In my last couple of posts I described the fun I was having with trying to set up a coupe of open source firewalls to work in a fashion similar to what I normally do for my “paying” customers. The results were less than stellar, I’m afraid, and I ended up pulling the firewalls. But, as luck would have it, a couple of used Sonicwall firewalls fell into my lap and I ended up installing and configuring the firewalls in my normal configuration; there is a site-to-site VPN in place along with all of the normal security filtering (a/v, anti-spyware, IPS) in place. Networking works MUCH better between the two sites and we have filtering in place at the gateways which ticks one of the big boxes on my list of things Swan Lake really needed to put into place.
This does not violate my earlier statements about putting things together for them on “no or little budget” as the price was right on the Sonicwalls. Swan Lake was able to find money in the budget to purchase the security services coverage on both firewalls (it was actually quite reasonable). So I consider this a viable solution for other non-profits as there is a reasonable supply of used UTM firewalls out there (Sonicwall, Watchguard, etc.). If you have limited budget a used commercial firewall, with the support that “commercial” implies, may be a very good choice. There is a cost in time, perhaps in system disruption and, ultimately financial if you are trying to make something work that is not well documented or well supported. At some point you have to stop and assess if you are moving forward or backward and I was moving backwards having to put the old Linksys firewalls back into service. This was a good, reasonably priced solution to the problem.