@Donahue said in Why I See UTMs As Generally Bad in the Current Market: @scottalanmiller said in Why I See UTMs As Generally Bad in the Current Market: @Donahue said in Why I See UTMs As Generally Bad in the Current Market: The reason we went with Fortigate over an Edge router, is that the Edge router couldn't do the IPsec bandwidth we were trying to hit. But mine is an NGFW with UTM bundled in. Could there been some other product that I dont know of that would have been better in our case? ERL does nearly half of what you need... https://community.ubnt.com/t5/EdgeRouter/ERL-Performance-Testing-with-IPSec-VPN/m-p/1053799#M44593 ER and ERPro are so much more powerful. The ER Pro has 2x the CPU power, and 4x the RAM. We'd expect it to be able to saturate your lines no problem. Of course that is "expect", but based on the ERL speeds, and that they run the same code, there is little doubt that it can push IPSec over 1Gig speeds. https://dl.ubnt.com/datasheets/edgemax/EdgeRouter_DS.pdf Your link is what convinced me not to use the ER pro. the Pro's will only do <500 mbps at full capacity, its in the link you posted. Where in it? Oh, I see. he mentions ER Pro in another post, then posts them without stating what they are in a thread on ERLs. VERY confusing.

Something to keep in mind is NGFW. Ubiquiti and Meraki, for example, are NGFW. It looks like much of the market is already starting to cool on the UTM crazy and NGFW is taking off as the "next stage" of popular approaches. Basically a reversal of direction or marketing at least, even from the big players in the UTM space like Palo Alto, Fortinet, Cisco, etc.

@jaredbusch - I thought that is what you meant but did a double-take. LOL

@Reid-Cooper said in Open source Firewall: pfSense was really good in the past. But I agree, the days of building your own firewall on an old PC that you have are over. Right - the cost just isn't worth running your old PC. Power alone will cost more than the cost of an ER-X or ER-L.

@travisdh1 said: @Dashrender said: I've never understood how viruii got around AV products on machines running them. It's my understanding this is somehow possible because of other unpatched flaws in the OS, even though the AV knows about the virus, the virus can still get in through the OS flaw, then using that flaw disable the AV, and pwn the machine. Do I understand that incorrectly? It's normally through another piece of software than the OS today actually. Microsoft finally got most of the holes in their swiss cheese plugged. Ironically, the programming code that many AV use also creates a hole for malware to enter through. Wish I had a few minutes to find those articles that hit recently. yeah I read those too - darn AV companies!

@Dashrender said: @scottalanmiller said: @Dashrender said: So if the OP wants to do web filtering and firewall services - what stuff should he buy? Same thing that I keep saying... ERL and Squid. I just wanted you to post it again LOL. There it is.

@Breffni-Potter said: @coliver said: @Breffni-Potter said: Bidding starts at $2500. Collection only Welp too rich for my blood. But I just put an Apple Sticker on top. Therefore the price has gone up. Oh... Man suddenly I really want these things... damn you Apple!