one we have right now and be limited to 50-60mbps, than spending that money on a faster one.


Thanks again.
 
V4705 said:
Thanks again for all the replies.

About pfsense\untangle:

1. I have i3-2100 w/ 4gb sitting over here, if I choose to go with pfsense\untangle I can get 2 gigabit cards for $70, would it be better\worst than those boxes you suggested?

2. Security-wise, what's the difference between pfsense\untangle and business hardware firewall (cisco/juniper and such), we do have competitors and it takes about 5 seconds to find our office IP, so I do, really, care about the security side.

3. Performance, how do I know what is the "firewall throughput" limit when I use a whitebox I build myself?
And generally what's your experience with those "OSs" in a business environment compare to basic hardware firewalls.



The Sonicwall also looks like a decent option,
What do you think about Juniper SRX210? kind of the same price. still under $1000.


About the budget, I can't do anything about that, it's not up to me and my managers rather stay with the one we have right now and be limited to 50-60mbps, than spending that money on a faster one.


Thanks again.
Click to expand...


Id look at support for your untangle, say your box goes down in the middle of the night, can you call untangle ( if use free version ) and get support NOPE not unless yuo pay for it when your on the phone. can you call sonicwall / Juniper / cisco YES YES..

Might never need support, BUT if you do, then what ?

the stuff you listed would run pf & ut perfectly. Just make sure the network cards are "INTEL"
 
gimp0 said:
Fortinet Fortigate 60 C
http://www.fortinet.com/products/fortigate/60C.html

I used these at my previous job and liked them a lot.

There is an annual service fee on them to get virus definition, IPS, Anti-spam updates. That is unless they changed something since I have used them.
Click to expand...

it wont touch that kind of throughput though

I have one, and it struggles to maintain 25-30 with IPS and AV stuff running.
 
I might 'upgrade' to a 110 soon as we might go from 25/5 to 55/10 at the office and I dont want to be tunring off all the UTM stuff
 
I currently have a shitty sonicwall running with 2 wans at work. Sure i get support, but if it goes down mean it's dead support wont get me a new one overnight. My proposed new solution when we upgrade to new fiber uplink is 2 custom 1/2 size 1u boxes with pfsense. Dual WANs on both and instant failover when one box dies. Single point of failure is not a way to go if you have live servers running.

dashpuppy said:
Id look at support for your untangle, say your box goes down in the middle of the night, can you call untangle ( if use free version ) and get support NOPE not unless yuo pay for it when your on the phone. can you call sonicwall / Juniper / cisco YES YES..

Might never need support, BUT if you do, then what ?

the stuff you listed would run pf & ut perfectly. Just make sure the network cards are "INTEL"
Click to expand...
 
Pitbull said:
I currently have a shitty sonicwall running with 2 wans at work. Sure i get support, but if it goes down mean it's dead support wont get me a new one overnight. My proposed new solution when we upgrade to new fiber uplink is 2 custom 1/2 size 1u boxes with pfsense. Dual WANs on both and instant failover when one box dies. Single point of failure is not a way to go if you have live servers running.
Click to expand...

I haven't seen or heard of one failing, of course they can tho.

I did rip one apart that had a bad cap and it still worked, BUT the user had it directly plugged into the wall no serge bar or UPS.
 
if internet down time is not acceptable then you should be buying 2 identical devices, 2 ISP and configure auto fail over.
 
jadams said:
Pfsense has paid support. And from what I hear is quite good.
Click to expand...

Extremely good.

V4705 said:
1. I have i3-2100 w/ 4gb sitting over here, if I choose to go with pfsense\untangle I can get 2 gigabit cards for $70, would it be better\worst than those boxes you suggested?

2. Security-wise, what's the difference between pfsense\untangle and business hardware firewall (cisco/juniper and such), we do have competitors and it takes about 5 seconds to find our office IP, so I do, really, care about the security side.

3. Performance, how do I know what is the "firewall throughput" limit when I use a whitebox I build myself?
And generally what's your experience with those "OSs" in a business environment compare to basic hardware firewalls.
Click to expand...
pfSense Hardware Guide

IMO using your i3 and buying a pfSense support subscription and having them assist setting it up and evaluating your needs is going to get you a lot further than any other options here. All while meeting your requirements and having plenty of spare overhead if you choose to run additional features.
 
For high throughput and low budget, roll your own is the only way to go.

Most companies class their firewalls by throughput, so to handle a true 150mbps connection, you are easily in the 1k - 2k range (if not higher).

pfsense or untangle is the way to go.
 
Darthkim said:
For high throughput and low budget, roll your own is the only way to go.

Most companies class their firewalls by throughput, so to handle a true 150mbps connection, you are easily in the 1k - 2k range (if not higher).

pfsense or untangle is the way to go.
Click to expand...

NO way, you can build a firewall for cheaper than that for that kind of through put EASY!
 
dashpuppy said:
NO way, you can build a firewall for cheaper than that for that kind of through put EASY!
Click to expand...

You misread his post. He said if you want a good branded firewall that does 150mbps you will pay a lot, but you can build one much cheaper...
 
haunter said:
it wont touch that kind of throughput though

I have one, and it struggles to maintain 25-30 with IPS and AV stuff running.
Click to expand...

I second this....we have 3 locations each with fortinet F60C's.......they are struggling to keep up with 40 meg symetrical fiber pipes
 
I think I'll go with pfsense or untangled, at least at the beginning to check the option (anyway it only cost me around $150 for intel server network cards (I'm thinking to get the E1G42ET with 2 gigabit ports, that way I can use it for incoming\outgoing, and the integrated card will be for DMZ.

Now,
I'm still concern about:
2. Security-wise, what's the difference between pfsense\untangle and business hardware firewall (cisco/juniper and such), we do have competitors and it takes about 5 seconds to find our office IP, so I do, really, care about the security side.
Click to expand...

And I'm not sure if I should go with pfSense or Untangled.
I'm not looking to spend money on this project right now, just because I'm not sure if that's my final decision and I won't need my budget for a different purchase.

Which one offers more fully functionality for free? with Untangled I see I can get lots of "apps" for free, but most of them are lite edition and probably are not enough for most offices.

And from any other angle, from your experience, what's the big differences between those firewalls and hardware firewalls, and between those two options.


Many thanks!
 
I would suggest pfsense but I am bias'd, as a good friend wrote some of it but I nary hear a bad thing about it
 
You must log in or register to reply here.
Back
Top