As you may already know, McAfee decided to kill the popular Snapgear line. This was done as of 11 July 2010. Now Intel has purchased McAfee.
As unfortunate as all this is, there are a couple of good alternatives which L4 Networks have tested and deployed that inter-operate nicely with the Snapgear appliances.
Firstly, a little background. The Snapgear units were excellent hardened Linux based firewalls. Despite McAfee’s attempt to rebrand these as UTM (unified threat management) appliances, they never were designed for that and could not handle the load when all such services were turned on. Only a small percentage of our customers actually used the Snapgears as UTM boxes anyway.
These days, UTM appliances are standard and have been designed from the ground up to support these services (typically anti-virus, anti-spam, Intrusion prevention/detection, content/url filtering). These services are on a subscription basis and on many of the units can be purchased separately so you only need pay for what you need.
There are two manufacturers that L4 Networks like when it comes to alternatives to Snapgear. These are Cyberoam and Fortinet.
Cyberoam
Cyberoam has published several pdfs stating comparisons. These were done based upon notoriously optimistic ‘paper’ performance specifications and not on field experience. At L4 Networks, we have field tested these units and think the lineup is as presented below. These figures are based on experience with average loads using UTM features.
Cyberoam provides phone support at both 8x5 and 24x7 support levels. It does offer limited configuration support and relies on its partners to provide this. L4 Networks does provide these services
Also note that Cyberoams do not have an ethernet switch built in. We do not consider that a problem because the switch performance of the Snapgears were terrible and we always recommended that our customers use an external switch to avoid loading the router/firewall with LAN traffic.
PPTP: Cyberoam will support PPTP ChapV2 at the end of August 2010. We have tested the PPTP CHAP V2 on an alpha release and it works great. This is good news as now MAC users have a secure remote access facility. Also for MAC users, Cyberoam will release a MAC VPN client in the 1st qtr 2011 per the current roadmap.
Cyberoam Links: Background Reading Cyberoam SME Bundles Cyberoam SME Non Bundled
Fortinet
We have been selling Fortinet nearly as long as we have been selling Snapgears. We like them especially for our enterprise customers and sell more of the larger units than units that match up with the Snapgears. One of reasons is that there is a higher level of complexity in these units and the other is that Fortinet has done a poor job of controlling the channel so every box pusher out there offers these units without having a clue about what it does and how to configure one.
Fortinet will soon offer phone support for the 8x5 support as it currently does ont he 24x7. It does not, however, offer configuration support unless it is purchased separately. Fortinet relies on their partners to provide this and L4 Networks does provide these services.
Fortinet Links: Fortinet SME Bundles Fortinet SME Non Bundled
Watchguard
Some vendors are promoting WatchGuard as an alternative. There are some significant disadvantages to using WatchGuard as compared to the features that both Fortinet and Cyberoam offer. These include: additional licenses for the IPSec VPN clients and active/passive high, poor standardization of feature sets across the product line. They do not offer endpoint security (including NAC), and lack critical certifications like ICSA, NSS UTM, VB100, FIPS-140, or Common Criteria
Conclusion
Both Cyberoam and Fortinet are excellent replacements for the Snapgear units. When it comes to selection, it is best to first consider how the units will be deployed, the number of concurrent users, the number of ipsec tunnels, and other factors. Call us at +1 703-849-9664 x101 and we will be happy to assist you in selecting a unit.
Also worth mention is our general proviso to be careful where you shop. Neither Cyberoam nor Fortinet run their own online stores. Yet you will stores that look like they are the brand's company owned store. Not true. Buy from an authorized partner. Let us help in the configuration and management.