Sophos SD-RED 20 & 60: Synchronized SD-WAN

By Andrew Harmon

Posted On April 10, 2020

Sophos SD-RED 20 & 60: Synchronized SD-WAN

Just in the nick of time for our strange days of full-capacity remote work, Sophos releases a new heir to the secure remote access throne with a replacement for their mainstay Sophos RED appliances. The new Sophos SD-RED 20 and Sophos SD-RED 60 bring together secure, encrypted SD-WAN capabilities and the Sophos Synchronized Security flagships XG Firewall and Intercept X. These unique and simple remote work solutions extend network connectivity to remote branches, distributed offices, outposts, home offices, and any other remote workers, no matter where they’re located. Whether you need stable remote access at a mountaintop observatory or in your new sealab, Sophos SD-RED appliances have you covered with stable, secure access and real-time visibility.

Other new features include SFP ports, Power-over-Ethernet capabilities for the SD-RED 60, huge improvements in throughput, and more interfaces than previous Sophos RED devices. The Sophos SD-RED appliances work seamlessly with Sophos wireless access points and the SD-RED 60 could even support two Sophos access points with Power-over-Ethernet alone!

SD-WAN gets a heartbeat

When an SD-RED appliance is centrally managed through the XG Firewall platform (free trial?), admins can extend Synchronized SD-WAN to multiple branch locations. Synchronized SD-WAN means that not only are you replacing expensive and unstable MPLS connections with super intelligent SD-WAN capabilities, you’re also protecting traffic that traverses those SD-WAN connections with the same Synchronized Security & Sophos Security Heartbeat features that employees would enjoy on the home network.

So easy a home user can do it

Due to COVID-19, many small businesses now have employees working from home that may have no prior experience with remote work before the big change. SD-RED appliances ease the pressure of extending your secure network to remote workers with a truly plug-and-play, zero-touch deployment. No technical skill is required for remote workers or branch locations to install an SD-RED 20 or SD-RED 60. Just type the device ID into your Sophos firewall appliance and ship your SD-RED appliance to its destination. Once the device is received and plugged in, the SD-RED will connect to the Internet, call back home to your primary firewall, and automatically establish a secure VPN tunnel with auto-provisioning.

Sophos RED vs Sophos SD-RED

So how do these new remote access devices stack up against their predecessors? Check out our handy comparison table or keep scrolling to see new throughput improvements, expanded interfaces, and more to compare the original RED to the new, improved SD-RED.

Sophos SD-RED 20

Maximum Throughput: 250 Mbps
LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
WAN Interfaces: 1 x 10/100/1000 Base-TX (shared with SFP)
Power-over Ethernet Ports: None
USB Ports: 2 x USB 3.0 (front and rear)

Sophos SD-RED 60

Maximum Throughput: 850 Mbps
LAN Interfaces: 4 x 10/100/1000 Base-TX (1 GbE Copper)
WAN Interfaces: 2 x 10/100/1000 Base-TX (shared with SFP)
Power-over Ethernet Ports: 2 PoE Ports (total power 30W)
USB Ports: 2 x USB 3.0 (front and rear)

Sophos RED 15

Maximum Throughput: 90 Mbps
LAN Interfaces: 4 x 10/100/1000 Base-TX
WAN Interfaces: 1 x 10/100/1000 Base-TX
Power-over Ethernet Ports: None
USB Ports: 1 x USB 2.0

Sophos RED 50

Maximum Throughput: 360 Mbps
LAN Interfaces:4 x 10/100/1000 Base-TX
WAN Interfaces: 2 x 10/100/1000 Base-TX
Power-over Ethernet Ports: None
USB Ports: 2 x USB 2.0

Buy Sophos SD-RED

Ready to get your hands on Synchronized SD-WAN? These new SD-RED appliances are ready to ship now! With the Sophos RED 15 potentially looking at backorders in the wake of the remote work rush, the SD-RED 20 and 60 have landed just when they are needed most. Synchronize your SD-WAN and secure your remote workforce today!

