I'm looking for a firewall to replace a WatchGuard Firebox that's about four years old. The WatchGuard works very hard, and we simply need something faster.
The firewall has about 5 active VPN connections, with one or two of them being reponsible for the majority of traffic, which is currently about 5 Mbps.
Can anyone comment on the Linksys RV082 and RV016 firewalls? I've read good things about them, but I'm a bit concerned that they may not be powerful enough.
We've been thinking about setting up a Linux or FreeBSD firewall, but really want to save the time for setting up and maintaining one. We would really like to have something flexible, reasonably fast (so it can keep up with a few years of increased traffic), and preferrably a user interface that's made for people who understand networking.
Just a link to some serious test would be appreciated!
Basically, I'm not 100% happy with the WatchGuard we have. We haven't ruled out WatchGuard for our next firebox, but these are the things we dislike (I'm sure many others have similar problems):
- The only user interface is a Windows application. I'd really prefer a telnet and/or web based interface.
- Related to the above: the Windows application is cluttered with small dialogs that are probably there to make configuration "easy", but that really makes it very hard to get an overview of the current configuration.
Maybe these have improved in later WatchGuard units?
We didn't buy anything yet, and well, that's what I meant when I said they might not be powerful enough. I've mainly looked at the price and put them in the "too cheap" category, but I don't want to rule anything out just because they are cheap... :)
Sure. There's also the V60L model, which is about 50% more expensive. Any experiences with that?
I can agree with that one, I would love to have a linux or HTTPS interface, but there is a lot that the Win based GUI does, and once you really understand it, it's clear and easy to see what's happening, at least for me, but I've installed and manage a lot of them.
I don't know what you mean by this, my units are not cluttered, no more than any other real firewall.
I've not needed any of the V series features, but I've installed a number of the X700, X1000, and X2500 this year and love them. The X1000 has better VPN performance than the V60L, you might want to look at it.
What WatchGuard firewall model are you currently using?
I don't know were your going to get that in any firewall appliance, at least none that I've seen. It's either open the rule box or scroll a lot in others.
The WG units run a modified BSD kernel if I remember correctly - and we have a generic rule set that we start with, but it's not a simple to read text file. I personally like appliances over a computer running BSD.
Because it's for the optional network I suspect, not just a DMZ, you can make it a DMZ if you want, but it's the same function as the Trusted (LAN) network. Many places don't just have a LAN/DMZ, the medical centers we design have several WG units, they separate different business units, and only the first inbound firewall really has a DMZ area.
If you get rid of your old WG unit, and it's still working, if it's at least a Firebox II unit, send me an email, I might buy it off of you, I need another one for my home.
What I mean is that in order to see all of the configuration, you need to double-click lots of things, open sub-dialogs, go through differrent tabs, etc. One could easily have a checkbox on some tab in some dialog that changes the configuration in an important way, and not see it. I guess that can be said about most Windows configuration software, but that does not make WatchGuard's any better...
I really feel a lot safer with a BSD or Linux script that sets up the firewall rules: a reasonably complicated configuration typically occupies only a few pages, separated into a few files, that can be printed, read, reviewed, etc.
I think a very good thing for a "user friendly" firewall would be if it had some means of printing the configuration into some human-readable report. No, not the one one gets when doing "dump configuration". :)
Other minor: Why don't they call DMZ just "DMZ"? In WatchGuard terminology its the "optional interface" which is just confusing.
I cannot find any information about the name in the user manual, or on the front of the unit, other than just "Firebox". I tried to get a look at the back, but I just could't squeeze in my head between the racks...