There are a lot of entry level firewalls available in the market today. We know that small businesses do not have a large technolgy budget. Investing in a firewall is an important decision. In this blog series, we will review some of the most commonly used firewalls in a small business environment and talk about their features, price points and limitations.
As you read more, you will find that some firewalls are better suited than others for your needs. In this blog, we will be reviewing the three of the most common small business firewalls:
- USG Ubiquiti
- Fortinet 30E
- Cisco ASA 5506-X
The USG Ubiquity is an entry level firewall that can meet needs of small businesses. Here are some of the features it supports:
- IDS (Basic)
- IPS (Basic)
- VPN – L2TP & site-to-site
- Remote Administration
WAN Ports: 1
LAN Ports: 2
The USG checks most of the boxes. It includes VLAN support and basic level of traffic prioritization. Has deep packet inspection, IDS & IPS without the need of additional license costs. VPN is pretty decent with the ability to delegate radius authentication to an internal windows server. The device itself can function as a Radius Server as well. It also has a good option for site-to-site VPN connections with a simple setup.
Managining the USG is easy but there is no on-board management. As with other Ubiquity products, management has to be done through either a cloud key or management software. Depending on how you see this, this may be an advantage or a drawback. The cloud key or the management software also manages other Ubiquity devices such as the managed switch and access point. If you standardize on Ubiquity equipment, this can result in single pane of glass management. Which is really nifty at this price point.
There are some drawbacks too. It is an entry level device and our experience with its VPN has been a bit spotty. Throughput, as one would expect, drops with threat management features are turned on. The threat management features are still considered in Beta stage. These drawbacks are expected at this price point, it is still a solid device.
Next, The Fortinet FortiGate 30E is a solid, all-in-one, next generation Firewall suitable for enterprise branch offices and mid-sized businesses. Here are some of the Features it supports:
- Advanced Security
- site-to-site VPN
- client VPN
Price: ranges from $300.00 to $500.00.
WAN ports: 1
LAN ports: 4
It’s a great option for small businesses that want some additional features and better threat management. Like the USG, it is a solid firewall but with some additional capabilities in threat management. The FortiGate 30E Firewall consists of up-to-date Advanced Threat Protection.
The FortiGate 30E protects networks against cyber threats with SoC (system-on-a-chip) acceleration and secure SD-WAN. High MTBF (Mean Time Before Failure) minimizes network disruption. This Firewall supports external 3G/4G modems that allow redundant WAN connectivity for all-out consistency. The FortiGate 30E can also function as a wireless access point controller to further extend wireless capabilities
Also, this Firewall consists of Advanced Security features. Users can obtain Full visibility into users, devices, applications across their attack surface. Security Policies are implemented consistently regardless of device location. IPS provides low latency and enhanced network performance. High SSL Inspection performance automatically blocks threats on decrypted traffic. AI-driven security operations, such as Threat Protection and Security, automatically block and handle newfound attacks in real-time.
Other features available through this Firewall are Advanced Routing, accessible VPN, and traffic forwarding through multi-cast and IPv4/iPv6. Users can do Simple setup and configuration through FortiManager GUI. This includes firmware upgrades, backups, creating Policies/Rules for traffic and Full Access, specifying Interfaces, monitoring network devices, and configuring Routing.
Rating: Very Good
Cisco ASA 5506-X
Last but not least, this section covers the Cisco ASA 5506-X, an adaptive, threat-focused next-generation firewall suitable for small to mid-sized businesses that require either simple or advanced security capabilities. It is another good option for entry level firewalls for small businesses. The following features are supported:
- Advanced IPS for Breach Prevention
- Security Intelligence
Price: ranges from $400.00 to $600.00.
WAN ports: 0
LAN ports: 8
This Firewall is great for advanced features. Site-to-site VPN and remote access VPN connections are available through the Cisco ASA 5506-X Firewall. This Firewall consists of threat-centered security, advanced malware protection, and filtering technology for VPN and URL. .
With this device, users can access visual statistics across their network and detect issues quicker. The Cisco ASA 5506-X includes user-friendly setup and graphic monitoring through Firepower Device Manager, this device’s Management Console. More specifically, Access Rules and Security Intelligence Policy (an advanced feature that drops unwelcome traffic based on source/destination IP address or destination URL).
Another feature in the The Cisco ASA 5506-X is Customized Advanced Security through the Firepower Management Center in which potential threats within a user’s network can be discovered and terminated. Users can create custom Access Control Rules suitable to their environment and custom Intrusion Rules through the Firewall’s Intrusion Prevention interface for Breach Prevention purposes.
Moreover, this Firewall consists of visually detailed reporting and analytics, and a Threat Intelligence interface in which users could reinforce Cisco Talos (Cisco Security’s threat intelligence organization) and overall targeting protection by adding third-party intelligence feeds. This integrated threat protection only enhances security for a user’s internal network
Basic configuration for this Firewall device is slightly different from the other Firewalls. Basic configuration is done through the CISCO ASA graphical tool, Adaptive Security Device Manager (ASDM). This is the GUI tool for managing Cisco ASA security appliances. Here, users can modify basic configuration, including Interfaces, Internet Gateway, DHCP service and traffic direction.
In summary, Firewalls protect internal networks and with that said, Firewalls are essential for businesses today. As mentioned earlier, Firewall hardware devices are available through different manufacturers and models. Depending on your environment and needs, you may find suitability in certain Firewall devices over others. I covered 3 different Firewalls devices and their respective features and limitations for your review.