Don’t forget to renew your security services

By Andrew Harmon

Posted On March 30, 2020

Don’t forget to renew your security services

license renewal network security renew license

Remember your security services

With COVID-19 causing workplaces to shift from on premises to remote, network admins have had their hands full keeping employees connected and secure. We know there are plenty of factors to consider to make that happen. But one consideration that can’t get lost in the shuffle: security services subscriptions. These subscriptions have a shelf life, and if allowed to expire, that may render a lot of the effort to protect workplace data – and offer reliable remote access – moot.

Allow me to explain further. Firewalls – the cornerstone of any secure network – are not fully optimized security machines without a suite of security services to enhance their hardware. Those services can include (but are certainly not limited to):

Advanced Threat Protection
Antivirus
Antispam
Application Control
Content filtering
Data loss prevention
Enhanced management capabilities
Sandboxing
SD-WAN services
Web application firewalling
Web surfing protection
24×7 Technical Support and Updates

This is just a partial list relating to firewalls, with services depending on the manufacturer. But when a security services subscription expires, it could leave your network vulnerable to all of the threats these services address – and leave you out in the cold when it comes to certain networking features you rely on.

What does this have to do with remote employees?

Service subscriptions extend beyond the firewall, with offerings like endpoint protection. This protection is a vital component to a secure remote workforce both to keep data from prying eyes and to offer enhanced visibility into remote devices for network admins. And of course the secure access offered by VPN clients or secure mobile access appliances benefits greatly from active support subscriptions as well. Network security pros can help troubleshoot any of the myriad issues that can arise when most of your employees are connecting remotely.

Additional subscriptions cover a variety of appliances from wireless access points to email gateways to network switches, as well as virtual appliances and other standalone services. Regardless, it’s vital to keep them up to date and renew before they expire to avoid interruptions that can stop your network in its tracks.

How do I know when expiration is nearing?

If you’re a Firewalls.com customer, we’ll send you email notifications starting 90 days from your service expiration date. So even with everything else going on, it’s another reason to keep up with your inbox. If you don’t receive these emails from either us or directly from your service provider, simply visit your manufacturer portal, reach out to your IT consultant, or start a chat on Firewalls.com and we’ll be happy to help too.

How do I renew?

Regardless of where you initially purchased service, this is an easy answer. Go to our Renewals & Licensing locator, choose your product and subscription type, and choose your preferred subscription length. Firewalls.com offers renewals and licensing for SonicWall, Fortinet, Sophos, WatchGuard, Ruckus, Cisco Meraki, and Barracuda.

A few things to keep in mind:

You’ll pay a lower yearly cost and guard against any increases in subscription rates with a longer-term renewal
Some services like Barracuda licenses come in month-to-month terms, while some come in 1, 2, 3, 4, or 5 year lengths
If you upgrade to a new firewall, you can migrate your existing service subscriptions with you

If you have a question while you’re on the renewals page, wait for the chat popup, and one of our experts will be happy to assist you. Either way, it’s a quick and easy process, and your term will be extended before you know it. However you choose to renew, just remember, expired services hurt your network’s performance and security, so keep your subscriptions active!

5 Things to Consider to Secure Your Telework Employees

By Andrew Harmon

Posted On March 20, 2020

5 Things to Consider to Secure Your Telework Employees

cybersecurity endpoints remote access remote workforce secure remote access telework

Telework Cybersecurity

With the rapidly evolving circumstances surrounding the COVID-19 pandemic, workplaces around the world have been faced with a difficult challenge – quickly deploying a remote workforce. While some have been prepared for telework all along, others are scrambling to ensure employees can access their networks quickly, without compromising security. The unfortunate truth of our current situation is that while many are banding together to protect those most vulnerable to the coronavirus, there are those who see this more scattered user-base as a golden opportunity for cyber attack.

It’s important to remember that just because you’re not in the office, it doesn’t mean hackers are taking a holiday. In fact, remote work is their bread and butter. And they stand at the ready to exploit the vulnerabilities teleworking can bring.

With that in mind, what can you do to plug those holes? How do you keep both your network and your work-from-homers secure? Here are 5 things to consider…

1 – It Starts With a Policy

Both you and your staff benefit from knowing what to expect from remote work. Putting a telework policy in writing and ensuring everyone in your organization is aware of it is an important step for consistency and therefore security. Hopefully you already had one, but if not, it still pays to put one together and make it clear to all employees.

