Recommended UTM/NGFW

219 views
Skip to first unread message

JB

unread,
Feb 20, 2016, 9:41:55 PM2/20/16
to security-onion
What UTM or Next Generation FireWalls do you recommend? Sophos or Sonicwall a better choice?

Thanks

Mark W. Jeanmougin

unread,
Feb 21, 2016, 10:20:13 AM2/21/16
to securit...@googlegroups.com
I used Palo Alto's a few years ago. They regularly failed at about
10-20% of their rated capacity, speed wise. Getting log data out of
their management console was very difficult.

MJ



On Sat, Feb 20, 2016 at 9:41 PM, JB <jonbrown...@gmail.com> wrote:
> What UTM or Next Generation FireWalls do you recommend? Sophos or Sonicwall a better choice?
>
> Thanks
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.

Josh More

unread,
Feb 21, 2016, 11:12:55 AM2/21/16
to securit...@googlegroups.com
I've used Sophos UTM since back when it was called Astaro.  The current SG line is quite good.  The new XG line is, however, buggy as hell.

I am not a fan of SonicWall.  I find it hard to configure properly and, as a result, most people who use them seem not to fully use their capabilities.

I used to like Fortinet, but getting good data out of them requires buying an additional appliance.  Also, I have heard from clients that their support has really dropped in quality in recent years.

Free/Cheap options include IPSense and Untangle.  Both are decent but not in the same class as the commercial offerings.



Lee Sharp

unread,
Feb 21, 2016, 11:49:57 AM2/21/16
to securit...@googlegroups.com
On 02/20/2016 08:41 PM, JB wrote:
> What UTM or Next Generation FireWalls do you recommend? Sophos or Sonicwall a better choice?

Why a "next gen" firewall? In most cases it is just sticking all of
your eggs in one basket. In the best cases, it requires multiple
baskets, but all have only one key.

I prefer separate purpose built tools for each component. SmallWall for
firewall, Barracuda for e-mail filtering, Squid and DansGuardian for web
filtering and cacheing, and SecurityOnion for IDS. This way a problem
in one does not effect the others, and you can grow only the parts that
need more growth.

Lee

Jonathan Brown

unread,
Feb 21, 2016, 2:01:18 PM2/21/16
to securit...@googlegroups.com
If the SonicWall is configured correctly assuming getting a CSSA or CSSP certification for it, would the sonicwall hold its own or be good as a sophos etc?

You received this message because you are subscribed to a topic in the Google Groups "security-onion" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/security-onion/LS6UiRCCoqY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to security-onio...@googlegroups.com.

Josh More

unread,
Feb 21, 2016, 2:05:11 PM2/21/16
to securit...@googlegroups.com
I personally wouldn't consider them equivalent, but I can't point precisely to why.  I may be biased just because I'm so familiar with the Sophos UTM.

A well configured SonicWall will certainly be better than a Cisco ASA or other traditional firewall.

-Josh

Lee Sharp

unread,
Feb 21, 2016, 2:41:50 PM2/21/16
to securit...@googlegroups.com
On 02/21/2016 01:01 PM, Jonathan Brown wrote:
> If the SonicWall is configured correctly assuming getting a CSSA or CSSP
> certification for it, would the sonicwall hold its own or be good as a
> sophos etc?

Configured, sized, scoped for growth, and not surprised by something new
growing is a spot night designed for it. (Like the explosive growth of
https over the last few years catching a lot of UTMs flat footed) And
with any of them, when you have too much load for one component, it is
either scrap the who thing and get a bigger one, or offload the
overwhelmed component to a dedicated box.

And if you are absolutely sold on the single vendor solutions, (wich I
am not) also take a good look at Fortinet. They have some sandbox
abilities that are interesting.

Lee

Jonathan Brown

unread,
Feb 21, 2016, 2:57:17 PM2/21/16
to securit...@googlegroups.com
I am starting a Managed Service Provider based company and would eventually like to move Into the Managed Security Service Business but the Sonicwalls offer a few courses to easily master it and they are cost effective. Basically my customers would be SMB based so they wouldnt have a large budget. I just want to offer a quality product without spending to much time before realizing its trash.

Josh More

unread,
Feb 21, 2016, 2:59:05 PM2/21/16
to securit...@googlegroups.com
For what it is worth, I have been removing Sonicwalls from previous MSSP's and replacing them with Sophos UTM's a lot in the last few years.

Sophos has a centralized UTM controller that you might want to look at.

-Josh

You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.

Shane Mullins

unread,
Feb 21, 2016, 6:04:44 PM2/21/16
to securit...@googlegroups.com
We use the Palo Alto.  I really like the PA.

Shane


On Sat, Feb 20, 2016 at 9:41 PM, JB <jonbrown...@gmail.com> wrote:
What UTM or Next Generation FireWalls do you recommend? Sophos or Sonicwall a better choice?

Thanks

Lee Sharp

unread,
Feb 21, 2016, 8:48:32 PM2/21/16
to securit...@googlegroups.com
On 02/21/2016 01:57 PM, Jonathan Brown wrote:
> I am starting a Managed Service Provider based company and would
> eventually like to move Into the Managed Security Service Business but
> the Sonicwalls offer a few courses to easily master it and they are cost
> effective. Basically my customers would be SMB based so they wouldnt
> have a large budget. I just want to offer a quality product without
> spending to much time before realizing its trash.

In that case, my initial suggestion makes even more sense.

SmallWall - Open Source and free. Just need hardware.

Dan's Guardian with Squid and Shala List - Open Source and free. Just
need hardware. More to fully use the caching abilities.

Barracuda E-mail filter - Only paid for product, but cheap and with good
service.

SecurityOnion - Open Source and free. Just need hardware.

This leave more of their budget for consulting services, and it is not
commodity knowledge that anyone can be hired for. But it if fully open,
so it makes them feel free. :)

But SonicWall can also be a solution. You are just giving more of the
pie to Dell, and they can find other SonicWall tecs...

Lee

Reply all
Reply to author
Forward
0 new messages