Firewall Recommendations?

anomalous cohort asks: "The company that I work for is looking at upgrading to a proper firewall (sadly, we use only the MS-ISA server now). Our I.T. guy is ready to recommend Fortigate [45]00a. Ours is a small company with about a dozen employees and about 400 customers. Does anybody have any experiences, good or bad, with these two products or with the Fortinet company? Are there any recommended firewalls (outside of Cisco's) that we should seriously look at?"

Old computer+Linux

[Shawn+is+an+Asshole]

Then run Debian, Firehol, and Squid (transparent).

Some people can screw up anything

[mungtor]

It's your IT department.

Checkpoint is stable, secure and has an excellent track record. If you actually have to administer the firewall, the Checkpoint GUI is second to none. Simple, intuitive, everything you could want. SecuRemote isn't any more annoying than most other VPN clients. Of course, none of that comes cheap. Checkpoint (especially on Nokia hardware) is the most expensive choice by far.

Juniper seems to make a pretty good device. I've been running a Netscreen 208 and a Netscreen 50 for a while now and they haven't given me any grief. It was like going back in time to get used to the GUI, but Checkpoint pretty much spoils you for anything else. Logging is pretty good on the Netscreen, and permanent VPN tunnels (IPsec) seemed to be a little easier to build than with the Checkpoint FW.

Fortinet works well too, but it a pain in the ass to set up. When my last company migrated from Checkpoint to a Fortinet (as an asinine budget driven decision) it took 4 seperate "policies" to accomplish what could be done in one rule in Checkpoint.

If you have the budget, go with Checkpoint. Otherwise, Juniper is a solid choice.