What should it include? Acceptable use, personal vs company devices, personal vs company accounts, how to connect, whether public wi-fi is allowed, etc. A couple of statistics should reinforce the need for a strong telework policy: nearly half of employees say they transfer files between work and personal computers; almost 15% say they can’t connect to their work network from home, and more than three quarters say they don’t take privacy measures when teleworking in a public setting.

2 – Protect Your Endpoints

Each device an employee uses to access your data is an added security risk. Remote laptops, tablets, smartphones, etc. are not constantly protected by your firewall. But you need to ensure they have a level of protection against malware, email scams, and other data breaches, so attackers can’t use them as a tunnel back into your network. That’s why a strong endpoint security solution is vital for all your telework users. The best options also provide added visibility into their status for admins. Protecting each device individually makes protecting your network as a whole much easier.

3 – Build a Tunnel

To work from home effectively, your employees need to have use of all the apps and files they normally have at the office. How do you facilitate that quickly and securely? You need to offer virtual private network – better known as VPN – access.

A VPN sets up a secure tunnel between your telework employees and your network, protecting their and your data from any spying or prying eyes. This encrypted tunnel (using either IPSec or SSL) can even help when employees use public networks. In case you missed it, we outlined SonicWall’s VPN options in a recent post.

4 – Make Sure Passwords Have a Passing Grade

An all too common problem with an all too easy solution in the cybersecurity world is weak passwords. Ensure your telework employees (and everything on your network) uses strong passwords of length, with numeric and special characters, and phrases if supported. This keeps brute force attacks at bay, which typically just fire thousands of common words at a login screen until one works.

And take it a step further with multi-factor authentication. For employees to access your network remotely, require an additional step, such as an authentication code texted or emailed to provide added security. Some types of multi-factor authentication even include options like geotracking.

5 – Training Is Vital

You’ve likely already heard that the most common reason for a breach is human error. Whether it’s in the form of a misconfiguration or because an employee clicked a malicious link, the human element puts your network at risk. And just as cybersecurity training is vital in the office, it’s extremely important for telework.

So safety using the aforementioned public wi-fi should come up, as well as reminders about what to look for in social engineering scams. Online attackers’ new favorite? Coronavirus-related malware in the form of emails, and even phony maps to steal personal data from anyone who visits to try and keep up with the virus’ spread.

You’ll also want to be sure your work-from-homers are sticking to VPN-only when it comes to work files. Too often, the easy way may be to send sensitive data as an unencrypted email attachment, but that risks exposing it to bad actors. Teach them to keep it encrypted, even if it takes a little bit longer. And even though social distancing may keep you from conducting this training in person, there are plenty of videoconferencing options to help.

How to Choose a Cisco Meraki Firewall for your Small Business

By Andrew Harmon

Posted On March 17, 2020

How to Choose a Cisco Meraki Firewall for your Small Business

cisco meraki mx firewalls small business firewalls

Shopping for Cisco Meraki MX Firewalls

Cisco Meraki MX Security & SD-WAN Appliances (or as we affectionately call them: firewalls) provide Unified Threat Management for small businesses, branch offices, datacenters, and distributed enterprise environments. 100% cloud managed and filled to the brim with comprehensive security features, Cisco Meraki firewalls reduce complexity and save money by eliminating the need for multiple appliances.

Why Meraki Firewalls?

As small businesses explore digital transformation and all the advanced security and networking that it offers, automated services become more important. Cisco Meraki MX firewalls make intelligent site-to-site VPN easy with Auto VPN. Auto VPN automatically generates VPN routes using IKE/IPSec that can connect with all IPSec VPN devices and services. Automated MPLS to VPN failover in case of a connection failure is resolved in a matter of seconds, minimizing downtime over remote access.

SD-WAN is another key aspect of digital transformation and Cisco Meraki includes SD-WAN capabilities with each firewall. Software-defined WAN lowers operational costs and improves performance of remotely-accessed resources. Policy-based routing, support for application-layer profiles, active/active VPN, and dynamic path selection ensure the apps and services your employees use most are always available.

Cisco Meraki MX firewalls include all the advanced security services you expect out of a next generation firewall: intrusion prevention powered by Cisco-developed SNORT, content filtering, anti-malware, geo-based firewalling, remote access connectivity, and advanced malware protection. Layer 7 fingerprinting allows small businesses to identify PUAs and unproductive content so that company bandwidth isn’t wasted on time-wasters like BitTorrent.

