sub $500-750 CPE firewall for voip-centric application

Javier J javier at
Thu May 5 20:52:26 UTC 2016

I'm a fan of the EdgeRouterLite3

I don't manage many small businesses networks anymore because we now do
only 100% cloud and remote work but I started deploying them to all my old
clients I still have on retainer.

It is a wonderful solid set it, and forget it device and you can manage it
with ssh (it is basically running a fork of Vyatta under the hood on Cavium
hardware which is nice because it does lots of hardware offload like any
other enterprise device.)

I won't use pfsense anymore because it's project was taken over by a-holes,
but that is just my personal experience.

- Javier

On Thu, May 5, 2016 at 1:53 PM, Ken Chase <math at> wrote:

> Looking around at different SMB firewalls to standardize on so we can start
> training up our level 2/3 techs instead of dealing with a mess of
> different vendors
> at cust premises.
> I've run into a few firewalls that were not sip or 323 friendly however,
> wondering
> what your experiences are. Need something cheap enough (certainly <$1k,
> <$500-750 better)
> that we are comfortable telling endpoints to toss current gear/buy
> additional gear.
> Basic firewalling of course is covered, but also need port range forwarding
> (not available until later ASA versions for eg was an issue), QoS
> (port/flow
> based as well as possibly actually talking some real QoS protocols) and VPN
> capabilities (not sure if many do without #seats licensing schemes which
> get
> irritating to clients).
> We'd like a bit of diagnostic capability (say tcpdump or the like, via
> shell
> preferred) - I realize a PFsense unit would be great, but might not have
> enough brand name recognition to make the master client happy plopping
> down as
> a CPE at end client sites. (I know, "there's only one brand, Cisco."
> ASA5506x is a
> bit $$ and licensing acrobatics get irritating for end customers.)
> /kc
> --
> Ken Chase - Guelph Canada

More information about the NANOG mailing list