Gateway Timeout errors
- 
 @toxophilite said: That's what I'm beginning to think. Unfortunately I don't know the ASA very well. I'll need to bring someone in. You need to bring someone in just to type EnableandShow Running-config?
- 
 I'm almost there with you. I used UBNT APs at my last job and loved them. I purchased a switch but it hadn't arrived when I left. Here at my new job we just built out our network and I let that vendor chose the hardware because of how complicated everything was. I definitely chose the wrong vendor. How does the UBNT firewall stack up to other firewalls for security? As a Jewish organization we are always a target. I can't compromise on security. While I'm pretty sure I won't replace these with Cisco equipment I need to make sure that whatever I replace it with is very secure. 
- 
 @toxophilite said: I'm almost there with you. I used UBNT APs at my last job and loved them. I purchased a switch but it hadn't arrived when I left. Here at my new job we just built out our network and I let that vendor chose the hardware because of how complicated everything was. I definitely chose the wrong vendor. How does the UBNT firewall stack up to other firewalls for security? As a Jewish organization we are always a target. I can't compromise on security. While I'm pretty sure I won't replace these with Cisco equipment I need to make sure that whatever I replace it with is very secure. Define security, because that is not a thing. It is a firewall. It allows what you tell it to allow and it blocks what you tell it to block, like any other. 
- 
 @toxophilite said: How does the UBNT firewall stack up to other firewalls for security? As a Jewish organization we are always a target. I can't compromise on security. While I'm pretty sure I won't replace these with Cisco equipment I need to make sure that whatever I replace it with is very secure. I'd reverse that question... what makes Cisco acceptable equipment? Lower quality, higher price, leaves you at the mercy of consultants and offers no security above the minimum standard while being the top target simply because of its frequency of deployment. Cisco doesn't offer you any security here, Ubiquiti offers you a better product with equal security. It's Cisco that you should be questioning "if it stacks up", not the Ubiquiti. It is Cisco that almost never offers a value justifying its use. Ubiquiti doesn't have that problem. 
- 
 @JaredBusch said: Define security, because that is not a thing. It is a firewall. It allows what you tell it to allow and it blocks what you tell it to block, like any other. Jared is spot on, you have two equally secure pieces here. I'd argue that because you perceive the Cisco as more secure, and that is an illusion, that it is actually the less secure of the two simply because it invoked a dangerous emotional reaction that you don't want to have. 
- 
 There is a reason that I normally say that the Ubiquiti is the only device that I will buy until I get to a full UTM like a Palo Alto. Ubiquiti is as good as you are going to get for a firewall. If you need more security than that, and some places do, then you need to be spending the money to do it right and Sophos is the entry point to that and Palo Alto is the gold standard in the industry. Short of those, Ubiquiti it is simply because it offers top notch quality at a fraction of the cost and complexity of its competitors, like Cisco. 
- 
 We aren't saying that your Cisco ASA isn't just fine here... only that if you are going to spend over $65 on it, you would be better off getting a higher end (same security, better throughput) Ubiquiti and being able to support it yourself. Supporting it yourself is another important aspect of security, as well. 
- 
 @scottalanmiller said: We aren't saying that your Cisco ASA isn't just fine here... only that if you are going to spend over $65 on it, you would be better off getting a higher end (same security, better throughput) Ubiquiti and being able to support it yourself. Supporting it yourself is another important aspect of security, as well. $90 generally btw for the ERL. 
- 
 Oh right, I had the entry level AP price in my head. $90 - $95 for the ERL. 
- 
 That's amazing. I can get the ERPro-8 for two hours worth of support on my ASA! 
- 
 @toxophilite said: That's amazing. I can get the ERPro-8 for two hours worth of support on my ASA! The amazing bit is what a rip off Cisco equipment is. Less quality, 1,000% of the price. The ERPro-8 performs at the rate of like the biggest gear that Cisco makes. The ERL for $95 is about the same performance as a $3,000 Cisco ASA. The Pro-8 would take over $10K from Cisco to try to match! 
- 
 @scottalanmiller said: We aren't saying that your Cisco ASA isn't just fine here... only that if you are going to spend over $65 on it, you would be better off getting a higher end (same security, better throughput) Ubiquiti and being able to support it yourself. Supporting it yourself is another important aspect of security, as well. What's going to allow him to support the ERL himself any more than he could support the ASA? Both boil down to his personal desire to learn the coding language so he can manage them himself. 
 And both allow him to post his current config and his desired result to get a solution from communities like this one.
- 
 ERL has a built in web interface. I think most people find it much easier than an ASA to manage. ASAs are designed to be obtuse intentionally to promote the sale of support but the companies out doing the sales for Cisco. ERLs are not. 
- 
 Don't take this as an excuse to not buy into UBNT stuff - you should if for no other reason that the hardware is super cheap compared to Cisco, etc. You'll probably pay the same for support in either case. Though, one thing I've used before - if you have a valid SmartNet contract, Cisco will write the config changes you need for any changes you want to make to your network - no extra charge. 
- 
 @Dashrender said: You'll probably pay the same for support in either case. Not likely, like Cisco gear, Cisco support is normally charged at a premium. 
- 
 @Jason said: @toxophilite said: That's what I'm beginning to think. Unfortunately I don't know the ASA very well. I'll need to bring someone in. You need to bring someone in just to type EnableandShow Running-config?But since you can't get an ERL most likely until tomorrow at the earliest - it would be great to see a copy of your configuration. Log into the ASA, get into enabled mode (type 'enable' hit enter, type the enable password, then type 'sh running-config' copy the output to notepad. Read over it and delete anything that looks sensitive, then post it here. 
- 
 @scottalanmiller said: @Dashrender said: You'll probably pay the same for support in either case. Not likely, like Cisco gear, Cisco support is normally charged at a premium. NTG charges more for Cisco support than they do for UBNT support? My experience has been any kind of firewall support runs anywhere from $125-$600/hr. The most expensive being Firewall-1. It's been ages since I've paid for firewall support, I think it was around $150/hr. 
- 
 @Dashrender said: @scottalanmiller said: @Dashrender said: You'll probably pay the same for support in either case. Not likely, like Cisco gear, Cisco support is normally charged at a premium. NTG charges more for Cisco support than they do for UBNT support? WE don't, but we aren't a Cisco reseller either, as nearly anyone dealing with Cisco is going to turn to. Although ERL support goes faster than Cisco support, so it is cheaper naturally as it is cheaper to support. 


