SonicWall support services set to expire... should I move to Ubiquiti Routers?

Dashrender

@JaredBusch said:

@Dashrender said:

Yep, I'm fully aware but general web filtering should still prevent a lot of nasty things (I would think) because you still have to know the name/IP of the host you are trying to connect to.

Knowing the name/ip would be DNS filtering not web proxy filtering.

I'm not the one who mentioned Proxy Filtering... I only said web filters.
That said, the Sonic Wall is my only device (other than a switch) between the users and the internet. I'm not sure if it's doing true proxying or not? I don know that non SSL traffic was being scanned for viruii, another part of the packaged purchased 3 years ago..

Sounding like i should just forget about any protections at that level and Ubiquiti routers should be fine for me.

A Former User

@Dashrender said:

I'm not the one who mentioned Proxy Filtering... I only said web filters.
That said, the Sonic Wall is my only device (other than a switch) between the users and the internet. I'm not sure if it's doing true proxying or not? I don know that non SSL traffic was being scanned for viruii, another part of the packaged purchased 3 years ago..

Sounds like a transparent proxy most likely. You can do SSL filtering with proxies by decrypting it and using an SSL cert on your proxy but it is not recommended in most cases, you'll be decrypting bank information and everything else on your proxy like that.

A Former User

@Dashrender said:

lol, yeah I know, but at the same time, a web filter probably isn't going to save me from those either as they morph and shift so frequently the filters can't keep up.

No one solution will prevent them. But a network level DNS filter or firewall to stop Malware, spyware etc can be an important part of the solution.

Dashrender

@thecreativeone91 said:

@Dashrender said:

I'm not the one who mentioned Proxy Filtering... I only said web filters.
That said, the Sonic Wall is my only device (other than a switch) between the users and the internet. I'm not sure if it's doing true proxying or not? I don know that non SSL traffic was being scanned for viruii, another part of the packaged purchased 3 years ago..

Sounds like a transparent proxy most likely. You can do SSL filtering with proxies by decrypting it and using an SSL cert on your proxy but it is not recommended in most cases, you'll be decrypting bank information and everything else on your proxy like that.

I'm personally not against that, this is my company network, our policy states that anything you do on it can be monitored by the company... don't read more into that than is there

Dashrender

@thecreativeone91 said:

@Dashrender said:

lol, yeah I know, but at the same time, a web filter probably isn't going to save me from those either as they morph and shift so frequently the filters can't keep up.

No one solution will prevent them. But a network level DNS filter or firewall to stop Malware, spyware etc can be an important part of the solution.

If NXfilter is priced better than that other option, OpenDNS, it might be doable. But as Scott mentioned, who's driving it, and is the cost really worth the provided value.

Currently I'm driving (that is, IT is driving it) to help keep our network safer. The price of the features with SonicWall weren't outrageous. But my current box is EOL. I can pay to keep the current thing active for a few more years, or upgrade to the current model... if I'm upgrading I might as well move to something we all agree is something better, less troublesome. And well perhaps the Gateway transparent proxying and AV scanning might not have been worth it... until we live without it for a while again I can't really say.

A Former User

@Dashrender said:

If NXfilter is priced better than that other option, OpenDNS, it might be doable. But as Scott mentioned, who's driving it, and is the cost really worth the provided value.

It's free for the non-hosted option.

scottalanmiller

I'm thinking about firing one up in a VM that I put on Pertino. Would be awesome to have a simple way to appear as being from the US rather than Spain.

Dashrender

@scottalanmiller said:

I'm thinking about firing one up in a VM that I put on Pertino. Would be awesome to have a simple way to appear as being from the US rather than Spain.

I'm sorry..one what?

scottalanmiller

NXFilter

Dashrender

@thecreativeone91 said:

@Dashrender said:

If NXfilter is priced better than that other option, OpenDNS, it might be doable. But as Scott mentioned, who's driving it, and is the cost really worth the provided value.

It's free for the non-hosted option.

I don't seem to see a cost involved for any situation on their website, did I miss it?

coliver

@Dashrender said:

@thecreativeone91 said:

@Dashrender said:

If NXfilter is priced better than that other option, OpenDNS, it might be doable. But as Scott mentioned, who's driving it, and is the cost really worth the provided value.

It's free for the non-hosted option.

I don't seem to see a cost involved for any situation on their website, did I miss it?

They have a cloud option that does cost money.

A Former User

@Dashrender said:

@thecreativeone91 said:

@Dashrender said:

If NXfilter is priced better than that other option, OpenDNS, it might be doable. But as Scott mentioned, who's driving it, and is the cost really worth the provided value.

It's free for the non-hosted option.

I don't seem to see a cost involved for any situation on their website, did I miss it?

It's not listed but he has hosted options from people using the Nx-filter cloud which does cost.

http://www.nxfilter.org/tutorial.html#cloud_what

MattSpeller

I'll put in a very good word for the Fortigates. They're damn expensive but we've had zero issues with them.

dafyre

@MattSpeller I'm glad they worked well for you! We had two of them and neither of them were all that great, but they did work, at least.

Heaven forbid your check is late for the maintenance fee, lol.

scottalanmiller

@MattSpeller said:

I'll put in a very good word for the Fortigates. They're damn expensive but we've had zero issues with them.

If you do, their support is problematic. They are one of our "blacklist" machines. We don't do business with them. Nothing but problems.

MattSpeller

@scottalanmiller Interesting to note, I'll share any experience I have with them in the future.

@dafyre yeah they do like their cash, preferably up front and in large amounts heheh

A Former User

Pfsense or VyOS is a good option for the router if you have good hardware around to run it on. I'd highly recommend using Intel NICs with either.

Dashrender

I know this group isn't keen on SonicWall either. Over the 3 years we've had them, we've had only minor issues, all of which we've been able to work through with little to no effort.

The frustrating thing is that we're already EOL'ed after only 3 years, and while I can continue to purchase support/update (AV, webfiltering, etc) $1000/year is ridiculous to me. Either that or buy a whole new machine for something like $3500 for 3 more years of support and new hardware.

A Former User

@Dashrender said:

The frustrating thing is that we're already EOL'ed after only 3 years, and while I can continue to purchase support/update (AV, webfiltering, etc) $1000/year is ridiculous to me. Either that or buy a whole new machine for something like $3500 for 3 more years of support and new hardware.

That's not that unusual for UTM devices. They like to keep the money rolling in.

Dashrender

@thecreativeone91 said:

Pfsense or VyOS is a good option for the router if you have good hardware around to run it on. I'd highly recommend using Intel NICs with either.

Considering that an 8 port Ubiquiti EdgeRouter is $304 - $340 on Amazon... that's pretty hard to beat.