sub $500-750 CPE firewall for voip-centric application

Ray Orsini ray at
Thu May 5 18:16:27 UTC 2016

We deploy SonicWALL TZ300 or SOHO using Dell's Security as a Service. That
way our monthly cost per customer is under $50 and includes all security
services plus GMS centralized management. Works great with our VOIP service.

Ray Orsini – CEO
Orsini IT, LLC – Technology Consultants
P: 305.967.6756 x1009   E: ray at   TF: 844.OIT.VOIP
7900 NW 155th Street, Suite 103, Miami Lakes, FL 33016 | View My Calendar | View/Pay Your Invoices | View
Your Tickets

-----Original Message-----
From: NANOG [mailto:nanog-bounces at] On Behalf Of Ken Chase
Sent: Thursday, May 5, 2016 1:54 PM
To: nanog at
Subject: sub $500-750 CPE firewall for voip-centric application

Looking around at different SMB firewalls to standardize on so we can start
training up our level 2/3 techs instead of dealing with a mess of different
vendors at cust premises.

I've run into a few firewalls that were not sip or 323 friendly however,
wondering what your experiences are. Need something cheap enough (certainly
<$1k, <$500-750 better) that we are comfortable telling endpoints to toss
current gear/buy additional gear.

Basic firewalling of course is covered, but also need port range forwarding
(not available until later ASA versions for eg was an issue), QoS (port/flow
based as well as possibly actually talking some real QoS protocols) and VPN
capabilities (not sure if many do without #seats licensing schemes which get
irritating to clients).

We'd like a bit of diagnostic capability (say tcpdump or the like, via shell
preferred) - I realize a PFsense unit would be great, but might not have
enough brand name recognition to make the master client happy plopping down
as a CPE at end client sites. (I know, "there's only one brand, Cisco."
ASA5506x is a bit $$ and licensing acrobatics get irritating for end

Ken Chase - Guelph Canada

More information about the NANOG mailing list