Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Hi guys, which firewall do you recommend for small retail stores?
In my data center I have an SRX345, I have approximately 40 stores in Brazil, all of them connect to the data center through the site-to-site VPN.
I would recommend the SRX320 if budget allows, failing that the SRX300 might be suitable if rack mounting is not required.
Hi guys, which firewall do you recommend for small retail stores?In my data center I have an SRX345, I have approximately 40 stores in Brazil, all of them connect to the data center through the site-to-site VPN.
In that same family of your SRX345, is the smallest SRX300. It's a good option. I has (8) 1g interfaces, two of which have sfp option. If you get it, and want it rack mounted, make sure to get the rack mount kit as I recall it's sold separately. I use the SRX300 in various places, and like you, also do site-to-site VPN IPsec tunnels. You can look at it here, and compare capabilities with other firewalls.
As mentioned, the SRX300/320 will do just fine (and, yes, the rack mount kit for the SRX300 is separate). You should really look into the AutoVPN feature where you can simplify the config of the central SRX to a minimum and still offer 100% security. Basically, you define one IKE/IPsec setting in the central SRX (called hub). In the retail stores, you can have the exact same definition, just put in unique subnets for each site. This method is used in mobile backhauling and is a mature and stable function. It can also be paired with certificates so you know for sure that the device connecting is your device.