Page 1 of 7 123 ... LastLast
Results 1 to 10 of 65

Thread: Is it worth it?

  1. #1
    Untangler devlin7's Avatar
    Join Date
    Apr 2009
    Posts
    52

    Default Is it worth it?

    Hi,

    I have been tinkering with all the open source Linux firewalls over the past 6 months looking for a cheaper alternative to our aging Sonicwall Pro. The Sonicwall is costing us a bomb to keep running and I figured there must be something that will do the trick for less. It seems to me that PFsense is a brilliant firewall but gone are the days where a firewall provides enough protection to keep the outside world nasties out. A firewall now needs to be a UTM. Pfsense doesn't provide antivirus although someone is working on HAVP package.

    We are a school and when I looking at licensing for 1500 users the cost instant rules out products like Astaro, Endian, ...and practically all the other Linux based packages out there [and there are a lot of them]

    Untangle has all the feature I need and then some, the only downside being that you need a pretty powerful box to run it on without getting performance issues or worse behavioural issues where things are blocked when they shouldn't be or worse vice versa.

    So I have Untangle working perfectly in bridging mode in behind my existing firewall. I have to run Untangle in behind our Sonicwall because Untangle doesn't currently doesn't support load balancing. It is running on a $1000NZD computer so it is certainly cheaper than running the secuirty package on the Sonicwall. However, when I look at taking the Sonicwall out completely Untangle is not an option anymore. Our Sonicwall authernticate VPN users against a radius server. I would need to buy the Untangle AD package to achieve the same sort of security. I would also need to purchase the policy manager and support. Suddenly the Untangle box is more expensive to run than a new Sonicwall device that does everything except spam filtering.

    DOn't get me wrong, Untangle is a great product but even with the Educational package it is simply too expensive. The only way I can get around this is to run Untangle behind pfsense.

    Has anyone got any suggestions on providing security on a shoestring budget?

    [Please note I am not knocking Untangle, all opensource / Linux firewall distros fall into the too expensive basket when you start working with 1500 users]

  2. #2
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,372

    Default

    I'm not sure what sonic wall model your thinking about using, but untangle offers the Epack for schools, which gives you the pro pack and esoft for unlimited seats for $1695. You get all your asking for, plus spam blocking for under 2 g's. I'm not sure what world your from, but in my world, if you can get all the security untangle offers, plus esoft and spam blocking for 1500 users for under $2000 in license fees, you did a really good job. I'm not knocking you, but what kind of security do you expect to get for less?

    Untangle:
    Appliance from me: $1300.00
    Epack: $1695.00
    Bottom line: $2995

    Sonic wall with similar features
    Sonicwall NSA240: $1195
    Sonicwall NSA 240 TotalSecure Appliance Bundle: $1770
    - 1-Year Gateway Anti-Virus, Anti-Spyware and Intrusion Prevention Service
    - 1-Year Content Filtering Service (Premium Edition)
    - 1-Year 24x7 Support and Viewpoint Upgrade

    E-mail Security 500 Appliance: $3995
    E-mail Protection Subscription and 8x5 Support -1,000 Users - 1 Year: $4400
    E-mail Anti-Virus (Kaspersky and SonicWALL Time Zero)- 1,000 Users (1 Year) $2100
    Bottom line: $13,460.00

    Your telling me that untangle is too expensive? The sonic wall hardware I referenced above is what you would need to effectively run a network your size, with the same features as untangle.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  3. #3
    Untanglit
    Join Date
    Apr 2008
    Location
    Colorado
    Posts
    29

    Default

    We replaced a old PIX with UT in transparent mode behind a PFSense box. The PFsense does the dual wan and untangle filters all the nasties. Seems this setup spreads the load with the PF taking the brunt of the attack and the UT focusing on filtering.

  4. #4
    Untangler devlin7's Avatar
    Join Date
    Apr 2009
    Posts
    52

    Default

    Hi Zcubed - are you running PFsense and untangle on physical boxes or virtually?

    Hi Proactivens

    Thanks for the feedback. I guess I missed a few things in my first post.

    Firstly, I don't want any web filtering. We find OpenDNS does the job. We also don't need antispam as MailMarshal is $2 a mailbox a year for the education sector.

    The Sonicwall NSA240 is $4200 and includes one year comprehensive security services [g/w av, g/w anti spyware, ips and web filtering]

    It then costs $722 a year for the g/w av, ips and gw antispyware.

    Granted it will cost $2000 for VPN access licenses which is excessive.

    I would run AV on my clients regardless of how good the AV at the gateway is because you still need to stop viruses on cd/usb/external laptops.

    When you factor your Untangle prices are they in USD?

  5. #5
    Master Untangler MikeTrike's Avatar
    Join Date
    Feb 2009
    Location
    San Antonio
    Posts
    367

    Default

    Yes those would be USD.

    Also, to answer your question, yes! Untangle is worth it.
    Dude, Where's My Car?

  6. #6
    Untangler devlin7's Avatar
    Join Date
    Apr 2009
    Posts
    52

    Default

    Untangle is currently sitting on a Dual core [2.7GHZ] processor with 3 Gb of RAM. Web filter is disabled, and the internet doesn't respond with 40 users active. THen moments later it is working normally again. What causes these unresponsive lags?

  7. #7
    Untanglit
    Join Date
    Apr 2008
    Location
    Colorado
    Posts
    29

    Default

    Physical boxes. I got two HP servers for what one Multi-WAN capable firewall alone would have cost. We are using the open source UT, but are looking to pay for the pro package. PFSense is easy to setup and has lots of features.

  8. #8
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Quote Originally Posted by devlin7 View Post
    Untangle is currently sitting on a Dual core [2.7GHZ] processor with 3 Gb of RAM. Web filter is disabled, and the internet doesn't respond with 40 users active. THen moments later it is working normally again. What causes these unresponsive lags?
    could be anything. install attack blocker, check free memory and cpu load (not % utilization)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Untangle Ninja proactivens's Avatar
    Join Date
    Sep 2008
    Location
    Greensburg, Pa
    Posts
    2,372

    Default

    Quote Originally Posted by devlin7 View Post
    Untangle is currently sitting on a Dual core [2.7GHZ] processor with 3 Gb of RAM. Web filter is disabled, and the internet doesn't respond with 40 users active. THen moments later it is working normally again. What causes these unresponsive lags?
    Untangle wont run on just anything. Your cpu and memory look good, so its most likely your network cards that are causing the drops. You need to use good server network cards.
    www.nexgenappliances.com
    Toll Free: 866-794-8879
    UNTANGLE STAR PARTNER
    Follow us at spiceworks!

  10. #10
    Untangler devlin7's Avatar
    Join Date
    Apr 2009
    Posts
    52

    Default

    Network cards 2 x gigabit Intels

    FREE MEMORY 2437mB
    no swap files
    378000 pageins
    3456737 pageouts
    119287324 pagefaults
    load average .56,.55,.47

Page 1 of 7 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2