[geeks] Router / Firewall / Endpoint Thoughts & Ideas

Patrick Giagnocavo patrick at zill.net
Fri Aug 20 14:41:33 CDT 2021 

So the basic questions are, 

how many people's system to protect?  
Against what kind of threats? 
What is the amount of bandwidth you are wanting to put this device on?
How many site to site VPNs and what bandwidth do you need for that?

Assuming you have say 300Mbps coming in, you could handle that on pretty much any Xeon or i5 or higher CPU made in the last 10 years.

More users means more simultaneous connections, so, more to check and more RAM used on the firewall.

The kicker as I see it, is what kind of threats do you want to deal with?  If your users just need to be behind a firewall, then PFsense and done. 

If you or your boss however, want something that scans for harmful traffic, etc. then you either need to examine stuff like HAVP (http antivirus proxy), Suricata, etc. and get familiar with installing, configuring, and keeping it updated. Or maybe buy an off the shelf solution.

The Cisco Meraki's have licensing - you buy the hardware, then, you have to buy the licensing (which is time limited) to run the software.

MX67, about $500:

https://www.cdw.com/product/cisco-meraki-mx67-router-security-appliance/5255604#PO

Then you have to buy the license pack - there are different prices, different number of years, etc. 

e.g. 5 years is right about $1500:   https://www.cdw.com/product/cisco-meraki-advanced-security-subscription-license-5-years-5-years-e/5256306

Note:  Cisco will eventually End of Life a particular Meraki, and when your license runs out - the device is a brick and will not pass traffic. Pretty sucky IMHO.

You might call CDW and see if you can find a sales rep that knows something.

Cheers

Patrick



----- Original Message -----
From: "Mark Benson" <md.benson at gmail.com>
To: "The Geeks List" <geeks at sunhelp.org>
Sent: Wednesday, August 18, 2021 11:34:21 AM GMT -07:00 US/Canada Mountain
Subject: Re: [geeks] Router / Firewall / Endpoint Thoughts & Ideas

> On 18 Aug 2021, at 15:31, Patrick Giagnocavo <patrick at zill.net> wrote:
>
> As much as I hate Cicsco Meraki's licensing policies, where you have to pay
for license renewals,  you might want to check out their MX series.

Is there any way of finding out without talking to a CS rep? Because I spoke
to a CS rep and they recommended me something for 12 grand.

> I take it that OpenSense/PFsense won't do what you need?

I don't know, where's a good starting point to find out?

--

Mark
_______________________________________________
GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks

More information about the geeks mailing list