[189111] in North American Network Operators' Group
Re: sub $500-750 CPE firewall for voip-centric application
daemon@ATHENA.MIT.EDU (amuse)
Thu May 5 14:12:39 2016
X-Original-To: nanog@nanog.org
In-Reply-To: <20160505175348.GU19521@sizone.org>
From: amuse <nanog-amuse@foofus.com>
Date: Thu, 5 May 2016 11:11:54 -0700
To: Ken Chase <math@sizone.org>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
What PFSense currently lacks in brand name recognition, they can make up
with by the fact that they offer paid support at very affordable levels.
I'd go with https://store.pfsense.org/SG-2440/ ($499 each) and a quote for
professional services (
https://store.pfsense.org/Professional-Services.aspx ) to back that up.
On Thu, May 5, 2016 at 10:53 AM, Ken Chase <math@sizone.org> wrote:
> Looking around at different SMB firewalls to standardize on so we can start
> training up our level 2/3 techs instead of dealing with a mess of
> different vendors
> at cust premises.
>
> I've run into a few firewalls that were not sip or 323 friendly however,
> wondering
> what your experiences are. Need something cheap enough (certainly <$1k,
> <$500-750 better)
> that we are comfortable telling endpoints to toss current gear/buy
> additional gear.
>
> Basic firewalling of course is covered, but also need port range forwarding
> (not available until later ASA versions for eg was an issue), QoS
> (port/flow
> based as well as possibly actually talking some real QoS protocols) and VPN
> capabilities (not sure if many do without #seats licensing schemes which
> get
> irritating to clients).
>
> We'd like a bit of diagnostic capability (say tcpdump or the like, via
> shell
> preferred) - I realize a PFsense unit would be great, but might not have
> enough brand name recognition to make the master client happy plopping
> down as
> a CPE at end client sites. (I know, "there's only one brand, Cisco."
> ASA5506x is a
> bit $$ and licensing acrobatics get irritating for end customers.)
>
> /kc
> --
> Ken Chase - Guelph Canada
>
