Recommend a firewall (business use)
Discussion
I have a Dell Poweredge server running Windows Server 2012 (soon to upgrade to 2019) in a rack and currently only basic/software firewalls. The server hosts a website and FTP server with many clients connecting so figure I should probably get something a bit more serious in.
Any recommendations for something fairly simple to use?
Any recommendations for something fairly simple to use?
Edited by Tyndall on Thursday 26th May 14:13
Take a look at pfsense
You can either run it on netgates own hardware or pc hardware with additional nics if you have some spare or look on eBay/Amazon/alibaba for pfsense
The newer units offer intel I225-v nic’s which will do 2.5Gb/s
https://m.youtube.com/watch?v=bjr0rm93uVA
https://m.youtube.com/watch?v=wUcDg_ms0is
& this thread…
https://www.pistonheads.com/gassing/topic.asp?h=0&...
You can either run it on netgates own hardware or pc hardware with additional nics if you have some spare or look on eBay/Amazon/alibaba for pfsense
The newer units offer intel I225-v nic’s which will do 2.5Gb/s
https://m.youtube.com/watch?v=bjr0rm93uVA
https://m.youtube.com/watch?v=wUcDg_ms0is
& this thread…
https://www.pistonheads.com/gassing/topic.asp?h=0&...
A public facing FTP server? Ballsy.
I'd be making a regular backup of that server.
pfSense is a decent enough choice for a single device. If you ever expand have a look at Meraki, we dropped a much more expensive Firewall behind a customers Meraki cluster for a couple of weeks and the Meraki didn't let anything through.
I'd be making a regular backup of that server.
pfSense is a decent enough choice for a single device. If you ever expand have a look at Meraki, we dropped a much more expensive Firewall behind a customers Meraki cluster for a couple of weeks and the Meraki didn't let anything through.
A small Fortigate unit would be ideal. It has a simple gui and is fully featured. https://www.fortinet.com/products/next-generation-...
I don't work for them but do work for a company that supplies and supports them.
I don't work for them but do work for a company that supplies and supports them.
Tyndall said:
Any recommendations for something fairly simple to use?
Edited by Tyndall on Thursday 26th May 14:13
A few recommendations for pfSense here - and while it can be simple to use, I find it can get quite 'messy' once you start bolting on the free extras which look useful. It's incredibly cheap, flexible and powerful though, you just need a good amount of time to learn it's ways.
At my previous place we ditched pfSense - it was just a massive time sink for the team - and switched to Meraki (full disclosure, this was over 40-45 sites) and it was the best thing we ever did. Yes, Meraki is far more expensive, and if you stop paying for the licence, they're a brick - but they're just so, so easy to setup and use. Even our entry level tech guys could work on them. We made the money back 3-fold in time freed up for other stuff.
Downside to Meraki is, depending on your case, they can be lacking certain features...that simplicity does have a cost. Depends on your use-case. Either way, big fan of Meraki, as you can tell
Generally if you're a business and don't have teams of people who take a real interest in this stuff you're best served just spending a few quid on an entry level Fortinet or Checkpoint or whatever.
I've nothing against pfsense at all but "off the shelf" stuff will be much simpler to get support on and to find someone who can look after it for you if you need that.
I've nothing against pfsense at all but "off the shelf" stuff will be much simpler to get support on and to find someone who can look after it for you if you need that.
bhstewie said:
Generally if you're a business and don't have teams of people who take a real interest in this stuff you're best served just spending a few quid on an entry level Fortinet or Checkpoint or whatever.
I've nothing against pfsense at all but "off the shelf" stuff will be much simpler to get support on and to find someone who can look after it for you if you need that.
This would be preferred. Cost isn't a big concern, I'd like something that works and will be reliable without too much user input and not get in the way of high speed transfers etc (we upload/download 1-2TB a day)I've nothing against pfsense at all but "off the shelf" stuff will be much simpler to get support on and to find someone who can look after it for you if you need that.
Tyndall said:
This would be preferred. Cost isn't a big concern, I'd like something that works and will be reliable without too much user input and not get in the way of high speed transfers etc (we upload/download 1-2TB a day)
Always depends on budget and exact features required but broadly look at Checkpoint, Fortinet, Sophos, there are others but other than whatever the person doing it is familiar with there's probably not much between them from your perspective.Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff