Question Firewall for ~ 50 users

[n3cw4rr10r]

Hey everyone,

Currently we are running 300/25 business internet from xfinity. Our current firewall which is a Netgear prosafe FVS318 which is a 10/100. We go from the firewall to a netgear prosafe unmanaged switch for 48 users which a giagabit switch. The firewall as you guys can see is a kind of bottleneck for us. The firewall config is set to allow one outside connection (remote service office) to remote in to a terminal server. I have attached an image of the same. I am looking for a gigabit firewall to do the same. So far i have found Netgear ProSafe FVS318g , FVS-336g, Zyxel (not sure which model), Meraki, Palo Alto PA-220 etc etc etc. . Some of these are subscription based, which we are not too keen into. Thanks for the help.

 

[danielmarshZYUK]

Hi,

From a Zyxel point of view you could look into the USG110 which would allow throughput of 450mb with all the UTM functions activated ( UTM functions such as AV/IDP/Anti-Spam this is an annual subscription). However there is no subscription required if these functions are not desired. It supports SSL/IPsec/L2TP VPN. It has multiple WAN ports for Load-Balancing and Failover to provide you with more resilience and reliability. You can find the data sheet for the device by following the attached link ftp://ftp.zyxel.co.uk/USG110/

Any problems please let me know.

 

[bill001g]

With rules this simple you might be able to use larger consumer router with a high clock speed processor. Maybe something like a asus 86u which has 1.8g cpu.

Commercial firewalls normally show how much bandwidth they can pass running firewall rules. Simple filters like you are using do not take much. It is some of the fancy content filter that takes a lot of power.

If cost is a major issue you could consider a dual nic pc with pfsense loaded. It does not take a very large machine to do simple filters. Most the pfsense images are fairly easy to install even for people with little unix background.

 

[n3cw4rr10r]

Hi,

From a Zyxel point of view you could look into the USG110 which would allow throughput of 450mb with all the UTM functions activated ( UTM functions such as AV/IDP/Anti-Spam this is an annual subscription). However there is no subscription required if these functions are not desired. It supports SSL/IPsec/L2TP VPN. It has multiple WAN ports for Load-Balancing and Failover to provide you with more resilience and reliability. You can find the data sheet for the device by following the attached link ftp://ftp.zyxel.co.uk/USG110/

Any problems please let me know.

Why not the VPN 50 or the VPN 100 models?

 

[digitalgriffin]

Hey everyone,

Currently we are running 300/25 business internet from xfinity. Our current firewall which is a Netgear prosafe FVS318 which is a 10/100. We go from the firewall to a netgear prosafe unmanaged switch for 48 users which a giagabit switch. The firewall as you guys can see is a kind of bottleneck for us. The firewall config is set to allow one outside connection (remote service office) to remote in to a terminal server. I have attached an image of the same. I am looking for a gigabit firewall to do the same. So far i have found Netgear ProSafe FVS318g , FVS-336g, Zyxel (not sure which model), Meraki, Palo Alto PA-220 etc etc etc. . Some of these are subscription based, which we are not too keen into. Thanks for the help.

This is a professional IT problem typically handled by enterprise hardware like cisco.

That said you can set up a pfsense box that can handle that traffic between you and the internet with 10gig cards or fiber (depending on your connection.)

To be honest you could set up managed 1 gb non blocking switch with a dedicated 10gb spi out port to your firewall. I would then load the add ins to see whos using the bandwidth to the net.

 

[n3cw4rr10r]

This is a professional IT problem typically handled by enterprise hardware like cisco.

That said you can set up a pfsense box that can handle that traffic between you and the internet with 10gig cards or fiber (depending on your connection.)

To be honest you could set up managed 1 gb non blocking switch with a dedicated 10gb spi out port to your firewall. I would then load the add ins to see whos using the bandwidth to the net.

I am the "IT" guy even though its not my primary role @ the company. I do the basic stuff when needed before we call in the "pros". The "pros" want to put us on a subscription and my boss is not going for it. So i am looking for a basic hardware firewall to replace the decade old one we have.

 

[USAFRet]

I am the "IT" guy even though its not my primary role @ the company. I do the basic stuff when needed before we call in the "pros". The "pros" want to put us on a subscription and my boss is not going for it. So i am looking for a basic hardware firewall to replace the decade old one we have.

pfSense or untangle on a standalone box.
ISP->router->pfSense box->rest of your network.

The "pros" want to put us on a subscription and my boss is not going for it.

How's your resume for when this goes horribly wrong?

 

[jsmithepa]

How's your resume for when this goes horribly wrong?

Dang bosses always going el-cheapo, cutting corners.

Joe, u know some IT stuff, here is more responsibility and btw leave your cellphone on in case the overnight guy runs into trouble (and don't even dare ask for a raise).

 

[AtkinsFriendly]

Gosh, don't make it difficult.. just get a Ubiquiti USG-US or USG-Pro and call it a day.