I want to view and control all of the networks at each location under one console. I would like to use the same model router/firewall at each location and I’ve been thinking Fortigate but I’m not married to any idea.
Currently we have individual Linksys routers at each “satellite” location and need to remote into a computer on that network to manage each router. This is not a good way of doing things obviously. We currently have 6 locations and around 80 users but will expand over the next five years.
Any simple straightforward suggestions? I’d really appreciate someone breaking this concept in for me because it’s a huge blindspot. If you need any other info just ask. Thanks!
May not be the go to in this sub but we use Ubiquiti Unifi Dream Machine Pro’s in all 5 of our locations (different countries) and can visualize all of them from one main console.
Fortigate will do the job as well as Sophos. Sophos maybe better fit since you will get cloud included with support. if you have dynamic IP, get one of dyn dns providers to set you up with hostnames.
Meraki, Sophos and Fortinet would all work. But they can be pricy. If you’ve got strict security requirements or need to handle WAN-to-LAN traffic, I’d look at them.
If your users are pretty much all running cloud-based software, and you don’t have any on-prem servers with a lot of people VPNing into it, then I’d recommend looking at Unifi - deploy a bunch of Dream Machine Pros, register them with a Unifi account (free), and enjoy a single web console that lets you see/manage them all easily, and with minimal work you can build VPN tunnels between the sites, or setup OpenVPN or Wireguard to VPN in yourself to manage internal devices.
Much much cheaper than the enterprise solutions above, and perfect for SMBs who need decent security and management.
I’m pretty sure all of the major players do this these days.
Sophos has Sophos Central which will allow you to log into each firewall from a single panel. I’ve seen it be clunky at times, so it’s definitely not perfect, but it works most of the time. Nice thing is you can have Global Objects that can sync down to your different devices.
Sonicwall and Fortinet can also do all that same shit.
Meraki is probably the least clunky, but more expensive.
This is a textbook use case for Meraki. It’s not the cheapest option but as a current Meraki customer I’m happy with it and would definitely consider it again.
Meraki will do it but it can get expensive, I used Watchguard for something like that and even if you still need a subscription, it was more affordable at least at that time.
I used Arista’s Untangle NGFW to link over two dozen local retail store locations together to the main office using OpenVPN. I used the minimal free software version in the remote locations and more powerful subscription apps at the main office. Worked beautifully.
I’d recommend Meraki for this use case if you want the support, simplicity, and peace of mind. It is a bit more expensive than Ubiquiti, but all things considered, you are running a business, not a homelab. I’d recommend you get devices with real support and next day replacements in the event they fail.
Fortinet isn’t a bad option either but you will probably have to hire someone to configure all the devices and SD-WAN/VPN for you. Also, if there’s a CVE you’ll have to patch it relatively quickly or hire someone to do it for you. You can also look at Palo Alto, which are the best firewalls you can buy if you have the money, but they also require someone with advanced networking knowledge.
With Ubiquiti/Unifi you are on your own. The support is non-existent. Sure they are cheap but you get what you pay for.
I’d be curious to see, what all do you have to manage on the existing routers/firewalls at each site? Typically most FWs are set it and forget it (configuration wise) and only when a new network is brought online you would make a change. Are you making changes to the firewalls to support some kind of ERP software, vendor management access, etc?
I am going to make a suggestion that will not be popular, mainly because of how the US distributor has positioned the devices in the market, which is completely different to here in the UK.
Draytek.
I have 30 plus devices in my management console, which I host myself on a cheap VM, or it can be hosted for you.
I can configure almost everything on the device, and that includes routers, access points and switches. It just works. I do have to pay an annual fee for the management console.
Fortinet with FortiManager cloud. You can also go FortiSwitch and FortiAP and manage all from a single console. Or I’m also a big fan of Juniper Mist (Now HPE). Ubiquiti is prosumer grade stuff with poor support. But you’re coming from Linksys which has the same issue.
Meraki is a good one-stop-shop for a small team (single person) to manage. Integration with the Cisco AnyConnect VPN client is also simple. Provisioning enough bandwidth can be tricky if you’re also doing IDS/IPS and AMPS. The SD-WAN functionality is super simplified, and Meraki manages updates for you. From a security perspective, most of it is set it and forget it. However, you won’t have CLI access or or anything resembling deep packet inspection.