×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Firewall/Security Vendor Suggestion

Unanswered Question
Jan 7th, 2014
User Badges:

Hey,


Please bare with me before we start the main content...


First, I would need your suggestion. Especially if you got hand-on experience with the following vendor products.

Second, If you could help list Pros and Cons for the suggested vendor/product, that will be great.

Third, prefer to not to make this to be a hugh feature comparison plus no personal attack plz (u know what would happen if someone saying others are better than Cisco here )


So here is what I need suggestion for: we are solely a Cisco shop when selling firewalls to customer, mainly SMB customers. Now we would like to expand our product offering portofolio on the network security side. So we wont stuck with one product(we had a really bad experience end last year of a particular Cisco product). After some digging, I narrow down to followings:


Checkpoint

fortinet

watchguard


There is a big ISP re-selling juniper firewall here in town. So might not be a good idea to join fight with them...


So what is your suggestion? Maybe there are also other vendors/products I missed? Please keep in mind, our target market is mainly SMB.


Also from certification perspective, the value of the cert from vendor? I had CCSP (now called CCNP Security) but expired in 2010 ...


Thanks,

/S

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ed Willson Tue, 01/07/2014 - 18:53
User Badges:

I really like the Fortinet stuff. You get an unlocked product, and no nickle and dimeing for licenses. The big downside is that if you turn all the possibe features on it..Very Slow.

m1xed0s Wed, 01/08/2014 - 08:44
User Badges:

Thanks, I never worked on Fortinet stuff before but heard their hardwares are good.


I guess the box will run slow for all UTM if all features are turned on.

Collin Clark Wed, 01/08/2014 - 08:41
User Badges:
  • Purple, 4500 points or more

Checkpoints are solid. The only Enterprise worthy firewall. However since you focus on SMB's, they might be too expensive. Watchguards are junk. Fortinets are OK, Some others I have run into are Sonicwalls and Palo Alto.

m1xed0s Wed, 01/08/2014 - 08:46
User Badges:

After some deep reading online, Checkpoints and Palo Alto are both expensive and yes, you are right, SMB probabaly wont spend money on the fancy firewall. That why we are looking at watchguard...


I worked on couple of watchguards. The old ones are hard and funky to work with; the new ones are better now...

Collin Clark Wed, 01/08/2014 - 08:51
User Badges:
  • Purple, 4500 points or more

Have you looked at Cisco's SMB firewalls or the low end Enterprise ASA5505? Which one did you have a bad experience with?


http://www.cisco.com/cisco/web/solutions/small_business/products/security/index.html-tab-SecuritySolutions


In my opinion a router with security license almost always fits better than a traditional firewall. Do you always sell with UTM up front?

m1xed0s Wed, 01/08/2014 - 10:16
User Badges:

We are Cisco shop right now for SMB firewalls. So we sell alot ASA.


I had bad experience with ISA550W. The software is buggy and support is slow...we eventually replaced it with 5505 for customer at our cost. I donot think ISA500 series page is still available now on cisco product page though...


I personally would argue that dedicated boxes will always be better than UTM but the market for all-in-one just bigger...


The Cisco Router with Security feature is always more experience than a ASA, isnt it?

Collin Clark Wed, 01/08/2014 - 10:29
User Badges:
  • Purple, 4500 points or more

IMO UTM is strictly a marketing term. In the real world I have yet to see a device that can do everything. A router is not always more money. For example an ASA5505 with unlimited users is more money than an 891 Security router. A 50 user license with Anyconnect is within a couple of hundred dollars of an 891. If you buy a 10 user count license, then the ASA has a lower cost. The nice thing about routers is that they have such a rich feature set. Features like DMVPN, QoS, AVC, Multicast, GRE, PBR, etc that ASA's can't do. The features in IOS should be an easy sell to the customer.

m1xed0s Wed, 01/08/2014 - 12:12
User Badges:

I would have to agree with you however personal experience is Firewall is the term attracts SMB owners, not router...

Actions

This Discussion