Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsIT Pro and developersSecurity Firewalls

BTR



1477 posts

Uber Geek
+1 received by user: 433


Topic # 127196 2-Aug-2013 11:15
Send private message

HI Everyone

I am looking at options to replace a Sonicwall Firewall. This is to be used in an education environment and will need to provide content filtering and VPN access. The school has 3 full time IT staff so wants a solution that they can manage rather than something managed by someone else.

I have looked at the below brands


Palo Alto
Barracuda
Cisco Meraki




Feel free to give your recommendations

Create new topic
2522 posts

Uber Geek
+1 received by user: 937

Subscriber

  Reply # 870571 2-Aug-2013 11:26
Send private message

Without having any idea of the competency of the "3 full time IT staff", it's hard to recommend something they can manage. Something like a Cisco ASA 5500-series with a CSC module would be great, but might be over the top for your implementation.

What sort of throughput does it need to handle? How many concurrent VPN sessions? What are your reasons for moving away from your current solution?




Windows 7 x64 // i5-3570K // 16GB DDR3-1600 // GTX660Ti 2GB // Samsung 830 120GB SSD // OCZ Agility4 120GB SSD // Samsung U28D590D @ 3840x2160 & Asus PB278Q @ 2560x1440
Samsung Galaxy S5 SM-G900I w/Spark

8027 posts

Uber Geek
+1 received by user: 387

Trusted
Subscriber

  Reply # 870903 2-Aug-2013 18:35
Send private message

Why don't they take over management of the Sonicwall themselves?

3590 posts

Uber Geek
+1 received by user: 1320

Subscriber

  Reply # 871015 2-Aug-2013 22:36
Send private message

What's wrong with the Sonicwall? Perhaps just an upgrade.

Sonicwall even have software available specifically for the purpose of BYOD and content filtering. Pretty much aimed at schools. By no means cheap but bloody flash software.

2280 posts

Uber Geek
+1 received by user: 370

Trusted
Subscriber

  Reply # 871028 2-Aug-2013 23:35
Send private message

BTR: HI Everyone

I am looking at options to replace a Sonicwall Firewall. This is to be used in an education environment and will need to provide content filtering and VPN access. The school has 3 full time IT staff so wants a solution that they can manage rather than something managed by someone else.

I have looked at the below brands


Palo Alto
Barracuda
Cisco Meraki

Feel free to give your recommendations


I've just been through a firewall selection process for a service provider to replace a set of Check Points, which cost a fortune to run and have several limitations for SPs, and found the PA's nice to manage, although maybe not quite as easy to use as the Check Points with Provider-1, but they do tick all the boxes for a school environment. Just be prepared to empty your wallet like Kristen School did for theirs.

When it came to the Cisco offering everything we needed was 'we'll support that at a later date/next release', and their management GUI ASDM? was clunky in comparison, but perhaps OK for a limited ruleset or those who will only touch the CLI.

I never looked at Barracuda, however Fortinet's certainly come in at the right price and offer a great feature set. Management again isn't quite as good as the other, but it's getting better with every release. Would be worth your while giving them a look into.

Is there a pressing reason to drop the Sonicwalls or just scared Dell will destroy what was a good product?

3237 posts

Uber Geek
+1 received by user: 633

Trusted

  Reply # 871274 3-Aug-2013 17:17
Send private message

I use Kerio Control software program at a few companies for internet monitoring.

They have a firewall system, and walled garden that will integrate into your school active directory system with bandwidth accounting.

So basically when a user connects to the internet, they are asked for their windows username/password. Internet explorer will supply it automatically if the user is logged onto a school computer on the domain. SO this means you can easily just add open hotspots around the school for the kids to connect to, and the walled garden will pop up on their own devices asking them to login.

The firewall does its job

It has detailed usage monitoring - you can print off reports of large file downloads, websites visited etc

Set daily, weekly or monthly bandwidth limits per user. Eg. After 500 megabytes per day they get put into a slow user pool, that might share 1 megabit, or be cut off from the internet until the next rollover.

They have an active url based blocking system - that also has a category for proxies.
The url based system doesnt scan pages for bad words- it sends the URL to kerio's servers and a real person will check the website, classify it, and then put it into the database for future lookups.
So using it, you can block facebook, and websites that proxy facebook.
If a website is unclassified (not likley considering there are thousands using the system) then it will get classified within hours and you can choose to block it based on the category that the website fits into.

Oh it also has a built in antivirus system for http and ftp traffic.

It is licensed by per active user. So only people actually using the internet are counted as active users. You can set the timeout to be 1 hour so kids that are not in computer class at the specific time of the day wont count towards the license count.






Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here

BTR



1477 posts

Uber Geek
+1 received by user: 433


  Reply # 871411 3-Aug-2013 21:49
Send private message

The 3 IT staff are all fully competent and Sonicwall certified as well as other various industry and hardware certifications. The reason they are looking at moving away is the appliance has never worked properly from the start and there are now more issues. Some examples are.


* HTTPS websites are only intermitantly filtered. Some times forbidden sites are blocked and sometimes you can access them. (This fault has been there from the start)

* New firmware has now killed the forbidden URL list in the students content filtering policy and the result is students can now access all websites that were previously blocked. (Firmware was only upgraded two weeks ago)

* The appliance has now developed a fault that causes it to reboot every 2-3 minutes therefore internet has now become unusable (This only happened on Friday)


Also since the company has been acquired by Dell support has gone down hill.

Long story short a school needs rock solid content filtering and Sonicwall can't seem to provide that so they would like to get something else.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.