Please bare with me before we start the main content...
First, I would need your suggestion. Especially if you got hand-on experience with the following vendor products.
Second, If you could help list Pros and Cons for the suggested vendor/product, that will be great.
Third, prefer to not to make this to be a hugh feature comparison plus no personal attack plz (u know what would happen if someone saying others are better than Cisco here )
So here is what I need suggestion for: we are solely a Cisco shop when selling firewalls to customer, mainly SMB customers. Now we would like to expand our product offering portofolio on the network security side. So we wont stuck with one product(we had a really bad experience end last year of a particular Cisco product). After some digging, I narrow down to followings:
There is a big ISP re-selling juniper firewall here in town. So might not be a good idea to join fight with them...
So what is your suggestion? Maybe there are also other vendors/products I missed? Please keep in mind, our target market is mainly SMB.
Also from certification perspective, the value of the cert from vendor? I had CCSP (now called CCNP Security) but expired in 2010 ...
Checkpoints are solid. The only Enterprise worthy firewall. However since you focus on SMB's, they might be too expensive. Watchguards are junk. Fortinets are OK, Some others I have run into are Sonicwalls and Palo Alto.
We are Cisco shop right now for SMB firewalls. So we sell alot ASA.
I had bad experience with ISA550W. The software is buggy and support is slow...we eventually replaced it with 5505 for customer at our cost. I donot think ISA500 series page is still available now on cisco product page though...
I personally would argue that dedicated boxes will always be better than UTM but the market for all-in-one just bigger...
The Cisco Router with Security feature is always more experience than a ASA, isnt it?
IMO UTM is strictly a marketing term. In the real world I have yet to see a device that can do everything. A router is not always more money. For example an ASA5505 with unlimited users is more money than an 891 Security router. A 50 user license with Anyconnect is within a couple of hundred dollars of an 891. If you buy a 10 user count license, then the ASA has a lower cost. The nice thing about routers is that they have such a rich feature set. Features like DMVPN, QoS, AVC, Multicast, GRE, PBR, etc that ASA's can't do. The features in IOS should be an easy sell to the customer.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...