Portal Home > Knowledgebase > Articles Database > Why buy switches when one can get switch/firewall combo?


Why buy switches when one can get switch/firewall combo?




Posted by nokia3310, 07-02-2013, 01:29 AM
I am just wondering why people keep buying a switch and a firewall separately when one can get a security appliance that can act as a switch and firewall combo...isn't this true?

Posted by VPSBarn, 07-02-2013, 05:22 PM
This is true, but many businesses need hundreds upon hundreds of ports to connect all offices in a building. Since their are no firewall/switch that has all this space for ports, companys will often buy a high end firewall such as a CISCO PIX and use a stack of switches with fiber connections to be able to connect all computers in the office building. If its a residential occurrence than usually its that the person(s) do not like any firewall/switch interfaces, thus they will get a dedicated server with lets say PFSENSE or ASTARO then use a small switch. Hope this helps.

Posted by nokia3310, 07-02-2013, 07:55 PM
I am talking datacenter use here for colo space up to 10U. What i am trying to get is about 12 gigabit ports and very powerful to act as firewall and switch/router so i don't have to spend money getting switch for 1U and firewall for 1U...so i can just have a UTM appliance for 1U rackspace So what type/model of UTM appliances can help with this? (asking to get what people are mostly using) Also what is your opinion about software opensource UTM appliances? pfsense, ipcop, untangle, m0n0wall etc Do you believe in deploying those in a datacenter environment? Last edited by nokia3310; 07-02-2013 at 08:06 PM.

Posted by RRWH, 07-02-2013, 11:34 PM
Doing so is a bad idea in the environment that you are looking at. You are much better off with a Switch and a separate firewall. Most firewalls have only a small number of ports (typically 8 or less) which is not enough for what you want to do. Even in your 1/4 rack, I would be surprised if you did not need at least 18 switch ports (assume 8 servers with IPMI plus uplink), so you are already over what is typically available. Regarding running a software solution on a dedicated box (or VM instance) as long as you have enough cpu power to do the job then it is always going to be cheaper than a dedicated firewall and there is nothing wrong with doing this for a small-scale deployment like you are suggesting. The only "solution" that springs to mind that is un-tested by me is something like a routerboard - CCR1036-12G-4S-EM that will give you 12 ports plus 4 SFP's Personally, I think that RB products are perfectly suited to the home/branch office envionment.

Posted by nokia3310, 07-03-2013, 06:24 AM
Well basically the number of ports is the problem so far. What about performance though? Which gives a better performance...separate switch and firewall devices OR switch/firewall(UTM) device? Which gives lowest latency?

Posted by nokia3310, 10-29-2013, 01:23 AM
Still thinking about this seriously...i mean why buy a switch when one can buy this? FortiGate-100D http://www.fortinet.com/products/for...00Dseries.html



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
[419] Lots of vics! (Views: 603)