Firewalls

This document provides some resources on firewalls including terms, features to look for, and vendors.

Terms Not Defined Elsewhere

  • Stateful Firewall – Inspects protocols.
  • Next Generation Firewall – Inspections applications.

Vendors

  • Astaro
  • Check Point Software
  • Cisco Systems
    • Meraki
  • Fortinet
  • Juniper Networks
  • McAfee
  • Palo Alto Networks
  • SonicWALL

Features to Look For

  • VLAN Support – Ability to create VLAN’s to separate traffic.
    • Ubiquiti UnFi Security Gateway – Supports.
    • Meraki MX400 Security Appliance
  • IPSec VPN Support – Allows remote clients to establish a VPN connection to the network.
    • Meraki MX400 Security Appliance – Supports.
  • Site-to-Site Virtual Private Network (VPN) Support – Ability to create a VPN between two sites.
    • Ubiquiti UnFi Security Gateway – Supports.
    • Meraki MX400 Security Appliance – Supports.
  • Quality of Service (QoS) Support – Ability to prioritize some network traffic over other types of traffic.
  • Ports – How many ports will you need incoming and outgoing? Of what type?
    • Ubiquiti UniFi Security Gateway
      • 2x 1Gb RJ45 ports, 2x 1Gb RJ45/SFP Combination Ports.
      • 1x RJ45 Serial Port (Console).
    • Meraki MX400
      • 12x GbE.
      • 8x GbE (SFP).
      • 2x 10 GbE (SFP+).
  • Layer 3 Forwarding Performance
    • Ubiquiti UniFi Security Gateway
      • Packet Size of 64 Bytes – 2,400,000 pps.
      • Packet Size of 512 Bytes or Larger – 4 Gbps (Line Rate).
  • Processors/Memory/Storage
    • Ubiquiti Unifi Security Gateway
      • Dual-Core 1 GHz, MIPS64 w/Hardware Acceleration for Packet Processing.
      • 2 GB DDR3 RAM.
      • 4 GB Flash Storage.
  • Redundant Power
  • 3G/4G Modem Support
  • Recommended Maximum Clients
    • Meraki MX400 Security Appliance – 2,000.
  • Stateful Firewall Throughput
    • Meraki MX400 Security Appliance – 1 Gbps.
  • Advanced Security Throughput
    • MX400 – 1 Gbps
  • Maximum VPN Sessions
    • MX400 – 1,000
  • Layer 7 Application Type Filtering – Ability to filter traffic at the application level – e.g., P2P, video games, etc.
    • Meraki MX400 Security Appliance – Supports.
    • Ubiquiti Unifi Security Gateway
  • Content Filtering
    • Meraki MX400 Security Appliance – Supports.
  • Intrusion Prevention (IPS)
    • Meraki MX400 Security Appliance – Uses PCI compliant IPS which utilizes SNORT Signature DB from Cisco Sourcefire.
  • Antivirus / Antiphishing
    • Meraki MX400 Security Appliance – Uses Kaspersky.
  • Identity Based Security Policies and Application Management
    • Meraki MX400 Security Appliance – Supports.
  • Branch Gateway Services
    • DHCP
    • NAT
  • Web Caching – Cache frequently accessed content.
  • Load Balancing – Combines multiple ISP links into a single high speed source.
  • Warranty

Comparisons

 

Further Resources