Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




98 posts

Master Geek


Topic # 86014 29-Jun-2011 16:18
Send private message

Hi guys,
I'm looking at purchasing a hardware firewall to protect our school from hacking attempts as we are going to be hosting some of our own content (website, moodle etc).

I am looking at the Fortigate 111c http://www.fortinet.com/products/fortigate/111C.html
has anyone had any experience with this product or share their experience with any other fortigate product.

I am also open to suggestions on alternative products.

Thanks,
-Alan

Create new topic
3774 posts

Uber Geek
+1 received by user: 217

Trusted

  Reply # 487483 29-Jun-2011 16:28
Send private message

Juniper, Watchguard and Sonic Wall are other brands that offer hardware firewalls. Juniper is on the more expensive side. The fortigate product you have selected above has nice specs and features. Having a antivirus subscription along with web filtering on the gateway is always a good idea.




Do whatever you want to do man.

  

25 posts

Geek


  Reply # 487494 29-Jun-2011 16:53
Send private message

Take a look to a Mikrotik routerboard, you can have a complete control of the network traffic with one of those...They don't have an antivirus integrated but it support layer 7 filtering that can help and they are really cheap compared with Fortigate. It's just another option to consider :)



 
 
 
 


4137 posts

Uber Geek
+1 received by user: 635

Moderator
Trusted
Subscriber

  Reply # 487498 29-Jun-2011 16:56
Send private message

I know the WatchGuard Fireboxes are very easy to configure and maintain - it's all gui based and it's easy to understand. I think the low end Fireboxes are pretty cheap too - with an annual maintenance/support contract that is renewable.

xpd

The Overrated Raccoons
8378 posts

Uber Geek
+1 received by user: 1106

Mod Emeritus
Trusted
Subscriber

  Reply # 487528 29-Jun-2011 18:31
Send private message

We use Watchguard Fireboxs at all our offices around the country for security and VPNs. Straight forward to setup and use. Just installed some of the newer XTM's, took a few mins to get head around the new setup but its great :)




XPD / Gavin / DemiseNZ

 

Home Of The Overrated Raccoons

 

 


2242 posts

Uber Geek
+1 received by user: 353

Trusted
Subscriber

  Reply # 487618 30-Jun-2011 00:29
Send private message

If you can stomach the price you can go with Check Point, undoubtedly they have the nicest UI and if needed there are a number of local support partners.

If you have a server lying around you can even get their virtual version (VSX) which allws you to turn any hardware into a firewall.

/I don't work for Check Point, but do manage around a dozen of them and they are pretty sweet devices, only rather expensive thought.



98 posts

Master Geek


  Reply # 487800 30-Jun-2011 12:33
Send private message

Thanks for all the responses.

I had also looked at the Watchguard XTM 520 but their $2k a year subscription fee was a bit offputting.

My plan is to use a dual firewall design with the hardware firewall acting as the first point of contact after the router and only allowing traffic to the DMZ followed by a backend firewall allowing only traffic from the DMZ into the internal network.

I have an old HP ML150 G3 which I was planning to install linux on and configure as a backend firewall however now I will look into both Mikrotik RouterOS and Check point VSX to install on that machine instead.

1881 posts

Uber Geek
+1 received by user: 627

Trusted

  Reply # 487828 30-Jun-2011 13:23
Send private message

I use Fortigate's in my employment on a regular basis and I've been pretty impressed with them.  Some of the bigger models are a bit more expensive than other options.

We also use Mikrotik's but more for their routing functionality.  We also recommend Mikrotik's to some of our customers.

If you'd like anymore details on how we use the Fortigates (features and their capabilities etc) feel free to PM me queries.




It looks like I'm using an adblocker. I should consider whitelisting Geekzone in my adblocker or a subscription. The Quick Reply box will appear for me when Geekzone is whitelisted. Hooray for me! If I want to reply to this topic I should click on Compose Reply.


