My consultant is proposing some species of Sophos UTM, which I can
purchase as hardware only, without an ongoing subscription service,
if all I want is ordinary router/firewall capability. (Subscriptions
are required for various add-on functions such as anti-malware
protection, a built-in VPN, and/or URL blocking, among other things.)
Does anyone have experience with Sophos devices?
Also, what would you recommend for a free (as in beer) VPN
application, so I can avoid paying a subscription for that? This
would only be used occasionally, to provide remote access to our
VMWare management software in the event of an emergency that prevents
me from physically reaching our building. (The consultant recommends
against installing the vSphere client on our RDP server as
dangerously insecure.) I know there are several out there. What have
you used and why have you used it?
Thanks very much for all of your responses so far. They've all been
useful in helping me to understand the "modern" state of routers and firewalls.
Ken Dibble
www.stic-cil.org
Which software router are you looking at? Coyote? Most of the
software routers I have used are no longer being supported or developed.
Nothing has been recommended by our consultants yet. I'm trying to
prepare in advance.
The choices in hardware router/firewall devices are not that great.
I've been using a Zyxel 1000G for a few years and it has been,
mostly, reliable. I've had it get wonky and require a reboot twice
in 6 years. The interface is very very different...completely
object-oriented. Fortunately Zyxel provides excellent tech support,
they'll even log in to your router and configure it for you if needed.
The CISCO was rock solid for quite a while. However, a couple years
ago its memory failed and was replaced with a used substitute. Since
then we've had to cycle the power on it about once every 2-3 months
to restore connectivity.
Its web interface is horrendously byzantine in terms of its
"security" features, which did not behave well in IE, and even worse
in Firefox. It could take 10-15 minutes of going through various
windows and resubmitting credentials before it would give up the
goods and show me something.
I don't think you'll run into any throughput issues with your load
on any device, or software-based system.
That's good to know.
Thanks very much, Mike.
Ken
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding
hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines,
and there can be at least that many people simultaneously using
the network and our 25 mbps synchronous internet connection
(including people hooking into our internet from smart phones and
tablets). Most servers, including the domain controller, are
virtualized and we are using a SAN for storage (two identical
Synology Linux NAS devices). We have a 10 GB switch for virtual
server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5%
per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a
firewall and we only rarely allow anything to punch through it.
The main exception would be our RDP server, which is in frequent
use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an
ordinary PC is likely to be slower than a dedicated hardware
device. However, is the difference so significant for a network
like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble
www.stic-cil.org
[excessive quoting removed by server]
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/34.AF.05528.17735785@cdptpa-omsmta03
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
