sub $500-750 CPE firewall for voip-centric application

Mark Tinka mark.tinka at seacom.mu
Fri May 6 06:59:22 UTC 2016


On 5/May/16 19:53, Ken Chase wrote:

> Looking around at different SMB firewalls to standardize on so we can start
> training up our level 2/3 techs instead of dealing with a mess of different vendors
> at cust premises.
>
> I've run into a few firewalls that were not sip or 323 friendly however, wondering
> what your experiences are. Need something cheap enough (certainly <$1k, <$500-750 better)
> that we are comfortable telling endpoints to toss current gear/buy additional gear.
>
> Basic firewalling of course is covered, but also need port range forwarding
> (not available until later ASA versions for eg was an issue), QoS (port/flow
> based as well as possibly actually talking some real QoS protocols) and VPN
> capabilities (not sure if many do without #seats licensing schemes which get
> irritating to clients).
>
> We'd like a bit of diagnostic capability (say tcpdump or the like, via shell
> preferred) - I realize a PFsense unit would be great, but might not have
> enough brand name recognition to make the master client happy plopping down as
> a CPE at end client sites. (I know, "there's only one brand, Cisco." ASA5506x is a
> bit $$ and licensing acrobatics get irritating for end customers.)

pfSense.

Mark.


More information about the NANOG mailing list