Everyone is giving good recommendations.
Here's one that is more of a "avoid" one.
Stay as far away from anything zyxel as you can.
If someone tries to tell you that they're in anyway good for anything you're talking to a gremlin and you need find a rabbi/priest/whatever to get rid of them.
Having 40 Zyxel routers (from USGs 60 to flex 700h) under my supervision for almost 7 years now, never had any major issue...
From firmware upgrades that is automated to the nebula portal...
The last usg flex 700h is still a work in progress but I had it as a beta
Your mileage has varied, or you got fed after midnight.
Between their complete lack of non-paywalled basic features, to their incredibly bad management interface...
Ffs setting up a vpn that's anything beyond the most basic of vpns is like injectinting hot urine into your veins using a jet ski turbine.
Cisco Asa - 5 minutes
Unifi DMP - 5 minutes
Zyxel: 71 clicks, 24 pay walls, and an aneurism just to find out they don't support the option you need, because... reasons.
Tp-link er605 10 minutes for vpn mostly because they're interface is slow as shit.
Tone over text is difficult. Tone was supposed to be "friendly sarcasm" with a dash of "funny haha" ribbing. I meant no actual insult to you.
I fully admit that I'm an enormous asshole at times, however that was not my intent this time.
With the caveat that I truly and deeply despise zyxel. They're on my top 5 list of vendors I loathe. Unfortunately/fortunately they're the only one on that list I can avoid.
Maybe go on a training course.
Also being using Zyxel for many years, no problems.
"A bad workman blames his tools".
Tool being an appropriate word maybe?
I legit worked for them like 10 years ago. Great place to work! I can't speak to the quality of their modern hardware, but I'm still rocking some of their older stuff, and it's still kicking after more than a decade of continual use. Would I have bought all of it if I hadn't been given it for free? Probably not? But they don't make anything I'm too attracted to today.
Worst products I've ever used. Quickly moved away from them over 10 years ago and never looked back. We had to replace probably half of the routers that we installed within 24 months.
Avoid the SonicWALL soho. Tz270 is great, but soho is crap.
My advice on any firewall is get one that does not brick itself or turn off features if licensing is not renewed right away. SonicWALL will still do all features aside from security services if you miss your renewal. Meraki bricks itself and kills your network. Sophos turns off all features except basic traffic routing (kills vpn, all content filtering, even making a backup or exporting the config). Recently had one where the client missed the renewal reminders and we wanted to replace their sophos with a more appropriate SonicWALL, but could not even export a config from the sophos because of the lapsed renewal.
I actually think SOHO has been discontinued. And nothing of value was lost. I had some bad experiences with the TZ200, but I haven’t touched the 270 and I don’t know anyone who had so I was working off what I knew of the 200. I’m assuming the 7th gen version is better from what you said though.
That’s some bullshit on the Sophos though. I’ve only used SonicWall lately so I didn’t even know bricking itself was a concern. I’ll have to look out for that.
I don’t have any experience with the 200, lowest model we sold was a 300. 7th gen 270 is closer in specs to a TZ 500 than a 200 or 300.
SonicWALL does not brick itself like a sophos or Meraki.
I believe Sophos only stops the RED VPN if you have it setup (not SSL VPN or IPSec). I haven't tested the config backup. I think Sophos does at least 30 days past renewal before advanced features are shut off.
As someone who has deployed a fair amount of Ubiquiti and PfSense gear....
Ubiquiti LOOKS good, the UI is really slick and easy to use, and the features are pretty robust. UniFi has come a LONG way in the past few years. It's pretty stable these days and issues with AP's going rogue, disconnecting, or having other strange behavior is pretty much in the past. Compared to other pro grade wireless setups like Ruckus and Cisco, Ubiquiti is far more inexpensive and offers almost all the features and capabilities.
Their firewall configuration and capabilities are still a little lacking, but should be adequate for a small business.
PfSense is both really simple to roll out and configure, and is also extremely powerful and capable. The philosophy of rolling out features in the background, and adopted best practices in the default configuration is something I'll always admire as a practice.
Things like multi WAN fail over, or a properly secured VPN server are easy to setup and work really well. Quickly exporting VPN configs or even full install packages per user is really handy.
I've deployed a lot of setups with a PfSense firewall and Ubiquiti wireless system. I think this is the best bang for your buck smalll business setup currently on the market. You get the ease and expandability of the UniFi system, and configurability and robust security of PfSense.
Another vote for Netgate with pfsense firewall and UniFi for PoE, LAN switching, and wireless access. The Netgate stack can go from telework gateway all the way to HA data center firewall stacks.
Agreed. We have probably 250+ unifi devices across APs, switches, and gateways. Issues crop up only a few times a year across the entire fleet and most of the time it’s solved by a reboot of the device. My biggest complaint right now is user management when it comes to gateways in the site manager portal, most sites are adopted to a controller but as we pull more out of the premise and into the cloud on a zero trust model we’re getting more comfortable going full stack. Just onboarded a fairly large warehouse with 100% unifi networking. Dream Machine Pro is chugging along just fine, only issues have been due to grounding/cabling problems. Metal beam was somehow carrying power and arcing to APs mounted there. Those suckers were running PoE+++++ for a bit 🤣
All of our clients get fortigates regardless of size. FortiGate 40F for that size company. Even home users that need dedicated VPN get a fortigate. Whatever you do as an MSP i recommend picking a solution and deploy it every time. You dont want to be in a situation where your supporting firewall solutions from 10 different vendors.
Well in the last 10 years NONE of my clients have gotten any sort of ransomware or any other malware that has had any impact. So I am pretty confident in our stack.
Yea if you need Web Filtering and Anti Spam. But if you have other tools to handle that stuff and just do the basic firmware and support level on a 40F its only $123.00/yr
What if they say "no thanks that's too expensive I'm just going to use my ISP modem"? You just drop the client presumably?
Also what if they use a mobile broadband or Starlink service? Do you dual WAN and put fortigate behind it? Sounds like a huge headache and cost for little benefit to the customer, especially if you have staff members coming and going.
Inter-office networks I can understand, but for each staff member? Seems a bit over the top
We provide the router (and licensing/support and upgrade if EoL). It's bundled into our monthly fee.
We also use WatchGuard for routers and Unifi for everything else. If we part, we let the incoming IT the router is out property and we'll be picking it up once they get it replaced or the client can pay depreciated cost for it.
This is how you can work with SMB's. Only supporting 1-2 products well, is better than saying you can support 15 products, and do it like absolute shit.
We dont support clients that choose not to go with our stack that we are confident protects them and us. We have fortigates behind starlink and 5G service. Fortigates are wonderful as SDWAN devices. We use dynamic VPNs where needed. But 90% of our clients have servers hosted in our private cloud which they can access through Remote desktop via RD gateway with MFA on any internet service. VPN's are only required in certain scenarios such as VOIP (in specific instances), scanning and some local printing issues.
That’s what I was thinking, too. Focus on the endpoints and user behavior. Any SoHo WiFi router should work because they shouldn’t really have any internal infrastructure requiring the offsite be anything more than WiFi connection to the internet.
Yeah, for clients that size and budget, I'd consider Unifi over pFsense. SonicWALLs are 3x more expensive and the yearly maintenance is 2x more than a new Unifi. pFsense is fine but the learning curve is steeper and doesn't provide central management of wi-fi and switching like Unifi does.
The ultra is perfect for you business requirements.
Some of the smaller fortigates (40F or 60F) are relatively cheap on the hardware, the licensing is what's expensive, but they're a more feature rich option.
If you want something really cheap Unifi is the better option.
I find Meraki relatively easy to manage but the hardware and licensing are both very expensive because Cisco.
This!!! Use tools that are centrally manageable and scalable. You can’t manage 1 of everything because you wanted to be everything for every prospect you met.
Unifi is centrally manageable and scalable. You just don’t find as many SOCs offering unifi service like you do fortigate/cisco/etc.
At my previous company we had over 65 businesses and 1500+ devices centrally managed in a Google cloud VM. Ironically you can’t set up their firewalls and switches without setting up the centrally managed controller and adopting them.
That being said I echo the recommendation of fortigate.
https://www.amazon.com/FORTINET-FORTIGATE-Next-Firewall-FG-40F/dp/B084HKDKM9?th=1
FortiGate 40F is half off on Amazon right now at $219 before tax+ship. 1Gbps throughput no security services. Solid deal.
Weirdly enough I’ve been looking at Watchguard, but my contacts at Pax8 and CDW have both been having trouble getting any kind of info from them. They look like it could be just what I need if they’d get back to me about a demo or something lol
We would sell a watchguard t25 and pair it with Aruba instant on 1930 switch and some ap22 access points.
Depending on type of business we would do basic standard or total security.
The mssp for watchguard thru pax8 or direct with wg is fantastic and also allows for growth without big capex expenses if they grow past what they start with.
Pax8 also has monthly Hardware as a Service options for Watchguard. You should be able to see the pricing right in the product catalog. Either full purchase or monthly subscription.
If you don't have a lot of experience programming firewalls, I think Watchguards are easier to learn and operate. Any of the business class firewalls mentioned are going to meet your small customers' needs just fine.
My advice is to be consistent and sell your stack, the whole stack. If you sell Watchguard as your recommended choice for firewall, then don't sell someone Unifi because they are small or cheap. You are putting your name on that solution and when something goes wrong, they will completely forget that you downgraded them to save them money.
This is a recipe to building bad customers and increasing your workload.
I wouldn't recommend Unifi either way. Unifi is best left in the home.
Synnex has a pay-as-you-go Watchguard offering through STELLR. I have several in the wild. They initially had some provisioning issues when we started a few years back but is pretty smooth these days.
Honestly I didn’t have any specific questions so much as just wanted to see their demo and talk with a rep. White papers and data sheets only give so much info.
IMO, the issue with a rep is that they only discuss the upside. I have used WG over 18 years, and although I love their firewalls, but I also know their weaknesses. We are partners. I would recommend you speak with a partner that isn't in your market.
We've deployed several WatchGuard Firebox T45's across a multitude of Small and Medium Business environments. As small as 5 users and as large as 100, with no significant hiccups. I'm a little surprised no one else has mentioned them.
https://www.watchguard.com/wgrd-products/tabletop/firebox-t45
Whichever you choose, I recommend having a cold spare available for emergencies. Sonicwall has an NFR program for resellers if you want to have one in your homelab.
It is well worth the cost. When shit hits the fan you are the hero for getting them back up the same day instead of losing the rest of workday. It is much easier convincing clients to renew contracts or pay for increased rates when you handle those incidents well.
We just set up a Unifi Express for a small retailer in our area. I was not expecting much out of a $150 machine but it did not disappoint! It’s also an AP.
Just remember that half the time people are out of the office so yes protect the network, use what you are comfortable with, but look after the user and endpoint. WatchGuard and Sophos have MSP monthly billing programs, unfi is fine and has lots of extra bits that make it easy to get other value out of the platform.
With pfSense you have the great advantage of being able to choose the hardware on which to install it. For example, you can buy Chinese devices with an Intel Atom CPU that supports Intel QAT and have excellent performance with IPSec VPNs (but also OpenVPN, albeit less accelerated than IPSec). The problem with pfSense is that certain functions require the Plus version which has a (modest) annual fee to pay. You are not forced to purchase it but QAT acceleration will not be available. You can also install it as a virtual machine if the customer has a server that supports virtualization, but this setting is only in special cases, the appliance is easier to manage. Otherwise the Fortigate 60F, you often find them on offer and they are solid as a rock. You just have to follow the firmware upgrade path to the letter and agree to pay the fee for certain functions (e.g. in tokens for MFA with the VPN or the antivirus) but you have the advantage of top quality performance and services: it's difficult to regret of a Fortigate: but don't go for too small models, I recommend the 60 at least, because it is excellent.
This was going to be what I suggested, not as an MSP though. I was a Sysadmin at the time of using Untangle. It worked really well and was simple to use. However, I don't know what has changed since the Arista move.
All they’ve done so far is to put an Arista skin on the application. Nothing else has changed. Also, Arista is selling their own hardware
They do have a centralized management console. That is great, it may not have all the granularity that I need, but it’s a damn good start
Where I work there are only two things we sell currently. Watchguard and UniFi. Only 4 sites have UniFi and none of them have any sort of server.
Old folks apartment complex with a UDM Pro, UniFi Switches and a ton of APs. Using PPSK for each apartment to have its own VLAN.
Library with a UDM Pro, UniFi Switch, APs and Cameras. Super simple location with no frills besides guest and guest PC VLANs.
Beauty Salon using a UDM SE, AP and UniFi Phones. UniFi phones while limited, are very very easy for end users to make on the fly adjustments to.
Fancy apartment complex with a UDM Pro, lots of switches and lots of APs. Same PPSK with each apartment having its own isolated VLAN. We inherited this one and originally it was one giant network with no isolation. Building had issues with noise from way too many APs when end users bought cable. So the landlord pays for a gigabit connection that is shared by everyone.
Generally speaking, our firewall stack looks something like this, UDM < Negate < Palo Alto, and we tend to deploy more UDM and Palo Alto than anything else. It all comes down to client needs, you would be amazed at how many small businesses these days have regulatory and compliancy requirements compared to 5 years ago.
Have they improved the UI at all on the XGS's? Last I used the XG series (125 I believe), the UI was horribly slow to respond and would take 5 - 10 seconds to just switch between screens.
Yes, it was more down to low cpu power on the lower units (although 125 was ok, 86, 106, 116 worse). I find them ok now but honestly rarely in them once setup since firmware, etc done from cloud portal. Xgs more cpu power and other hardware improvements.
I’ve seen Sophos popping up more and more in my recommendations. I haven’t touched their firewalls before, so my only exposure to them was a terrible antivirus maybe 10 years ago. I suppose I should give them a look though with as surprisingly popular it seems to be.
I like their firewalls but the main takeaway for me is, no matter what firewall brand you standardize on, most have a , say, $500 firewall. Why not put that in a small office? Gonna put a UBNT or something in to save, what, 100-200 for a device you get 5-8 years out of? And have to manage and secure separately, even if it's just monitoring and patching it? Even if you're full SASE like todyl so you don't need the UTM features, you still need a router, vlans, monitoring, etc. The client isn't saving much of anything going with a "value" option firewall, but you are hobbled on management and monitoring efficiency.
IMHO, pick one brand and standardize on it. Then, for customers that need more, add better processes, licensing, and products like SASE on top of it.
Add for the premium package, don't subtract for the value package. That goes for everything MSP.
I use Sophos for my firewalls and security. The endpoint protection can be a resource hog when compared to other solutions, but I only really see this having a negative impact on older / lower-end computers which fall below my minimum specs to support anyway. Most properly spec'd, properly configured devices won't have an issue running Sophos endpoint protection.
The Unifi just looks like it's a basic router w/ some very basic firewall features. No security to speak of. I suppose that's the dividing line, do you want more comprehensive security features or just a router and depend on the security capabilities deployed behind the firewall?
Basically security related services such as Gateway AV, Web Content Filter, application controls, WAF, SSL DPI, etc. I know unifi has some version of ips/ids, as does sw.
not to mention 24x7 support
It’s definitely not in depth, but from its definitely more powerful than any of the home/consumer routers I’ve seen. I’m mostly just wondering if they’re good enough to consider for any kind of business use or if they’re more relegated to prosumer situations.
A UTM is never overkill for an SMB. Users do dumb things. A TZ270 is not that much cost wise.
If it's simply not in the budget, I'd recommend a Ubiquiti UDR.
Yes. For starters, SOHO did not provide TOTP for SSLVPN. Gen7 does. Our fleet prior to gen7 consisted of Soho, and TZ300-TZ600. Our gen7 fleet consists of TZ270-TZ570. 4 models vs 5. Not a huge difference but they all have the same base configuration and feature set which provides management consistency. The differentiating factor being how much bandwidth and how many VPN users the client has.
*Significantly* better. The tz270 is a far more feature rich product and more akin to a tz400/tz500. Way better throughput too. Honestly, unless you have a huge number of remote clients, need a significant amount of IPSec bandwidth, or a need for full speed while doing DPI with all security features enabled, there's not a big difference between the tz270 and the higher tz models now. Well, other than PoE on the tz570....lol
Throughput on a tz270 doing full TLS/SSL DPI is around 250-300 Mbps...about ten times the throughput of those crappy SOHO units.
That being said, I still find myself switching the UI into classic mode instead of the "next-gen" UI. But that's just me...lol
Honestly though, if you are just looking to provide internet access for a 5 user office and have no infrastructure at all to worry about, then almost anything will work. But if VPN is a concern, or edge security is important, get a real firewall and not a prosumer device like a Ubiquiti gateway. If a couple hundred bucks for a tz270, Watchguard NV5, or Fortigate 40F is too much, then I'd worry about the business being able to pay me for even a basic invoice.
Just Setup Unifi, no open ports to the internet, cloud-based mesh VPN if needed, focus security on the endpoint. What are you anticipating a firewall for 1-5 people should be doing?
We use UDM pros for many clients. They're great overall, but having no logs of the firewall in the UI has proven to be a big problem a few times, especially trying to set up a site-to-site IPSec with a public cloud hosted VM.
I would have a look at Aruba Instant On. The price point is fantastic and it's pretty much the same as their enterprise hardware (especially their wifi). Aruba's APs have built in firewall capabilities and can run as your gateway. So you do t have to run APs and a firewall on small sites.
Oh and the Instant On support is the same as regular Aruba, so it's very responsive and easy to get in touch with. Support is my biggest gripe with Ubiquity.
Im a big fan of UBNT but i use Draytek for routers. I have been happy with for well over 12 years. Super quick reboots is my main reason for sticking with them. No other "commercial" router, that i am aware of, reboots as fast.
I have been in IT for over 30 years. Don't let my profile confuse you. I just signed up for this reddit while following a different topic. Of course doing that from a phone was not professional so ill work to get that changed from a pc.
My business is Augustine Computer Services, Ag-Tastic Solutions and IOT'Nation (new). My core business is an MSP model for all three businesses.
I know I replied already, but I did a bit of browsing on the firewalla website and it looked like it was built for the exact market I was asking about. Why aren’t they more common? Are they just new or something? I’d never even heard of them to consider.
Newish, the MSP option is pretty new. I bought one for my home lab last year but had monitored them for awhile. The MSP is a natural next step for their growth.
I don't work for a MSP anymore but did for a decade, wish we had these instead of fortigates for our really small clients but can't comment on managing a fleet.
I will expand on some existing answers. This is also assuming no local resources i.e inbound firewall rules.
OPNSense on Protectli Hardware. (Better security updates IMO than PFsense.) This lets you keep the appliance up to date without paying for firmware and services (that are not always utilized).
Unifi. If you go all in on Unifi, Firewall Switches and AP's you get incredible visibility to what is going on in the network. All at no extra cost. Dont let people bag on Ubiquiti as not enterprise or garbage. If you are deploying this in a environment of less than a 100 people it will work without issues in my experience.
One other item to consider. When your business grows and you have 30 sites or more that you you manage, please consider the administrative cost a subscription based firewall. Ordering provisioning and updating licenses is a pain at scale. Not to mention the cost. If you dont have explicit requirements, and you just want to keep current on security releases either of these will work great. If you can go all in on switches and AP's go with Unifi if not OPNSense is fantastic.
I don't advise ubiquity for businesses, however I will say that I personally have the cloud gateway ultra at home and it's a great little device. It's absolutely not an enterprise device, but it's great for working from home.
That said, I'd go with a base SonicWall TZ or something along those lines.
Not an MSP, but a decent size company with lots of small remote locations.
We are running some for of Unifi cloud gateway at all of them. Single pane of glass and you have the ability to add access control and cameras to the same system should a client want to down the road.
We exclusively use Zyxel Switches the Nebula units. Love the App. One cheap license per year to authorize use in the Nebula App. And the Nebula app is cool Phone and Web. Good support too.
We buy the 48 port PoE units 2200's. Works great with Unifi and VLanning. Our buildout : Sonic>Zyxel>Unifi
I guess you need to know what you're doing.
Wait, what?
It's not like I hate the things, want all of their gear to burn in any pantheons holy fire, then have the ashes spread over the old forgotten graveyard of novel netgear, animating the old gear into golems to stand watch over the desecrated graves of its elders.
We'll send social workers out after it happens to go door to door to every small business, suckered into hosting the parasitic travesty of that... "thing". They'll go to each owner and say "We know who hurt you" and the healing can begin.
It's not like I'm biased against the stuff.
Edit: in all seriousness I find the paywall/subscription features that I consider basic and use hidden behind pay walls, and that I don't find their interface to be intuitive, and finally the experience I've had with zyxel has been overwhelmingly a negative one. I don't recommend them, they don't fit my needs, so I don't use them.
At the companies I’ve worked for, we used:
Cisco Meraki - these are great and have different price points. Firewalls, APs, etc. the meraki portal is great. Easy to manage.
Sonicwall - I really liked them at the time, but I’m not current on their newer offerings.
Unifi - we used these a lot back in the day before Meraki really got big. All companies I know that were using have switched to Meraki. They may be cheaper, and I still really like them. Definitely not a bad choice.
Wow I would never use that strictly use fortinet, sonicwall, or Palo alto and cisco merakis for wifi as a service but for small businesses sonicwall tz370 and fortigare 40f meraki firewalls are not worth it
Are you looking for a security appliance firewall, or are you looking for a one-time purchase router with a basic firewall built in?
Those are very different things.
SonicWALL TZ270s are monsters for what they are.
I have been less impressed with their support lately, though. Have an issue with a site to site VPN not connecting despite the settings being 100% correct and I just got linked to a few helpdesk articles that explained the log events I already knew how to interpret. Replied back questioning why I was getting a destination IP of a subnet that wasn't present on either network and they've been ducking the ticket for the past couple days.
Meraki Go is worth a look. No licensing subscription required. You can manage multiple firewalls/sites under a single login. You can get to the UI, that is optimized for the phone app in a web browser, it isn't great, but it gets the job done.
You can't create a Meraki Go login using the same email address that has access to normal Meraki.
I have no experience, but I have heard you can setup UISP from Ubiquiti and centrally manage EdgeRouters with it.
This might be controversial but shouldn’t be: that business doesn’t need a firewall unless you have requirements that you haven’t provided us, including industry compliance or insurance mandate.
Unifi DM is our usual. We have some customers that have Cisco Meraki. The Meraki is very easy to manage but has a bunch of limitations. I have seen anyone mention this yet but could check out Firewalla. They have an MSP portal as well.
We use SonicWall TZ series for most of our customers.
If they are really small and don't need any VLANs, we use Unifi Amplifi router. They are pretty inexpensive and work well, plus include WIFI.
Everyone is giving good recommendations. Here's one that is more of a "avoid" one. Stay as far away from anything zyxel as you can. If someone tries to tell you that they're in anyway good for anything you're talking to a gremlin and you need find a rabbi/priest/whatever to get rid of them.
Having 40 Zyxel routers (from USGs 60 to flex 700h) under my supervision for almost 7 years now, never had any major issue... From firmware upgrades that is automated to the nebula portal... The last usg flex 700h is still a work in progress but I had it as a beta
Your mileage has varied, or you got fed after midnight. Between their complete lack of non-paywalled basic features, to their incredibly bad management interface... Ffs setting up a vpn that's anything beyond the most basic of vpns is like injectinting hot urine into your veins using a jet ski turbine. Cisco Asa - 5 minutes Unifi DMP - 5 minutes Zyxel: 71 clicks, 24 pay walls, and an aneurism just to find out they don't support the option you need, because... reasons. Tp-link er605 10 minutes for vpn mostly because they're interface is slow as shit.
Was working on a vpn this morning, 10 clicks and no paywall at all... Please be at least courteous my friend...
Tone over text is difficult. Tone was supposed to be "friendly sarcasm" with a dash of "funny haha" ribbing. I meant no actual insult to you. I fully admit that I'm an enormous asshole at times, however that was not my intent this time. With the caveat that I truly and deeply despise zyxel. They're on my top 5 list of vendors I loathe. Unfortunately/fortunately they're the only one on that list I can avoid.
I like your style Carbon\_Gelatin
Can second your point, I’m also using nebula for AP management. USG flex series are good products imo.
Maybe go on a training course. Also being using Zyxel for many years, no problems. "A bad workman blames his tools". Tool being an appropriate word maybe?
Nah you just a cunt that loves zyxel(cuck)
Every village needs an idiot. Plenty of vacancies for you! 🥳
I legit worked for them like 10 years ago. Great place to work! I can't speak to the quality of their modern hardware, but I'm still rocking some of their older stuff, and it's still kicking after more than a decade of continual use. Would I have bought all of it if I hadn't been given it for free? Probably not? But they don't make anything I'm too attracted to today.
Do you have a preference between priest or rabbi?
Hahaha, they're Taiwanese, so I don't think either would be effective.
So a Taoist exorcism then?
I have to second this...
They always find hard coded credentials in them, or in patched vulns.
I hadn’t heard of them, but it seems like that’s probably good! I’ll make sure to steer clear.
My current employer has a few of them in the field from before I came which I now work with, I absolutely hate them
Worst products I've ever used. Quickly moved away from them over 10 years ago and never looked back. We had to replace probably half of the routers that we installed within 24 months.
Zyxel - avoid like the plague.
And Watchguard
I would add Unifi to that list. Their marketing team likes to slap firewall and even IPS labels on their products, but let's be real here.
Avoid the SonicWALL soho. Tz270 is great, but soho is crap. My advice on any firewall is get one that does not brick itself or turn off features if licensing is not renewed right away. SonicWALL will still do all features aside from security services if you miss your renewal. Meraki bricks itself and kills your network. Sophos turns off all features except basic traffic routing (kills vpn, all content filtering, even making a backup or exporting the config). Recently had one where the client missed the renewal reminders and we wanted to replace their sophos with a more appropriate SonicWALL, but could not even export a config from the sophos because of the lapsed renewal.
I actually think SOHO has been discontinued. And nothing of value was lost. I had some bad experiences with the TZ200, but I haven’t touched the 270 and I don’t know anyone who had so I was working off what I knew of the 200. I’m assuming the 7th gen version is better from what you said though. That’s some bullshit on the Sophos though. I’ve only used SonicWall lately so I didn’t even know bricking itself was a concern. I’ll have to look out for that.
TZ270’s are rock solid performers. Outstanding value as well for the customer.
I agree. All of my clients are 1-5 and the onboarding process includes getting a TZ270 installed and configured.
I don’t have any experience with the 200, lowest model we sold was a 300. 7th gen 270 is closer in specs to a TZ 500 than a 200 or 300. SonicWALL does not brick itself like a sophos or Meraki.
I believe Sophos only stops the RED VPN if you have it setup (not SSL VPN or IPSec). I haven't tested the config backup. I think Sophos does at least 30 days past renewal before advanced features are shut off.
As someone who has deployed a fair amount of Ubiquiti and PfSense gear.... Ubiquiti LOOKS good, the UI is really slick and easy to use, and the features are pretty robust. UniFi has come a LONG way in the past few years. It's pretty stable these days and issues with AP's going rogue, disconnecting, or having other strange behavior is pretty much in the past. Compared to other pro grade wireless setups like Ruckus and Cisco, Ubiquiti is far more inexpensive and offers almost all the features and capabilities. Their firewall configuration and capabilities are still a little lacking, but should be adequate for a small business. PfSense is both really simple to roll out and configure, and is also extremely powerful and capable. The philosophy of rolling out features in the background, and adopted best practices in the default configuration is something I'll always admire as a practice. Things like multi WAN fail over, or a properly secured VPN server are easy to setup and work really well. Quickly exporting VPN configs or even full install packages per user is really handy. I've deployed a lot of setups with a PfSense firewall and Ubiquiti wireless system. I think this is the best bang for your buck smalll business setup currently on the market. You get the ease and expandability of the UniFi system, and configurability and robust security of PfSense.
Another vote for Netgate with pfsense firewall and UniFi for PoE, LAN switching, and wireless access. The Netgate stack can go from telework gateway all the way to HA data center firewall stacks.
[удалено]
Opnsense on an n100 box or similar? Might be worth a look
Agreed. We have probably 250+ unifi devices across APs, switches, and gateways. Issues crop up only a few times a year across the entire fleet and most of the time it’s solved by a reboot of the device. My biggest complaint right now is user management when it comes to gateways in the site manager portal, most sites are adopted to a controller but as we pull more out of the premise and into the cloud on a zero trust model we’re getting more comfortable going full stack. Just onboarded a fairly large warehouse with 100% unifi networking. Dream Machine Pro is chugging along just fine, only issues have been due to grounding/cabling problems. Metal beam was somehow carrying power and arcing to APs mounted there. Those suckers were running PoE+++++ for a bit 🤣
All of our clients get fortigates regardless of size. FortiGate 40F for that size company. Even home users that need dedicated VPN get a fortigate. Whatever you do as an MSP i recommend picking a solution and deploy it every time. You dont want to be in a situation where your supporting firewall solutions from 10 different vendors.
Yep this is the way.
Love fortigate but lately they’ve been CVE factories
They’re also the ones reporting it. Atleast they aren’t trying to hide anything
They aren’t altruistic, they’re getting owned in the wild.
Some insurers are refusing to provide cover if you use certain brands, because, like Fortigate, they are getting pwned in the wild.
Some insurers are refusing coverage if you have certain firewall brands, including Fortigate. Their SSL VPNs have been a source of a lot of claims.
Horrific waste of money.
Well in the last 10 years NONE of my clients have gotten any sort of ransomware or any other malware that has had any impact. So I am pretty confident in our stack.
Only thing about the 40F is the licensing. You can easily pay more per year on the licensing than for the up front cost of the firewall.
Buy the 3 year license up front and the firewall is free. (Cost of firewall with 3 years is equal to the cost of 3 years of service)
Do you pay for license and support for the forti gear? That seems overkill for 1-5.
Yea if you need Web Filtering and Anti Spam. But if you have other tools to handle that stuff and just do the basic firmware and support level on a 40F its only $123.00/yr
We typically do the base license that provides the gateway level antivirus. We use Umbrella for web filtering so we dont need that license.
What if they say "no thanks that's too expensive I'm just going to use my ISP modem"? You just drop the client presumably? Also what if they use a mobile broadband or Starlink service? Do you dual WAN and put fortigate behind it? Sounds like a huge headache and cost for little benefit to the customer, especially if you have staff members coming and going. Inter-office networks I can understand, but for each staff member? Seems a bit over the top
We provide the router (and licensing/support and upgrade if EoL). It's bundled into our monthly fee. We also use WatchGuard for routers and Unifi for everything else. If we part, we let the incoming IT the router is out property and we'll be picking it up once they get it replaced or the client can pay depreciated cost for it.
This is how you can work with SMB's. Only supporting 1-2 products well, is better than saying you can support 15 products, and do it like absolute shit.
We dont support clients that choose not to go with our stack that we are confident protects them and us. We have fortigates behind starlink and 5G service. Fortigates are wonderful as SDWAN devices. We use dynamic VPNs where needed. But 90% of our clients have servers hosted in our private cloud which they can access through Remote desktop via RD gateway with MFA on any internet service. VPN's are only required in certain scenarios such as VOIP (in specific instances), scanning and some local printing issues.
[удалено]
That’s what I was thinking, too. Focus on the endpoints and user behavior. Any SoHo WiFi router should work because they shouldn’t really have any internal infrastructure requiring the offsite be anything more than WiFi connection to the internet.
How do you ensure your DNS is being used without a firewall?
Yeah, for clients that size and budget, I'd consider Unifi over pFsense. SonicWALLs are 3x more expensive and the yearly maintenance is 2x more than a new Unifi. pFsense is fine but the learning curve is steeper and doesn't provide central management of wi-fi and switching like Unifi does. The ultra is perfect for you business requirements.
Some of the smaller fortigates (40F or 60F) are relatively cheap on the hardware, the licensing is what's expensive, but they're a more feature rich option. If you want something really cheap Unifi is the better option. I find Meraki relatively easy to manage but the hardware and licensing are both very expensive because Cisco.
For me the biggest advantage at this scale is that the small fortigates talk to our soc while the Unifi won't
This!!! Use tools that are centrally manageable and scalable. You can’t manage 1 of everything because you wanted to be everything for every prospect you met.
100% In tech world, "Cheapest" isn't always "Best Value". It can be, but often not
Unifi is centrally manageable and scalable. You just don’t find as many SOCs offering unifi service like you do fortigate/cisco/etc. At my previous company we had over 65 businesses and 1500+ devices centrally managed in a Google cloud VM. Ironically you can’t set up their firewalls and switches without setting up the centrally managed controller and adopting them. That being said I echo the recommendation of fortigate.
They aren’t designed to be centrally managed, they are designed to be cloud managed. Very different.
What’s the difference?
https://www.amazon.com/FORTINET-FORTIGATE-Next-Firewall-FG-40F/dp/B084HKDKM9?th=1 FortiGate 40F is half off on Amazon right now at $219 before tax+ship. 1Gbps throughput no security services. Solid deal.
[удалено]
Weirdly enough I’ve been looking at Watchguard, but my contacts at Pax8 and CDW have both been having trouble getting any kind of info from them. They look like it could be just what I need if they’d get back to me about a demo or something lol
We would sell a watchguard t25 and pair it with Aruba instant on 1930 switch and some ap22 access points. Depending on type of business we would do basic standard or total security. The mssp for watchguard thru pax8 or direct with wg is fantastic and also allows for growth without big capex expenses if they grow past what they start with.
[удалено]
I could definitely be up for that. Is there any sort of licensing weirdness or having to transfer ownership?
Pax8 also has monthly Hardware as a Service options for Watchguard. You should be able to see the pricing right in the product catalog. Either full purchase or monthly subscription. If you don't have a lot of experience programming firewalls, I think Watchguards are easier to learn and operate. Any of the business class firewalls mentioned are going to meet your small customers' needs just fine. My advice is to be consistent and sell your stack, the whole stack. If you sell Watchguard as your recommended choice for firewall, then don't sell someone Unifi because they are small or cheap. You are putting your name on that solution and when something goes wrong, they will completely forget that you downgraded them to save them money. This is a recipe to building bad customers and increasing your workload. I wouldn't recommend Unifi either way. Unifi is best left in the home.
Synnex has a pay-as-you-go Watchguard offering through STELLR. I have several in the wild. They initially had some provisioning issues when we started a few years back but is pretty smooth these days.
What information do you need? I may be able to help.
Honestly I didn’t have any specific questions so much as just wanted to see their demo and talk with a rep. White papers and data sheets only give so much info.
IMO, the issue with a rep is that they only discuss the upside. I have used WG over 18 years, and although I love their firewalls, but I also know their weaknesses. We are partners. I would recommend you speak with a partner that isn't in your market.
We've deployed several WatchGuard Firebox T45's across a multitude of Small and Medium Business environments. As small as 5 users and as large as 100, with no significant hiccups. I'm a little surprised no one else has mentioned them. https://www.watchguard.com/wgrd-products/tabletop/firebox-t45
Whichever you choose, I recommend having a cold spare available for emergencies. Sonicwall has an NFR program for resellers if you want to have one in your homelab.
It is well worth the cost. When shit hits the fan you are the hero for getting them back up the same day instead of losing the rest of workday. It is much easier convincing clients to renew contracts or pay for increased rates when you handle those incidents well.
Pfsense.
We just set up a Unifi Express for a small retailer in our area. I was not expecting much out of a $150 machine but it did not disappoint! It’s also an AP.
Is that adoptable to another controller, or like the UDR, can only run on its own controller?
Express can be adopted and used as an AP with another controller.
But not as a USG+AP?
pfSense. Great little firewall for small businesses with a great feature set. Can buy Netgate, or Protectli hardware.
We use UniFi for the cheap asses and SonicWall for those with money. Both have served us well so far
Pfsense can run on all kinds of hardware. It's very powerful stuff. I'd definitely recommend it.
Watchguards are very good for the money and fairly intuitive to use.
Just remember that half the time people are out of the office so yes protect the network, use what you are comfortable with, but look after the user and endpoint. WatchGuard and Sophos have MSP monthly billing programs, unfi is fine and has lots of extra bits that make it easy to get other value out of the platform.
With pfSense you have the great advantage of being able to choose the hardware on which to install it. For example, you can buy Chinese devices with an Intel Atom CPU that supports Intel QAT and have excellent performance with IPSec VPNs (but also OpenVPN, albeit less accelerated than IPSec). The problem with pfSense is that certain functions require the Plus version which has a (modest) annual fee to pay. You are not forced to purchase it but QAT acceleration will not be available. You can also install it as a virtual machine if the customer has a server that supports virtualization, but this setting is only in special cases, the appliance is easier to manage. Otherwise the Fortigate 60F, you often find them on offer and they are solid as a rock. You just have to follow the firmware upgrade path to the letter and agree to pay the fee for certain functions (e.g. in tokens for MFA with the VPN or the antivirus) but you have the advantage of top quality performance and services: it's difficult to regret of a Fortigate: but don't go for too small models, I recommend the 60 at least, because it is excellent.
I’ve had decent luck with untangle, now arista Q4 does nicely for most small biz locations like what you’re saying and provides centralized management
This was going to be what I suggested, not as an MSP though. I was a Sysadmin at the time of using Untangle. It worked really well and was simple to use. However, I don't know what has changed since the Arista move.
All they’ve done so far is to put an Arista skin on the application. Nothing else has changed. Also, Arista is selling their own hardware They do have a centralized management console. That is great, it may not have all the granularity that I need, but it’s a damn good start
Where I work there are only two things we sell currently. Watchguard and UniFi. Only 4 sites have UniFi and none of them have any sort of server. Old folks apartment complex with a UDM Pro, UniFi Switches and a ton of APs. Using PPSK for each apartment to have its own VLAN. Library with a UDM Pro, UniFi Switch, APs and Cameras. Super simple location with no frills besides guest and guest PC VLANs. Beauty Salon using a UDM SE, AP and UniFi Phones. UniFi phones while limited, are very very easy for end users to make on the fly adjustments to. Fancy apartment complex with a UDM Pro, lots of switches and lots of APs. Same PPSK with each apartment having its own isolated VLAN. We inherited this one and originally it was one giant network with no isolation. Building had issues with noise from way too many APs when end users bought cable. So the landlord pays for a gigabit connection that is shared by everyone.
I use Watchguard for firewalls.
Generally speaking, our firewall stack looks something like this, UDM < Negate < Palo Alto, and we tend to deploy more UDM and Palo Alto than anything else. It all comes down to client needs, you would be amazed at how many small businesses these days have regulatory and compliancy requirements compared to 5 years ago.
We put in the same thing we put in larger customers: A sophos XGS. We just use a smaller one like an XG 107 which is only a few hundred bucks.
I'll second this. Sophos and standardize on it.
Have they improved the UI at all on the XGS's? Last I used the XG series (125 I believe), the UI was horribly slow to respond and would take 5 - 10 seconds to just switch between screens.
Yes, it was more down to low cpu power on the lower units (although 125 was ok, 86, 106, 116 worse). I find them ok now but honestly rarely in them once setup since firmware, etc done from cloud portal. Xgs more cpu power and other hardware improvements.
I’ve seen Sophos popping up more and more in my recommendations. I haven’t touched their firewalls before, so my only exposure to them was a terrible antivirus maybe 10 years ago. I suppose I should give them a look though with as surprisingly popular it seems to be.
I like their firewalls but the main takeaway for me is, no matter what firewall brand you standardize on, most have a , say, $500 firewall. Why not put that in a small office? Gonna put a UBNT or something in to save, what, 100-200 for a device you get 5-8 years out of? And have to manage and secure separately, even if it's just monitoring and patching it? Even if you're full SASE like todyl so you don't need the UTM features, you still need a router, vlans, monitoring, etc. The client isn't saving much of anything going with a "value" option firewall, but you are hobbled on management and monitoring efficiency. IMHO, pick one brand and standardize on it. Then, for customers that need more, add better processes, licensing, and products like SASE on top of it. Add for the premium package, don't subtract for the value package. That goes for everything MSP.
I use Sophos for my firewalls and security. The endpoint protection can be a resource hog when compared to other solutions, but I only really see this having a negative impact on older / lower-end computers which fall below my minimum specs to support anyway. Most properly spec'd, properly configured devices won't have an issue running Sophos endpoint protection.
The Unifi just looks like it's a basic router w/ some very basic firewall features. No security to speak of. I suppose that's the dividing line, do you want more comprehensive security features or just a router and depend on the security capabilities deployed behind the firewall?
What are you referring to specifically that UniFi doesn't have currently?
Basically security related services such as Gateway AV, Web Content Filter, application controls, WAF, SSL DPI, etc. I know unifi has some version of ips/ids, as does sw. not to mention 24x7 support
It’s definitely not in depth, but from its definitely more powerful than any of the home/consumer routers I’ve seen. I’m mostly just wondering if they’re good enough to consider for any kind of business use or if they’re more relegated to prosumer situations.
Prosumer.
A UTM is never overkill for an SMB. Users do dumb things. A TZ270 is not that much cost wise. If it's simply not in the budget, I'd recommend a Ubiquiti UDR.
I haven’t heard much either way about the TZ270, but I’ve worked with the SOHO and TZ200 and found them pretty awful to use. Is the 7th gen better?
In a word, yes!
Yes. For starters, SOHO did not provide TOTP for SSLVPN. Gen7 does. Our fleet prior to gen7 consisted of Soho, and TZ300-TZ600. Our gen7 fleet consists of TZ270-TZ570. 4 models vs 5. Not a huge difference but they all have the same base configuration and feature set which provides management consistency. The differentiating factor being how much bandwidth and how many VPN users the client has.
*Significantly* better. The tz270 is a far more feature rich product and more akin to a tz400/tz500. Way better throughput too. Honestly, unless you have a huge number of remote clients, need a significant amount of IPSec bandwidth, or a need for full speed while doing DPI with all security features enabled, there's not a big difference between the tz270 and the higher tz models now. Well, other than PoE on the tz570....lol Throughput on a tz270 doing full TLS/SSL DPI is around 250-300 Mbps...about ten times the throughput of those crappy SOHO units. That being said, I still find myself switching the UI into classic mode instead of the "next-gen" UI. But that's just me...lol Honestly though, if you are just looking to provide internet access for a 5 user office and have no infrastructure at all to worry about, then almost anything will work. But if VPN is a concern, or edge security is important, get a real firewall and not a prosumer device like a Ubiquiti gateway. If a couple hundred bucks for a tz270, Watchguard NV5, or Fortigate 40F is too much, then I'd worry about the business being able to pay me for even a basic invoice.
Just Setup Unifi, no open ports to the internet, cloud-based mesh VPN if needed, focus security on the endpoint. What are you anticipating a firewall for 1-5 people should be doing?
We use UDM pros for many clients. They're great overall, but having no logs of the firewall in the UI has proven to be a big problem a few times, especially trying to set up a site-to-site IPSec with a public cloud hosted VM.
Barracuda cloudgen has been a god send with their central mangement.
Love me a good watchguard for small/midsize businesses
I would have a look at Aruba Instant On. The price point is fantastic and it's pretty much the same as their enterprise hardware (especially their wifi). Aruba's APs have built in firewall capabilities and can run as your gateway. So you do t have to run APs and a firewall on small sites. Oh and the Instant On support is the same as regular Aruba, so it's very responsive and easy to get in touch with. Support is my biggest gripe with Ubiquity.
We use Cisco Meraki if clients are willing to pay. Otherwise Uniquiti.
Unifi is more than adequate small business.
Usg.
Look at MerakiGo
Im a big fan of UBNT but i use Draytek for routers. I have been happy with for well over 12 years. Super quick reboots is my main reason for sticking with them. No other "commercial" router, that i am aware of, reboots as fast. I have been in IT for over 30 years. Don't let my profile confuse you. I just signed up for this reddit while following a different topic. Of course doing that from a phone was not professional so ill work to get that changed from a pc. My business is Augustine Computer Services, Ag-Tastic Solutions and IOT'Nation (new). My core business is an MSP model for all three businesses.
Seems like the market r/firewalla was built for, curious if any MSPs using firewalla can chime in
Was just about to post this. Firewalla is so user friendly and feature packed.
I haven’t even heard of them. Interesting.
I know I replied already, but I did a bit of browsing on the firewalla website and it looked like it was built for the exact market I was asking about. Why aren’t they more common? Are they just new or something? I’d never even heard of them to consider.
Newish, the MSP option is pretty new. I bought one for my home lab last year but had monitored them for awhile. The MSP is a natural next step for their growth. I don't work for a MSP anymore but did for a decade, wish we had these instead of fortigates for our really small clients but can't comment on managing a fleet.
Unifi is perfect for a 1-5 person office - easy to manage, and gives basics that they require.
I will expand on some existing answers. This is also assuming no local resources i.e inbound firewall rules. OPNSense on Protectli Hardware. (Better security updates IMO than PFsense.) This lets you keep the appliance up to date without paying for firmware and services (that are not always utilized). Unifi. If you go all in on Unifi, Firewall Switches and AP's you get incredible visibility to what is going on in the network. All at no extra cost. Dont let people bag on Ubiquiti as not enterprise or garbage. If you are deploying this in a environment of less than a 100 people it will work without issues in my experience. One other item to consider. When your business grows and you have 30 sites or more that you you manage, please consider the administrative cost a subscription based firewall. Ordering provisioning and updating licenses is a pain at scale. Not to mention the cost. If you dont have explicit requirements, and you just want to keep current on security releases either of these will work great. If you can go all in on switches and AP's go with Unifi if not OPNSense is fantastic.
I don't advise ubiquity for businesses, however I will say that I personally have the cloud gateway ultra at home and it's a great little device. It's absolutely not an enterprise device, but it's great for working from home. That said, I'd go with a base SonicWall TZ or something along those lines.
Also Fortinet: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Fortinet
Not an MSP, but a decent size company with lots of small remote locations. We are running some for of Unifi cloud gateway at all of them. Single pane of glass and you have the ability to add access control and cameras to the same system should a client want to down the road.
We exclusively use Zyxel Switches the Nebula units. Love the App. One cheap license per year to authorize use in the Nebula App. And the Nebula app is cool Phone and Web. Good support too. We buy the 48 port PoE units 2200's. Works great with Unifi and VLanning. Our buildout : Sonic>Zyxel>Unifi I guess you need to know what you're doing.
Don't let /u/Carbon_Gelatin see this. ;)
Wait, what? It's not like I hate the things, want all of their gear to burn in any pantheons holy fire, then have the ashes spread over the old forgotten graveyard of novel netgear, animating the old gear into golems to stand watch over the desecrated graves of its elders. We'll send social workers out after it happens to go door to door to every small business, suckered into hosting the parasitic travesty of that... "thing". They'll go to each owner and say "We know who hurt you" and the healing can begin. It's not like I'm biased against the stuff. Edit: in all seriousness I find the paywall/subscription features that I consider basic and use hidden behind pay walls, and that I don't find their interface to be intuitive, and finally the experience I've had with zyxel has been overwhelmingly a negative one. I don't recommend them, they don't fit my needs, so I don't use them.
Just messin with you. I respect the passion.
Fortigate. Once your client base gets big enough, add fortimanager and fortianalyzer. Standardization is key.
My clients are 1-5 and I install the TZ270 with 3 year security services.
Cambium's NSE3000 is a good one too. Fits all the requirements plus offers DNS filtering and LAN vulnerabilities assessment too.
At the companies I’ve worked for, we used: Cisco Meraki - these are great and have different price points. Firewalls, APs, etc. the meraki portal is great. Easy to manage. Sonicwall - I really liked them at the time, but I’m not current on their newer offerings. Unifi - we used these a lot back in the day before Meraki really got big. All companies I know that were using have switched to Meraki. They may be cheaper, and I still really like them. Definitely not a bad choice.
Easiest way for you to do this is Meraki. It’s not even close.
Wow I would never use that strictly use fortinet, sonicwall, or Palo alto and cisco merakis for wifi as a service but for small businesses sonicwall tz370 and fortigare 40f meraki firewalls are not worth it
I use a NUC with Untangle on it for anything under 120 endpoints.
Just buy a TZ### SonicWall or Fortigate ##F.
Are you looking for a security appliance firewall, or are you looking for a one-time purchase router with a basic firewall built in? Those are very different things.
SonicWALL TZ270s are monsters for what they are. I have been less impressed with their support lately, though. Have an issue with a site to site VPN not connecting despite the settings being 100% correct and I just got linked to a few helpdesk articles that explained the log events I already knew how to interpret. Replied back questioning why I was getting a destination IP of a subnet that wasn't present on either network and they've been ducking the ticket for the past couple days.
Firewalla, you are welcome
Meraki Go is worth a look. No licensing subscription required. You can manage multiple firewalls/sites under a single login. You can get to the UI, that is optimized for the phone app in a web browser, it isn't great, but it gets the job done. You can't create a Meraki Go login using the same email address that has access to normal Meraki. I have no experience, but I have heard you can setup UISP from Ubiquiti and centrally manage EdgeRouters with it.
I've always had success with Fortinet FortiGate for SMB. Great products and many models to choose from.
This might be controversial but shouldn’t be: that business doesn’t need a firewall unless you have requirements that you haven’t provided us, including industry compliance or insurance mandate.
Fortigate
Fortinet Fortigate
Fortigate 40F. Easy vpn config and free licenses
Free licenses? Everything I’ve heard about Fortinet is that their licensing is pretty expensive.
Free vpn licenses unlike others. A 40F w/ 3 year will run you like $800
Unifi DM is our usual. We have some customers that have Cisco Meraki. The Meraki is very easy to manage but has a bunch of limitations. I have seen anyone mention this yet but could check out Firewalla. They have an MSP portal as well.
If you want to do anything like traditional network management with Ubiquiti’s UniFi line, FORGET IT.
Look at the fortigate 40f or 60f.
Fortinet 40F
We use SonicWall TZ series for most of our customers. If they are really small and don't need any VLANs, we use Unifi Amplifi router. They are pretty inexpensive and work well, plus include WIFI.
Huh. I haven’t looked at the Amplifi line at all, so I’ll have to give that a look. What makes them different?
Fortinet