We are in the process of upgrading our firewalls we have 14 locations we use aloha our reseller has recommended NCRs security suite. I don't really care for it because of the fact that they have full control of the firewall. I am leaning towards Cisco Meraki line they are a bit pricy but their management functions are great. What are you guys using and or recommend.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Firewalls
- Thread starter atruhan
- Start date
Throwing a SonicWall in isn't going to magically make it PCI compliant. You could get the best firewall in the world, and if you don't configure it properly and follow the stated guidelines, it won't be PCI. Just FYI. SonicWall is definitely a good firewall for medium sized businesses, given they are easy enough to configure and offer a decent feature set.
- Thread starter
- #5
Bump for aerohive. I'm not super familiar with their firewalls but their AP ecm and support is killer.
Their support and dealer community is pretty awesome.
There's a pretty big price difference between those 3, what key features are you looking for?
Their support and dealer community is pretty awesome.
There's a pretty big price difference between those 3, what key features are you looking for?
MenulinkMan
Technical User
I've used NCR's solution (watchguard) as well as Trustwave (Fortinet) before, and compared to every other 3rd party managed, it was equal all around. If you are going to tackle the PCI Compliance thing yourself, I would shoot for Aerohive 1st, then Meraki 2nd. It seemed that I could do more with the Aerohive, but the Meraki was a bit more user friendly.
they have full control of the firewall"
How does that work when there are typically several internet seeking services at a restaurant such as,music,surveillance cameras,alarms,games,office computer,WiFi etc. If NCR controls the firewall who coordinates all the phone calls when a new and/or existing vendor/service (Non-POS) needs to get to the internet or trouble shoot a internet connectivity issue? Does NCR coordinate all that for free?
How does that work when there are typically several internet seeking services at a restaurant such as,music,surveillance cameras,alarms,games,office computer,WiFi etc. If NCR controls the firewall who coordinates all the phone calls when a new and/or existing vendor/service (Non-POS) needs to get to the internet or trouble shoot a internet connectivity issue? Does NCR coordinate all that for free?
MenulinkMan
Technical User
You do. There were 2 of us at my previous company that were authorized to edit the whitelist of the firewall. We would call the NCR support line for the NSS group, and ask to have the change made. Since it is part of the service you pay for, they will make the changes for free as the 'manage' the firewall for you.
The firewall will have, lets say, 5 ports. Port 1 is WAN/Internet, Port 2 is BOH, Port 3 is Manager Workstation, Port 4 is Guest Wifi, Port 5 could be hooked to a switch for everything else. Each port can be managed separately. Normally, they have certain things open for the file server by default - such as NCR services, HotSchedules, ftp/sftp for Amex and other widely used services (port 2 in my example). Everything else is blocked. Your cameras, guest wifi, office computer, etc are all on other subnets that have separate policys. Your wifi may have an agreement and redirect. Office computer might be wide open. Cameras might be restricted to only the camera ports.
My setup was close to this. Your mileage my vary.
The firewall will have, lets say, 5 ports. Port 1 is WAN/Internet, Port 2 is BOH, Port 3 is Manager Workstation, Port 4 is Guest Wifi, Port 5 could be hooked to a switch for everything else. Each port can be managed separately. Normally, they have certain things open for the file server by default - such as NCR services, HotSchedules, ftp/sftp for Amex and other widely used services (port 2 in my example). Everything else is blocked. Your cameras, guest wifi, office computer, etc are all on other subnets that have separate policys. Your wifi may have an agreement and redirect. Office computer might be wide open. Cameras might be restricted to only the camera ports.
My setup was close to this. Your mileage my vary.
- Status