Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Hardware UTM firewalls for home and small business.
Message
<blockquote data-quote="MacDefender" data-source="post: 917000" data-attributes="member: 83059"><p>It's not cheap but it's one of the lowest cost UTM services out there. Meraki MX is about $1000/yr for the same set of features on their 450mbit appliance. IPS, AV, and web filtering requires constant updates (several a day) and you're protecting 20-50 devices behind a firewall.</p><p></p><p></p><p>Your distributor is correct in that the Fortinet box is not a VPN client. Its VPN does two things:</p><ol> <li data-xf-list-type="ol">Allow clients to VPN into the Fortinet box to get internal network access (dialup mode)</li> <li data-xf-list-type="ol">Connect to other VPN capable firewalls and route to those remote networks (site to site VPN)</li> </ol><p>The mode of operation you're looking for is being a VPN client and NATting all local traffic through that VPN connection, which is not something Fortinet supports.</p><p></p><p></p><p>Again, price-wise, you really do have to ask yourself if UTM is the right solution for you. I run a few servers at home and have a few dozen IoT devices, and I don't babysit any of them too regularly. I have had Cisco's IPS save my butt when I assumed my Windows Server automatically patched but a glitch caused it to not auto-reboot for a wormable vulnerability! But if you on the other hand just had 10 computers on your network and you can get a $100/yr family pack of Kaspersky on them, that might be a better way forward.</p><p></p><p>And please don't tempt yourself into thinking that grabbing a few dozen piHole blocklists from Twitter and messing around with open-source free Snort rules is going to be similar to a UTM in performance. A lot of the value-add in these UTMs is the fact that Fortinet has millions of customers and has fine-tuned all their rulesets for the right level of protection vs minimal false alarms. I've been there done that, and after trying that for a few years I happily pay for a professional company to do this work for me <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite116" alt=":D" title="Big grin :D" loading="lazy" data-shortname=":D" /></p></blockquote><p></p>
[QUOTE="MacDefender, post: 917000, member: 83059"] It's not cheap but it's one of the lowest cost UTM services out there. Meraki MX is about $1000/yr for the same set of features on their 450mbit appliance. IPS, AV, and web filtering requires constant updates (several a day) and you're protecting 20-50 devices behind a firewall. Your distributor is correct in that the Fortinet box is not a VPN client. Its VPN does two things: [LIST=1] [*]Allow clients to VPN into the Fortinet box to get internal network access (dialup mode) [*]Connect to other VPN capable firewalls and route to those remote networks (site to site VPN) [/LIST] The mode of operation you're looking for is being a VPN client and NATting all local traffic through that VPN connection, which is not something Fortinet supports. Again, price-wise, you really do have to ask yourself if UTM is the right solution for you. I run a few servers at home and have a few dozen IoT devices, and I don't babysit any of them too regularly. I have had Cisco's IPS save my butt when I assumed my Windows Server automatically patched but a glitch caused it to not auto-reboot for a wormable vulnerability! But if you on the other hand just had 10 computers on your network and you can get a $100/yr family pack of Kaspersky on them, that might be a better way forward. And please don't tempt yourself into thinking that grabbing a few dozen piHole blocklists from Twitter and messing around with open-source free Snort rules is going to be similar to a UTM in performance. A lot of the value-add in these UTMs is the fact that Fortinet has millions of customers and has fine-tuned all their rulesets for the right level of protection vs minimal false alarms. I've been there done that, and after trying that for a few years I happily pay for a professional company to do this work for me :D [/QUOTE]
Insert quotes…
Verification
Post reply
Top
