I'm a fan of the EdgeRouterLite3
I don't manage many small businesses networks anymore because we now do only 100% cloud and remote work but I started deploying them to all my old clients I still have on retainer. It is a wonderful solid set it, and forget it device and you can manage it with ssh (it is basically running a fork of Vyatta under the hood on Cavium hardware which is nice because it does lots of hardware offload like any other enterprise device.) I won't use pfsense anymore because it's project was taken over by a-holes, but that is just my personal experience. - Javier On Thu, May 5, 2016 at 1:53 PM, Ken Chase <m...@sizone.org> wrote: > Looking around at different SMB firewalls to standardize on so we can start > training up our level 2/3 techs instead of dealing with a mess of > different vendors > at cust premises. > > I've run into a few firewalls that were not sip or 323 friendly however, > wondering > what your experiences are. Need something cheap enough (certainly <$1k, > <$500-750 better) > that we are comfortable telling endpoints to toss current gear/buy > additional gear. > > Basic firewalling of course is covered, but also need port range forwarding > (not available until later ASA versions for eg was an issue), QoS > (port/flow > based as well as possibly actually talking some real QoS protocols) and VPN > capabilities (not sure if many do without #seats licensing schemes which > get > irritating to clients). > > We'd like a bit of diagnostic capability (say tcpdump or the like, via > shell > preferred) - I realize a PFsense unit would be great, but might not have > enough brand name recognition to make the master client happy plopping > down as > a CPE at end client sites. (I know, "there's only one brand, Cisco." > ASA5506x is a > bit $$ and licensing acrobatics get irritating for end customers.) > > /kc > -- > Ken Chase - Guelph Canada >