Hello Reddit,
I am looking for some advice from individuals who definitely know more then me.
I work for a small business and I am trying to help improve the network for security purposes. Currently we run the Meraki Go system in our 4 locations. It leaves a lot to be desired. The other day the firewall in one location had a port failure and their app never showed us that was the issue. We discovered it when we switched the ethernet cable from one port to the other. I find that defeats the purpose. It should clearly have shown me this was happening, but still it does not tell me there is a port failure. In the end, I just feel this system is not developed enough and I want to move on.
I considered Barracuda, Palo Alto and Fortinet, but honestly, their price point, the business owner will not go for it. Not even close.
Then I discovered Firewalla, its a lot closer to what I want, especially with the VPN system and MSP they have, but their yearly subscription really makes a reasonably priced product and decently expensive product.
I thought I would pose this question to the /reddit world. Any alternative solutions I should look at, that may provide a solution that is better than meraki go, but more reasonable then firewalla. Or if Firewalla really is the real deal and I should sell my boss. Or, alternative solutions.
Thanks for your time guys.
Colin
There is always the option of more… Open source solutions that can be deployed on either a host or purchased on hardware.
Pfsense and the like - cost is less and the feature set is decent.
Depending on the size of the smb you can get a fortigate with all tge features for 1.5k or less. Do not use barracuda. Palo would definitely be out of your price point.
Agree with some of the comments here in relation to going open source. I would look into opnsense/pfsense. However, it’s important to note that there is a trade off in terms of skill set in relation to firewalla. Opnsense and pfsense generally require a certain level of networking knowledge to configure manage and troubleshoot.
Firewalla on the other hand is quite a user friendly app based solution whereby you can manage devices and features quite easily with the tap of the finger on a device like a phone or tablet. The MSP offering is fairly new but seems useful. No hands on experience with firewalla MSP but I have set up a few of the devices in an smb scenario and the vpn wireguard configuration is simple yet works well. Another thing that is really important is the support. If things go wrong how likely are you to be able to resolve or get support. Can’t say I have first hand experience with their support. These devices are not comparable to say a true ngfw like palo. But… depending on your requirements they are worth a look and consideration.
I would still recommend an open source option as mentioned by others here but do your research in terms of pricing, ongoing subscription fees, support, feature set and I’m sure you will make the right choice.
I guess recommendations from the community would be reliant upon what kind of features you’d need for the 4 locations. If it’s mainly having a VPN to one location, it’s kind of hard to beat the price of Pfsense (or other open-source firewall projects). But if you require Wlan from the same box and other features, this would be recommended to list up in the original post.
OPNSense is what I’m going to push for in the next year or two.
If it is a small business, I would recommend using nftables directly on a small APU.
PFsense isn’t in the same class as the others, op implied they’re looking for L7 filtering which is marginal at best on PFsense.
Going with that mentality, I need it for 4 locations and now I am over 4K. Well above firewalla. Thus defeating my point of my question. Am I reading that right?
Full MSRP on a 40F with 1 year of Enterprise is $1064.
I had not, I will look into them.
Hello,
Thanks for the response. I honestly had not thought much fo Wlan. , except once I stumbled upon Firewalla, as they seem to have Wlan capabilities.
I will add that update, just to see what people thinks. Thanks you.
I am leaning towards pfSense, why are you looking at OPNSense. I know they’re very similar, just curious about your opinion. 
That is fair - budget being the primary constraint was the limiting factor here though.
Considering its a boundary device, it’s preferred to be a known element. If the usual suspects i.e. PA are not in budget it’s likely the primary vendors are also not.
Pfsense and other oepn source solutions reduce the initial purchase.
It’s only an option at the end of the day, OP will need to make the final choice.
Just to follow up because I think I misread OP and you were right.
They’re looking at Firewalla who publishes their source on github, and it looks a lot like your classic FOSS firewall running suricata and probably doing DNS-based filtering. I bet if you dig into their source you’ll find dnscryptproxy, unbound, or dnsmasq with filter sets.
So actually very similar to just grabbing PF/OPnsense and doing it yourself. Been a hot minute since I was on PFsense but I know you can do literally all of this in OPnSense and your cost per firewall would be about $150 for some Qotom hardware (which I suspect Firewalla is using).
Thank you, now you have made things a little tougher. lol
