[189112] in North American Network Operators' Group
RE: sub $500-750 CPE firewall for voip-centric application
daemon@ATHENA.MIT.EDU (Ray Orsini)
Thu May 5 14:18:39 2016
X-Original-To: nanog@nanog.org
From: Ray Orsini <ray@orsiniit.com>
In-Reply-To: <20160505175348.GU19521@sizone.org>
Date: Thu, 5 May 2016 14:16:27 -0400
To: Ken Chase <math@sizone.org>, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
We deploy SonicWALL TZ300 or SOHO using Dell's Security as a Service. That
way our monthly cost per customer is under $50 and includes all security
services plus GMS centralized management. Works great with our VOIP service=
.
Regards,
Ray Orsini =E2=80=93 CEO
Orsini IT, LLC =E2=80=93 Technology Consultants
VOICE =EF=82=96DATA =EF=82=96 BANDWIDTH =EF=82=96 SECURITY =EF=82=96 SUPPOR=
T
P: 305.967.6756 x1009 E: ray@orsiniit.com TF: 844.OIT.VOIP
7900 NW 155th Street, Suite 103, Miami Lakes, FL 33016
http://www.orsiniit.com | View My Calendar | View/Pay Your Invoices | View
Your Tickets
-----Original Message-----
From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Ken Chase
Sent: Thursday, May 5, 2016 1:54 PM
To: nanog@nanog.org
Subject: sub $500-750 CPE firewall for voip-centric application
Looking around at different SMB firewalls to standardize on so we can start
training up our level 2/3 techs instead of dealing with a mess of different
vendors at cust premises.
I've run into a few firewalls that were not sip or 323 friendly however,
wondering what your experiences are. Need something cheap enough (certainly
<$1k, <$500-750 better) that we are comfortable telling endpoints to toss
current gear/buy additional gear.
Basic firewalling of course is covered, but also need port range forwarding
(not available until later ASA versions for eg was an issue), QoS (port/flo=
w
based as well as possibly actually talking some real QoS protocols) and VPN
capabilities (not sure if many do without #seats licensing schemes which ge=
t
irritating to clients).
We'd like a bit of diagnostic capability (say tcpdump or the like, via shel=
l
preferred) - I realize a PFsense unit would be great, but might not have
enough brand name recognition to make the master client happy plopping down
as a CPE at end client sites. (I know, "there's only one brand, Cisco."
ASA5506x is a bit $$ and licensing acrobatics get irritating for end
customers.)
/kc
--
Ken Chase - Guelph Canada
