Wednesday, July 1, 2020

Using PFSense in a SMB environment

Hello,

I'm currently trying to find ways to save the company I work for some money so they can funnel the money elsewhere. It's a non-profit so every dollar saved helps.

One of the ways I want to achieve this is by switching from SonicWall to PFSense. We had SonicWall for years (YEARS. This is a surprising old company) because the MSP that works with us/me recommended them since the beginning. I talked with the guy and he said he recommended SonicWall because of reliability and because that's what they know best. However, times have changed and open-source seems to be on par with proprietary hardware/software.

Some info about the network:

  • Really basic. We have about ~60-ish computers. Some are shared, some aren't.
  • There's only ~40 people that actually use a computer regularly.
  • We have a "public" wifi network. "public" because it's only for employees. The APs are setup to not allow access to LAN resources.
  • 13 servers. 3 are exposed to the web. One is a web server, and the other 2 are app servers that are going to be killed soon.
  • No VLANS
  • A metric ton of IP cameras
  • In the future, we might be switching to a different PBX that would be on it's own dedicated network.

I want to make a case for switching to PFSense. By switching, I'm estimating over a 50% reduction in firewall/services cost. I'd get Netgate hardware along with one of the support plans they provide. But I know if I propose this to my boss and the higher ups, they will want evidence and whatnot. Some of their concerns will be:

  1. What's the reliability? We had sonicwall for years and it's never failed us
  2. What's the security like? We (seemly) never had a breach past spam email.
  3. What's the true cost?

My answers to those are as follows:

  1. Reliability is just as good, as it is with any hardware today. I've personally have a PFSense based box at home that's rocking 200+ days of uptime.
  2. Security is the same. I can get the Snort pro rules for $400 a year to provide the same coverage and security as the SonicWall is (possibly better?).
  3. Cost would be $800 a year (Snort + Support) + a one-time purchase of the hardware.

So my real questions are if I'm right about questions 1 and 2 and if you have any insights that will help (or deter) me.

Is reliability just as good? From my standpoint, this firewall is mostly a "set and forget" type of deal. The only reason I actually go into the current firewall is to look at the nice interface and experiment with a pet project. I've never run into a problem with anything where downtime was caused by a bug or weird behavior. All down I experienced was related to power issues or my own dumb fault.

Is Snort a good IPS with the pro rule set? Is it comparable with SonicWalls IPS? I want to say yes but I can't find any real solid proof, only claims. NSS Labs doesn't really report on anything with Snort specifically. But I know Cisco owns Snort so not sure if the Cisco points on the reports = Snort or not.

Thanks in advanced.



No comments:

Post a Comment