I work for a tiny company. My main role is NOT network or IT-related, but I've been tasked with this project. We've used inexpensive consumer routers for NAT and simple firewalling. We do not have any internet-facing applications, no VOIP, no VPN, and I am not overly concerned about intrusion. When my boss goes on vacation, I open & forward a non-standard port for her to RDP to her desktop. While this has served us well for the past 15+ years (since before I started here), two things concern me:
1) accidental internal sabotage (employees browsing stupid sites or opening attachments).
2) BYOD. There are a handful of mobile phones and laptops that join our wireless LAN. My boss brings her (teen & college-age) kids' devices to work for me to maintain - yay security policy.
So I'm looking at next-generation firewalls. The features that I think will help with the above are: deep packet inspection / application-layer filtering, built-in AV & anti-spam.
The gap between consumer NAT routers and UTM/NGFW appliances is pretty big, in terms of deployment complexity and cost. It's been a challenge to find objective information on what to buy, which is the reason for this post...
First things first - do we need a NGFW? I think we'd benefit from having the extra filtering at the router. My boss agrees and is willing to pay for it (DIY is out of the question). But maybe just sticking with Eset on client machines is a better value?
Re: throughput. Our office has a 15/1 internet connection. Even the cheap Zyxel USG40 advertises 40Mb/s UTM performance, which should be plenty. So in my case, I think our primary issues are usability and cost. My thinking is that I should be shopping based on ease of configuration / maintenance and lowest annual AV/spam license subscriptions.
Juniper still sells the SSG-5, which is priced very reasonably. But it's EOL (support ends Jan 2020). There are loud criticisms of its replacement on Juniper's forums.
Our budget is around $500 for hardware. It looks like AV/spam definitions licenses are anywhere from $100-250 annually. Obviously we're looking to minimize the annual license costs as much as possible.
I'd appreciate any advice/feedback.
1) accidental internal sabotage (employees browsing stupid sites or opening attachments).
2) BYOD. There are a handful of mobile phones and laptops that join our wireless LAN. My boss brings her (teen & college-age) kids' devices to work for me to maintain - yay security policy.
So I'm looking at next-generation firewalls. The features that I think will help with the above are: deep packet inspection / application-layer filtering, built-in AV & anti-spam.
The gap between consumer NAT routers and UTM/NGFW appliances is pretty big, in terms of deployment complexity and cost. It's been a challenge to find objective information on what to buy, which is the reason for this post...
First things first - do we need a NGFW? I think we'd benefit from having the extra filtering at the router. My boss agrees and is willing to pay for it (DIY is out of the question). But maybe just sticking with Eset on client machines is a better value?
Re: throughput. Our office has a 15/1 internet connection. Even the cheap Zyxel USG40 advertises 40Mb/s UTM performance, which should be plenty. So in my case, I think our primary issues are usability and cost. My thinking is that I should be shopping based on ease of configuration / maintenance and lowest annual AV/spam license subscriptions.
Juniper still sells the SSG-5, which is priced very reasonably. But it's EOL (support ends Jan 2020). There are loud criticisms of its replacement on Juniper's forums.
Our budget is around $500 for hardware. It looks like AV/spam definitions licenses are anywhere from $100-250 annually. Obviously we're looking to minimize the annual license costs as much as possible.
I'd appreciate any advice/feedback.