Question

Locked

Which hardware firewall for my network?

By cloud81 ·
Hi everyone, I'm thinking to buy a hardware firewall for my network, I have to substitute an old Fortigate FW with a new model but it seems that the one that I would like to buy has a "Firewall throughput" value smaller than the one that I actually have.
Since I don't have a software solution to monitor traffic and bandwidth inside my network I guess if there's a solution for me in order to do the right choice for my network.
Is there something inside Fortigate FW that should point me in the right direction or should I install some software to do network troubleshooting?
Many thanks,

Claudio

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Hardware Firewall

by drew26 In reply to Which hardware firewall f ...

Claudio - couple of questions:
Why do you need to replace your firewall?
Is it dead?
Out of warranty?
Or has your network outgrown the capabilities of your existing FortiGate?

To that point, your "network" isn't even vaguely described.
Is it a home network?
SOHO?
Large office?

How many users on-site?
Off-site VPN users (if any)?

What is the capacity of your Internet connection?
Internet service type (DSL, FTTH, MetroEthernet, CableModem, ISDN?)

How many discrete zones do you require?
Do you need WAN redundancy?

Do you require the FortiGate subscription options (A/V, IDS/IPS, Content Filtering)?

Does the device need to support HA?

What is your budget for hardware replacement, extended warranty, and subscriptions?

Have you considered open source alternatives? For example - in my small business office, I use a pfSense firewall that I built on a barebones SBC I purchased at AliExpress for less than $150 - fanless, small form factor box, dual Gb Ethernet (Intel) and a Celeron class CPU. I added an IBM SATA II 30GB PCIe SSD ($30 on eBay) drive for a boot disk and local syslog; and 4GB of 1033 SDRAM ($40 on Amazon).

With 4 office PCs going full-tilt boogey, and INSIDE traffic segmented via VLANs on an enterprise class switch such that all traffic flows through INSIDE zone-to-zone traffic passes through the firewall; AND a 'household' VLAN for 'recreational' network usage (On-Demand video, kids' online gaming, etc.) CPU and RAM utilization on the box rarely exceeds 20%-30%...it's not even working up a sweat.

Our broadband service is 50Mb/10Mb (down/up) - and we use a lot of it during working hours.

pfSense is ULTRA configurable and extensible...via the Admin GUI you can install 100's of stable optional packages - caching DNS, Snort (with paid subscription offerings around A/V, IDS/IPS, website blacklisting, anti-spam filters, etc - every bit as robust as Fortinet's) - some require a bit of configuration before you can start their related services - but again, if you're a FortiGate admin, none of it should give you too much trouble.

And to answer your last question regarding traffic metering / monitoring - there are plugins for that too that present nice dashboard-type graphs of utilization, events, etc.

Online help is plentiful at pfsense.org - and if you do need professional help, there are paid options to get install / config support from the dev community at reasonable hourly rates.

Good luck!

Collapse -

FortiGate firewall

by cloud81 In reply to Hardware Firewall

Hi drew26,

I need to replace my firewall cause the license is expiring and I would like to catch the opportunity to buy new hardware.
My network is a large office and I have multiple users and some servers, even some VPN users.
I have a 20 MB internet connection DSL. What is discrete zones? I don't need WAN redundancy and I need the FortiGate subscription options, no need for HA. I don't have a specific budget but I don't want to waste money. I'm considering pfSense as an alternative but since I have to make a choice in a few days I don't have time to study pfSense so I would like to choose a new FortiGate (100D or 200D model) but I'm afraid of "Firewall Throughput" value, I would like to understand if the new hardware could support my network traffic. Anyway thanks for your great suggestions on pfSense, I will for sure take a look at it, for now I'll try to add plugin for monitoring bandwidth usage into my FG dashboard.

Collapse -

Which hardware firewall for my network?

by maxistress In reply to Which hardware firewall f ...

I am a sysadmin for a 3 office accounting firm and in all 3 offices, plus my home I use Smoothwalls. All you need is an old computer you can put 2 network cards in, download the free software, burn the CD, put it in the drive and reboot to it (of course, some hardware configurations may take a few more steps than this but there is plenty of help on the website). It totally wipes the drives and takes it over as a very nice firewall.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums