I'm currently working as an IT admin at a mid-sized school with over 250 PCs, and I'm in the market for a new internet gateway or firewall solution. Our current setup with FortiGate is becoming too costly due to high annual licensing fees, so I'm seeking recommendations. I'm particularly looking for a hardware or software solution that includes DNS filtering to block malicious domains, built-in antivirus, application control, VPN capabilities, etc. Would it be feasible to go the DIY route and use a microserver or custom hardware with software like OPNsense or pfSense, possibly with some plugins? Or are there better budget-friendly appliances suitable for educational environments? Any insights or personal experiences would be greatly appreciated!
5 Answers
Meraki firewalls have worked great for schools in my experience. They may not have as many features as FortiGate, but they're relatively easy to set up and manage. You might also want to look into Watchguard for a good mix of features and price.
Check out Smoothwall or Sophos. Both have excellent filtering capabilities and can work well in school settings. Sophos XGS2100 could fit your needs nicely and is often more reasonably priced than FortiGate while still providing solid features.
Sticking with FortiGate is generally advisable. It’s a solid but low-cost option compared to others, and while their licensing can be steep, the features and support are quite valuable for a school environment. If you're unhappy with renewal costs, consider negotiating a trade-up for a new device instead of renewing your old one. It might save you money in the long run!
Consider utilizing a DNS filtering service like Cloudflare or Umbrella alongside your existing setup. This can enhance security without completely overhauling your infrastructure. Just remember, the most important part of your decision should be how well the solution integrates with what you already have and your unique needs as a school.
If you're looking to save money, I’d strongly advise against going DIY. Relying on a custom-built firewall without support can lead to major issues, especially in a school with many users relying on network services. Keeping everything under a service contract helps ensure reliability. You wouldn't want to create a bunch of headaches for the next admin by opting for a cheap solution.
Absolutely, make the budget work to keep FortiGate. The features you're paying for really add up in comparison to switching to something unknown and potentially limited.