Thursday, March 1, 2018

Need new network security gateway device

I'm not sure if this is the right place to ask.. We currently have a Juniper NetScreen-25 circa 2007 running v5 firmware and I really want to replace it with a new hardware firewall. Yes - I know it's old, but it has been the most reliable device, please don't berate me for not replacing it sooner.

It's configured with a WAN (fibre service from NTU), Private LAN (192.168.1.0/24) providing DHCP, Public LAN (203.x.x.x/29) and has a spare ethernet port.
There are 35 PC's, a few wifi portables and a few servers sitting on the private LAN. There are 5 or so servers sitting on the public LAN. We don't use much in the way of cloud hosting with the exception of Exchange Online for email.

There are many carefully configured in/out port-based traffic rules for both private and public LANs, 5 VIP rules (NAT port forwards) to the private LAN. It's screwed down pretty tight as far as I know and we have never had any breach.

There is no VLAN's, we don't use VOIP at the moment so there no QoS or PBR rules, and there are no VPN connections to or from the Juniper itself (just the SSTP to a Windows RRAS server on the public LAN).

With all of that out of the way - I'd like some advice on what device I should replace this with.

I'm not sure what the difference is between a Next Generation Firewall and a UTM appliance is. One of our external IT consultants uses WatchGuard FireBox devices with active subscriptions. Another uses CheckPoint. Obviously there's Cisco, Netgear, Fortinet, Sophos and so many others, but I'm also aware of other cheaper devices like DrayTek and Mikrotik that can use 3rd party services for security updates.

I want to replace the Juniper ASAP - I just don't know what is going to be best for our network and use case.

Budget is up to $3000 AUD for the appliance and maybe $700-$1200 per year for the updates subscription if required.

Any advice or opinions?



No comments:

Post a Comment