$500 or so small business firewall/VPN recomendations?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Evan55

New Around Here
Hi,
We are ditching our old cisco firewall due to it being unsupported and having the worst SSL VPN in the history of the universe.

The replacement that the IT guys suggested (tranlastion: the sales guy suggested) is the Cisco ASA 5505 released in 2006 and still has the same crappy ssl vpn implementation as our other one as far as I can tell.
I pointed that out and they said 'ok give me a better option',
Im a software developer so I dont keep up as much on this kind of networking hardware so Im hoping I can get some good advice here.
Budget has been approved at around $500 - $1000. (should come in at about $110 including a PoE switch but might not need the switch if enough ports)

Usage, (aside from the firewall), is VPN, probably around 5 or less but never more than 10 concurrent users, and most of them using remote desktop across the VPN. SSL VPN is preferred as long as its reliable and up to date, but we arent against using locally installed client software in the case that is better.

Being a business, and must be a shrink-wrapped product from a reputable manufacturer. The more well known the better (for managements sake)

thanks ahead of time for your help.
 

newjockey

Occasional Visitor
I know this isn't a "shrink-wrapped product from a reputable manufacturer" but I recently switch from a Linksys/Cisco Small Business VPN Router to IPFire. It is a linux firewall distribution. It ended up costing me only my time to install and set up, as it went onto an unused PC. I tried pfSense as well (arguably a more recognized firewall distribution) but could not get it to work with the hardware I had available. In the end, I'm very happy with IPFire. It has built in IDS, and IPS was a few clicks away by installing the Guardian package. Very simple to set up. OpenVPN was incredibly easy to set up as well. IPFire has it mostly pre-configured. All you have to do is generate certificates, turn it on, and generate client packages. Install OpenVPN client on the machines you want, import the package that IPFire spit out, and you're up and running. Frankly, I was shocked at how easy it was to set up OpenVPN. It certainly helps when the server is pre-configured :)

Performance-wise, the VPN was able to sustain 5Mbps of my home's 7Mbps upload speed, whereas the previous device (RV042) topped out at 2Mbps. The box I have it installed on has a 2.6Ghz Ivy Bridge Celeron and 4GB ram, and load is nearly zero while memory usage is <400MB.

If you don't have a spare machine, you can easily buy/build one for under $500. Anyhow, just thought I'd throw that out there.
 
Last edited:

jdabbs

Super Moderator
Hi,
We are ditching our old cisco firewall due to it being unsupported and having the worst SSL VPN in the history of the universe.

The replacement that the IT guys suggested (tranlastion: the sales guy suggested) is the Cisco ASA 5505 released in 2006 and still has the same crappy ssl vpn implementation as our other one as far as I can tell.
I pointed that out and they said 'ok give me a better option',
Im a software developer so I dont keep up as much on this kind of networking hardware so Im hoping I can get some good advice here.
Budget has been approved at around $500 - $1000. (should come in at about $110 including a PoE switch but might not need the switch if enough ports)

Usage, (aside from the firewall), is VPN, probably around 5 or less but never more than 10 concurrent users, and most of them using remote desktop across the VPN. SSL VPN is preferred as long as its reliable and up to date, but we arent against using locally installed client software in the case that is better.

Being a business, and must be a shrink-wrapped product from a reputable manufacturer. The more well known the better (for managements sake)

thanks ahead of time for your help.

The Cisco VPN client was phased out in favor of the Anyconnect client a few years ago. We have a few hundred users running the client with a minimal support burden. Anyconnect works, and when it doesn't, Jimmy's home PC with 3 AV clients installed is generally to blame. ASA is a good choice as long as you have someone capable of managing it. Don't know how long the 5505 has before it is EOL'd, though.
 

Evan55

New Around Here
The Cisco VPN client was phased out in favor of the Anyconnect client a few years ago. We have a few hundred users running the client with a minimal support burden. Anyconnect works, and when it doesn't, Jimmy's home PC with 3 AV clients installed is generally to blame. ASA is a good choice as long as you have someone capable of managing it. Don't know how long the 5505 has before it is EOL'd, though.
Ah I see, that makes more sense. Our current VPN box doesnt support anyconnect unfortunately.
Though from the review of the cisco rv320 here on SNB it looks as though cisco is still using the same SSL client that doesnt work on so many platforms.

IT (and sales) has backed off on the 5505 and agrees its too old...

After doing way too much research while I should be coding, it appears the ZyXel ZyWALL 110 fits the bill perfectly, unfortunately management vetoed that option because they didnt like the brand....
The ubiquiti edge pro looks pretty fantastic but the IT guys arent going to want to do CLI configuration.

Any other good VPN/Router/Firewalls that compare in performance to the zywall?
probably overthinking it, but the big name brand performance just seems to be poor for the money
 

jdabbs

Super Moderator
Fortinet is highly regarded, but I don't know how good its VPN client software is. I'd ask around.
 

Perry Rhodan

New Around Here
I would have a look the Watchguard XTM 33, good SSL VPN with many other features. They offer discount when you switch from another device so you could get a very good deal on this.

I run a couple of those between 2 locations with a dedicated VPN tunnel between as well as 5 to 10 SSL VPN at one of the sites. Rock solid and nobody ever complains about performance.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top