-1

I'm working in a small company (7 employees) and we need a new router or firewall for both our office and our servers in a datacenter. We have a 1 Gbit/s synchronous internet connection on both sites. We currently have CISCO ISA 570 on both sites but those are not performing very good and they do random reboots.

Now we're looking for a new firewall or router. We don't need things like anti virus or web application firewall. So I'm wondering if we need a firewall anyway or if we can just buy two new routers. I'm thinking of a Ubiquiti EdgeRouter Pro vs. Sophos XG210. Since we would like to connect both sites via VPN, we would like to buy two devices, so the price does matter.

android
  • 107
  • 1
    It is generally considered to be a **Good Thing** TM to have an edge firewall. – user9517 Mar 01 '16 at 06:41
  • You may wish to read [why-would-i-need-a-firewall-if-my-server-is-well-configured](http://serverfault.com/questions/232642/why-would-i-need-a-firewall-if-my-server-is-well-configured). That said, if you're using private ipv4 address space, you will need a NATting router, which is already effectively a stateful firewall. – MadHatter Mar 01 '16 at 07:03

2 Answers2

1

This depends on your needs - many webhosters have servers on the internet facing side of the network. But this means also that the services they provide are very often encapsulated on the a single host and don't share data across the "local" network.

If you've internal services like databases and/or more servers/workstations (almost in nearly every scenario) it's highly recommended to use a firewall and only open public reachable services.

Speaking of datacenter and office you also propably want to have a secure connection (VPN tunnel) between these both sides and avoid sending your private data in plain text along the public network.

Here comes the non-objecte part of the message:

My personal recommendation would be pfsense as it's easy to start with and very powerful. Sonicwall is also quite nice and we've worked years with it (and are with working with it).

If you want to get more on the router side and have less a firewall Mikrotik might be your choice - but be aware: By default it's a router and doesn't limit any traffic. So make sure to place some default firewall rules.

Daniel Nachtrub
  • 1,022
  • 7
  • 12
-1

If you are really consider about the price, you can use two linux machines bothside and install free open source firewall such as pfsense. It has almost all features that most commercial firewall have. and you can use traffic control using module like ndpi-netfilter on linux. if you are good at linux you can secure your site easily with these softwares.

Shamin Weerarathne
  • 37
  • 8