Announcement

Collapse
No announcement yet.

Which UTM box is good?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Which UTM box is good?

    Hello,

    I am in process to purchase a UTM box for 230 user's.
    Main purpose is IPSec VPN + other features.
    I have 3 options.

    1. Fortigate
    2.WatchGuard
    3. Juniper

    Fortigate has highest numbe of ports which can be used as WAN or LAN
    WatchGuard has more features same as Fortigate
    Juniper is moduler and supports voice modules. I am talking about 300 series UTM box from Juniper.

    Which UTM box you people recomand?
    Anybody using Juniper UTM box? Is it user friendly?


    Ok then,
    Regards,
    Amey.
    All in 1
    Solaris,Linux & Windows admin + networking.

  • #2
    Re: Which UTM box is good?

    I don't know what your budget is and what you're looking for.
    Check Point has also nice solutions. Also I heard some great stories about Juniper although I never worked with it yet.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Which UTM box is good?

      Originally posted by Dumber View Post
      I don't know what your budget is and what you're looking for.
      Check Point has also nice solutions. Also I heard some great stories about Juniper although I never worked with it yet.
      My budget is around 13,000 US$ .
      We dont have Check Point experts in India.
      Juniper also dont have fast service support in India but recently they coming with new products and lots of advertisement in India.

      SonicWALL claims to have highest VPN through put speed i.e. in gigabyte.
      I don't know any tools which can determine current VPN through put of my VPN traffic.
      Do you know any tool ?
      Juniper claims to have 400 MBPS total VPN throughput in it's SSG 350 model.
      I am more of thinking to go for Juniper but as all know GUI and cli of Juniper is complicated. Designed by great people thats why may be.

      Regards,
      Amey.
      All in 1
      Solaris,Linux & Windows admin + networking.

      Comment


      • #4
        Re: Which UTM box is good?

        There are no check point specialists in India???
        Well, they have a good remote support however that won't help you out installing it.
        And what about ISA? What are your requirements?

        Maybe I should move to India. I'm Checkpoint certified
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Which UTM box is good?

          Originally posted by Dumber View Post
          There are no check point specialists in India???
          Well, they have a good remote support however that won't help you out installing it.
          And what about ISA? What are your requirements?

          Maybe I should move to India. I'm Checkpoint certified
          ISA 2006 ..Hmm I think I can't use 2~3 lines on single ISA server.
          And cost would go too high. And it'll increase administrative over head for sure.

          I just want to configure appliance once and for all. Not much everyday routing we do. In case of ISA i'll need to keep eye on windows server patches, ISA patches and blah blah blah ....

          I'll have 4~5 leased lines from multiple ISP's.
          Why not single ISP becasue project wise if client want dedicated bandwidth, we have no choice but to buy separate line from same ISP or from different so ultimately WAN IP pool gets changed.

          I really disappointed after reading ASA's technical brochure. Frankly Cisco is good in routing not much in security..

          All I want is good VPN throughput and policy based access control for AD user's.

          About CheckPoint ...I heard recently NOKIA acquired CheckPoint. Not so sure but its news that with combination of NOKIA appliance and CheckPoint software they stepping in to market with some new BLACKBOX .

          Cisco still holds some of 60% routing,security share in Asia Pacific. May be because support. I am gald to see Juniper in India these days.

          In India some specific companies have CheckPoint solution. But CheckPoint engineer charge like 500 US$ per call ....


          Regards,
          Amey.
          All in 1
          Solaris,Linux & Windows admin + networking.

          Comment


          • #6
            Re: Which UTM box is good?

            Microsoft will cost a bit more in management but I think it's one of the cheapest and a really strong solution...
            Cisco has very good security products. I don't know what you have read about the ASA but their are really good. Depending on your needs they will be more pricey.

            Nokia and Check Point works quite a few years intensively together and I really don't believe or heard that Nokia has bought Check Point. Combined it's one of the best firewall solutions out there. However It will cost you quite a lot. Nokia and Check Point are rather expensive.
            But, the Gui of of check point is really fantastic to manage.

            I don't know what an UTM-1 will cost but you might check it out if it suits your needs:
            http://www.checkpoint.com/products/utm-1/index.html

            But another question: what are your needs??

            I really need to move to India. I can make big bucks
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Which UTM box is good?

              Originally posted by Dumber View Post

              But another question: what are your needs??
              - Want 4~5 WAN ports [ configurable as WAN port or LAN port ]
              - Good VPN throughut [ I connect to 2 more offices via IPsec VPN. 1 office wihtin India and another in Canada. 60% work is done via VPN.]
              - Good policy based security [ I want to block all p2p and music, video's on user based policy, also want to add my Active Directory user's...I hate damn developers who everyday discover a new p2p software to kill my internet bandwidth.]
              - SSL vpn [ I dont need to install and configure Cisco VPN client any more on all laptops.]
              - QoS
              - Moduler [ So that I can add more ports later on ]
              - low cost SLA with 3 years package

              Above are the major concerns for me.
              I will have to add more ports in ASA to use more than 1 ISP I guess and additional module is expensive. My initial investment would go high in case of ASA.

              for ISA. Hmm I emphasis more on hardware firewall which has good chipset which controls ethernet ports at it's best !!

              I am not so aware of rack mount ISA server with good ethernet chipsets on it.
              Advantage of ISA would be I might get Intel processor powered ISA server. Once I saw ISA rack mount box, it had VIA processor.
              Last edited by sco1984; 9th October 2008, 10:14.
              All in 1
              Solaris,Linux & Windows admin + networking.

              Comment


              • #8
                Re: Which UTM box is good?

                If I read your requirements I personally would have a look at Nokia + Check Point.
                However, for VPN they have their own VPN client (securemote/secureclient)
                Nokia is modular. You can extend it with additional network cards. Check point is ease to manage and combined with a Check Point Smart Defense you got the best of both worlds. But it's very expensive and you might need to stretch your budget but I really think this is the best you can get.
                And the VPN throughput? How big are your Internet feeds?

                I can't decide for you but I would contact a Check Point reseller and a Cisco Reseller and let them explain to you why you should choose for their products.
                Marcel
                Technical Consultant
                Netherlands
                http://www.phetios.com
                http://blog.nessus.nl

                MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                "No matter how secure, there is always the human factor."

                "Enjoy life today, tomorrow may never come."
                "If you're going through hell, keep going. ~Winston Churchill"

                Comment


                • #9
                  Re: Which UTM box is good?

                  Originally posted by Dumber View Post
                  And the VPN throughput? How big are your Internet feeds?

                  I can't decide for you but I would contact a Check Point reseller and a Cisco Reseller and let them explain to you why you should choose for their products.
                  internet feeds = I can say 2 sites in India and 1 site in Canada. All 3 connected using IPSec VPN tunnel.


                  ASA dont have active active load balancing feature or QoS. In ASA, I can't use more than 1 internet link in active mode. Thats the draw back in ASA & also in SonicWALL.
                  All in 1
                  Solaris,Linux & Windows admin + networking.

                  Comment


                  • #10
                    Re: Which UTM box is good?

                    Sonicwall Enhanced OS. As far as im concerned this is one of the best security devices in the market and its ease of configuration is far superior to most of that proprietary nonsense with Cisco. Sonicwall also do a dedicated SSL-VPN box that works a treat alongside Viewpoint and the Sonicwall itself. The SSL-VPN is great because the authentication uses LDAP and can be tied in directly to AD making authentication from an end user experience completely painless.

                    Comment


                    • #11
                      Re: Which UTM box is good?

                      We are using Fortigate and its a very decent UTM device. Give it a thought.

                      Comment

                      Working...
                      X