Hi Guys,
I hope someone can give me some insight on this. One of our clients have a Telkom MetroLN VPN to 5 of their branches, which will soon be replaced with Fiber connectivity. As such, the branches internet will be open. All the branches currently connect to a SAP server in Germany, via another VPN, and then also some servers in JHB via the VPN.
I already have a MikroTik in HQ for routing everything and there's a Cisco Meraki firewall on the Germany VPN, which is managed by the German provider. I am not a Cisco engineer and never worked on one. But The Merkai demo seems fairly eary to use. And I do know some routing and have worked on MikroTik, Ubiquity, FreeBSD and Linux firewalls in the past. I have also worked on Cyberoam firewalls, which has now been acquired by Sophos.
The Cyberoam firewalls have Level 8 (user) filtering which is very nice.
As an alternative, I see Kerio firewall does the same. But the client is not prepared to pay this price.
So what alternatives do I have? Some options I have been considering are PFSense, Untangle, Endian Firewall, Smoothwall (have used this in the past), etc installed on an enterprise grade server like SuperMicro / HP / Dell (??) / Intel / etc?
Requirements:
- To security the network from the outside, and inside unknown threads
- To offer inter-branch VPN, compatible with a MikroTik at HQ
- To offer at least Layer 8 firewalling, i.e. block Facebook / Youtube / etc from certain employees, and throttle stuff like Windows / Android / IOS updates.
- Monitor network / bandwidth usage, both on the WAN (+ backup) and for individual users.
- WAN failover from the Fiber line to LTE (An LTE router would be fine). VRRP is probably not needed.
- VOIP passthrough / QOS
There is no proxy, and possibly no need for it. Nor is there a Windows Active Directory / Kerberos / LDAP server. I don't think this is needed at this stage either. They do use SAMBA though.