I find it remarkable what a difference or spread of products there is between low to mid-priced firewalls/routers and the high end (Juniper, Cisco, etc.). It seems like beneath about $1500 but above about $500 there are a lot of pretty interesting devices out there that have the unified intrusion detection, anti-spam, anti-virus, content-filtering, active firewalls, and moderately sophisticated routing. They tend to be web-administered and are fairly intuitive for a non-networking person. Once you cross the bridge though to the higher-end devices they often become infinitely more cryptic, offer fewer services, and invariably require specific training or professional services. I've recently worked with products from SnapGear and SonicWall designed for 25 - 150 person organizations. Some products are even including built-in SSL-VPN services. I'm testing an SSL-VPN concentrator from Netgear right now, the SSL312 hardware appliance. It's a 25 concurrent user SSL VPN device and it's pretty straight-forward and reasonably elegant. There are no additional licensing costs and street price is around $300. I'm sure that in the next year or two we'll see fairly robust integrated devices with similar functionality.
I recently was asked to select and implement a new router-firewall for a client of mine in San Francisco. The criteria I used to select included:
- intrusion detection and automated blocking
- multiple external WAN IP addresses
- IPSEC, L2TP, and PPTP VPN services
- non-proprietary VPN clients (you'd be amazed how many this rules out!)
- web interface so I can show my client how to add services in case I'm not available
- subscription-based content filtering as an option
- included network utilization and intrusion detection reporting
- anti-virus capabilities
- anti-spam capabilities
- preferably based on open-source (i.e., Linux) with configuration files
- preferably with integrated SSL-VPN service but most won't be big enough for 20+ remote users
There aren't a lot of devices that meet all of these and for this client, it was down to the
SnapGear and the
SonicWall. SonicWall, like many vendors, has lots of additional options available but they add up quickly and they generally require annual renewal. They also use a proprietary VPN client instead of native clients (Windows, Mac, and Linux all have native VPN clients for PPTP & L2TP). I've used SnapGear products a few times over the past 5+ years and I'm still impressed. They don't have built-in
SSL-VPN but the reporting and reliability are really strong.
No comments:
Post a Comment