What product are you using for this sitiution?
-
I have been using m0n0wall 1.22 at several libraries to offer free public wireless access. 1 Linksys WRT54G setup as wireless access point plugged into OPT1 interface with only ports 80, 443 and 53 opened. Now I have a grant to setup public and staff wireless.for 8 library branches. I have talked to local vendors about this and they all recommend Watchguard or SonicWall appliances. As far as I can tell these products don't offer as many options as Monowall or PFSense and some require user licenses, subscriptions etc. If you had up to $1000 for each brnach to spend on a firewall (but nothing for recurring fees) would you buy a commercial product such as Sonicwall, buy Pfsense on an embedded platform (I am thinking Topell or Netgate right now) or run Pfsense or Monowall on a pc box? Please let me know of your experiences as I just got the grant ok'd and have to purchase shortly.
-
For sure I would not buy a commercial appliance, but I might be a bit biased here ;)
I would use m0n0 or pfSense. Depending on the environment I would use an appliance or standard pc hardware. standard pc hardware is easier to replace in case something of the hardware blows up where appliance hardware is smaller, maybe more noiseless or 19" rackmountable or uses less power depending what you go for. -
Of course vendors are going to recommend Watchguard, SonicWall, <insert big="" name="" $="" product="" here="">. I'm sure the vendor that recommended Watchguard is a Watchguard reseller and probably thinks the answer to "what firewall do I need" is always "Watchguard". Same for the vendor that recommended SonicWall.
Not that these are bad products, in some ways they're superior to m0n0wall and pfsense, in other ways inferior. But when you're a vendor that's tied into a specific product, every situation is a perfect fit for their specific product. As the saying goes, "when all you have is a hammer, everything looks like a nail."
Since you don't have money for recurring maintenance fees, and your $1000 per site budget is pretty limited for any commercial solution, I would recommend going open source. Otherwise come next year when you have to renew support on the commercial solution, you're not going to have the money, and therefore you're not going to be able to get software updates anymore. So you're going to be left with a product you can't update, potentially with security problems or other bugs you're not going to be able to fix. If you don't have a budget for recurring maintenance costs, you should not consider any commercial solution.
Just because you're getting my opinion here, and I'm a co-founder of this project, don't think you're getting a biased answer. :) I use commercial firewall solutions in some locations where it makes more sense for some reason, and open source in many other locations.</insert>
-
Thanks to both of you for your advice. I assume both of you do networking/security/firewalling pretty much full time. I think I will probably get the Topell. It is more expensive and has a fan, but it comes with a year warranty and they will sell me a longer hardware warranty. Most of the other stuff comes with 30 days or so. It would be nice just to buy 2 or the cheaper boxes for each location and have one for backup but that is not how the grant system works. If anyone has any experience or opinions about Topell I would appreciate hearing them. Thanks.
-
I purchased a TNet 1000 from them in October, no issues so far. Their support is good. To be fair I have only dealt with them twice.