0

We are looking into putting a hardware firewall into a data center to protect our rack of servers.

We are using the servers for terminal services and we have 2 x 1GB connections to the Internet.

We have about 50 servers supporting about 250 users which will grow very soon to 500 users.

We plan to purchase 2 hardware firewalls to provide HA.

Do you think the Sonicwall NSA 240 with Total Secure is a good match for this in terms of performance and protection (from spyware, virus etc?) or is there a better purchase? (Maybe a Watchguard X5 or X8?)

TessellatingHeckler
  • 5,676
  • 3
  • 25
  • 44
Adam Chetnik
  • 542
  • 6
  • 19

3 Answers3

0

We use the NSA 240s in an HA setup, and have had no problems with them, but we haven't pushed that much traffic through them, more along the lines of 20mbps. Sonicwall's web site says:

  • Stateful Throughput2 - 600 Mbps
  • UTM Performance3 - 110 Mbps
  • Gateway Anti-Virus Throughput - 115 Mbps
  • Intrusion Prevention Throughput - 195 Mbps
  • IMIX Performance - 195 Mbps
  • 3DES/AES VPN Throughput - 150 Mbps
  • Maximum Connections - 85,000/110,0006
  • Maximum UTM Connections - 32,000/50,0006
  • New Connections per Second - 2000

We've used the intrusion prevention with it, and it's a very nice feature that seems to work great. I've never worked with Watchguards, so can't comment on them.

KJ-SRS
  • 984
  • 1
  • 8
  • 11
0

We recently evaluated the SonicWall 240 and the SonicWall 2400 for this exact same scenario.

We've decided to go for the 2400, for a few reasons:

  1. It's rack mountable, which makes management just that tiny bit easier
  2. It's throughput is substantially higher than the 240

  3. It's not that much more expensive1:
     
    NSA 2400 (Primary) - $3550
    NSA 2400 (Failover) - $1750
    HA License - $650 2400 Total: $5950
     
    NSA 240 (Primary) - $1750
    NSA 240 (Failover) - $900
    HA License - $500
    240 Total: $3150

  4. With the growth to 500 Terminal Server users, you'll appreciate increased throughput and processor speed of the 2400 - espcially if you're going to use the DPI feature.

  5. One if the big things missing from all of the 24xx range is LAGG. We were hoping to use port failover as well as HA (to protect against stupid mistakes), but that feature only seems to be available on the 5xxx series or above. Additional, 25 vlan's might be an issue for you, maybe not. We have about 10 vlans in our network at the moment, and are a little bit concerned about the vlan limit.

1This pricing is from my local currency, RRP. Don't use it to compare any pricing you might receive, especially if yours is in $USD as they will be substantially lower

Community
  • 1
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • Thanks. I assumed to have HA we would need to purchase 2 units which were the same ie both of them with Total Secure? Your failover unit is a lot of difference price wise. Could you please confirm what products you purchased for your setup? – Adam Chetnik Feb 21 '11 at 07:55
  • @Adam - We haven't purchased yet, but when you're buying for HA the first device pays for the license and the 2nd one shares the license from the first, hence the price difference. – Mark Henderson Feb 21 '11 at 08:39
0

Depending on how you use the connections, the Watchguard XTM 5 series might be good enough, but the XTM 8 series seems a better fit. ( Specifications at http://www.watchguard.com/products/xtm-main.asp )

The latest Watchguard firmware (11.4) has introduced support for determining Terminal Server users and directing them through different web filtering rules, where previously it only handled a terminal server as a single computer, which might be a useful point.

To get cluster support, you would need two devices of the same model, and Fireware Pro licensing, and some consideration about switches to connect them to. Failover High Availability has different requirements from Load Balancing Twice As Much Throughput configuration.

I haven't used SonicWalls, so I don't know how they compare.

TessellatingHeckler
  • 5,676
  • 3
  • 25
  • 44