8020 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 487962 30-Jun-2011 16:40
Send private message

Hmm about a year ago we got quotes for a new pair of firewalls.. looked at Cisco, Fortigate and Sonicwall they are all pretty good. Checkpoint was too expensive.

In the end we went with Sonicwall's due to the bang for buck factor.


63 posts

Master Geek

Trusted

  Reply # 488040 30-Jun-2011 20:02
Send private message

The FortiGate 110c (And 111 if you're looking for WAN Optimisation, Caching etc) are fantastic appliances. We (ICONZ) use FortiGate firewalls exclusively for customer firewall deployments.

Are you looking to put a firewall on the end of a Fiber/DSL circuit with just end-users behind it, or is this going into a colocated environment hosting servers?

A FortiGate will do dynamic routing with IPv4 and IPv6 if you're looking at going down a multi-homed or just redundant connectivity path. As with most vendors they do integrated WIFI for your office as well.

The most important thing I do recommend sizing for your needs. What type of circuit, total throughput for the 3-5 year life of the appliance and where you're going to to be physically mounting it are all important. We deploy mostly 60c, 110c and 200b appliances. If you're going to be doing anything "Smart" like AntiVirus/AntiSpam, Data Leak Prevention and Intrusion prevention or load balancing then talking to someone are all important. Feel free to drop me PM off list if you need any advice. 




I work for a Hosting Provider - But my opinions are my own.

84 posts

Master Geek
+1 received by user: 1


  Reply # 489228 4-Jul-2011 16:14
Send private message

MrAlan: Hi guys,
I'm looking at purchasing a hardware firewall to protect our school from hacking attempts as we are going to be hosting some of our own content (website, moodle etc).

I am looking at the Fortigate 111c http://www.fortinet.com/products/fortigate/111C.html
has anyone had any experience with this product or share their experience with any other fortigate product.

I am also open to suggestions on alternative products.

Thanks,
-Alan



If you are thinking of purchasing a firewall, I am sure you would also have considered cost of configuring, managing and updating it as well. Most of the (public) schools have limited funds and would like to keep their operating cost low. In today's world I would rather recommend a good Internet connection, with access to various hosted solutions, which would not be cost prohibitive for small business and not for profit organizations. There are many hidden costs of in-house hosting, most of it around managing it. If you have a strong IT team which manages the entire spectrum of IT, then go for any good firewall, else I would suggest using hosted platform.


PM me if you need any further information or would like to discuss further.


Sid     

15165 posts

Uber Geek
+1 received by user: 3949

Trusted
Subscriber

  Reply # 489237 4-Jul-2011 16:22
Send private message

Sonicwall make exceptional devices with the best support I have come across yet. They have everything on them including the content filtering and packet filtering and real time packet inspection etc. 24/7 support. $999 for the TZ100 roughly I think. The Fortinet stuff is great but the support is hard to get (though very competent when you do get through the rigmarole of giving them the info they want).

Zywalls are also excellent in my opinion. We have been selling a LOT of them over the last 10 years.

1943 posts

Uber Geek
+1 received by user: 127

Trusted

  Reply # 491501 9-Jul-2011 20:07
Send private message

MrAlan:
I have an old HP ML150 G3 which I was planning to install linux on and configure as a backend firewall however now I will look into both Mikrotik RouterOS and Check point VSX to install on that machine instead.

Maybe a BSD based firewall for your back end? I think pfSense has a pretty good reputation, with "features often only found in expensive commercial firewalls" if an appliance type of distro is suitable. It started in 2004 as a PC-oriented fork of the m0n0wall project.




Qualified in business, certified in fibre, stuck in copper, have to keep going  ^_^

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Mobile market competition issues ComCom should watch
Posted 18-Dec-2017 10:52


New Zealand government to create digital advisory group
Posted 16-Dec-2017 08:47


Australia datum changes means whole country moving 1.8 metres north-east
Posted 16-Dec-2017 08:39


UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.