Choosing a Cisco Meraki MX Firewall

It can be a challenge to spot the difference between two similar firewalls, but the devil is always in the details. Here are a few key differentiators between Cisco Meraki firewalls to help you decide which device is right for your network.

Power of Ethernet

The Cisco Meraki MX68 includes Power-over-Ethernet capabilities. The rear of these MX firewall models feature a pair of 802.3at (PoE+) ports. With them, you get built-in power supply capabilities for tricky installations where outlets may be unavailable. These two 802.3at ports provide a total of 60W power. In other words, you can leave the AC adapters at home.

Integrated 802.11ac Wave 2 Wireless

The MX67W and MX68W provide wireless firewalling capabilities, integrating Cisco Meraki’s industry-recognized wireless technology in an SMB-friendly compact form factor. Enjoy unified central management of all network security and wireless devices.

Meraki vMX100 Virtual Firewall

Virtual firewalls provide the benefit of simple configurations and appliance-less deployment. The Meraki vMX100 is added via Amazon Web Services or Azure and configured directly in the Meraki dashboard, just as you would manage any other MX firewall appliance. Licensing only–no on-premise equipment required!

Cisco Meraki MX64 vs MX65

At first glance, these two models look pretty similar. Both clock in at 200 Mbps of Advanced Security Throughput (when the full range of intelligent security services are operating). They also offer 100 Mbps of VPN Throughput. The MX64 can be converted to support WAN and includes 3 dedicated GbE RJ45 interfaces. Why aren’t we talking more about the MX65? Because it reached end of sale in 2019 and is no longer available. If you’re looking for something comparable – the MX68 is your best bet.

Cisco Meraki MX67 and MX68

Meraki MX67 and MX68 firewalls are designed with built-in cellular modems that simplify deployments requiring a cellular uplink backup. This kind of cellular uplink infrastructure is ideal for remote locations that rely on continuous WAN circuits. That is to say, where you need high availability and redundancy, the cellular uplink provides a valuable backup.

The MX68 includes the Power of Ethernet capabilities described in the section above as well as dual WAN interfaces and 10 LAN RJ45 interfaces. On the other hand, the MX67 includes only one dedicated WAN interface and three LAN RJ45 interfaces.

Meraki MX84, MX100, MX250, & MX450

The Cisco Meraki MX84 and above appliances pack a bit more punch behind their security performance.

- MX84 Recommended Users & VPN Throughput: 200 users, 250 Mbps
- MX100 Recommended Users & VPN Throughput: 500 users, 500 Mbps
- MX250 Recommended Users & VPN Throughput: 2,000 users, 1.0 Gbps
- MX450 Recommended Users & VPN Throughput: 10,000 users, 2.0 Gbps

In sum, it’s clear these models are designed for medium branches and enterprise networks. With top-end speeds up to 6.0 Gbps of stateful firewall inspection, the advanced security technology behind Cisco Meraki MX firewalls bring serious security and performance.

Advanced Security Licenses and Support

Check out our Renewals & Licensing wizard to find advanced security licenses for Cisco Meraki MX firewalls like Cisco Meraki Advanced Security Licensing.

Remote Worker Bundle options make working from home fast & secure

By Andrew Harmon

Posted On March 5, 2020

Remote Worker Bundle options make working from home fast & secure

remote workforce sma SonicWALL

Small businesses are rushing to get their employees working from home. The popularity of virtual conferences and webinars has skyrocketed in response to the threat of coronavirus, influenza, daycare emergencies, potholes, perilous traffic, and political ads on the morning commute. If you’re looking to keep your workforce out of harm’s way, our new Remote Worker Bundle comes with everything you need to maintain network security while employees work from home. Establish fast, safe remote access with a SonicWall SMA 210 or SonicWall SMA 410 expertly configured for your unique network demands, then pair it with 24×7 Support to make the experience flawless for remote employees.

Security risks posed by working from home represent just one problem surrounding secure remote access. Ensuring that the home experience is simple and seamless is integral to maintaining productivity. In addition, small businesses struggle with issues of flexibility, compatibility, and scalability. The Remote Worker Bundle tackles these issues with affordable add-on options for technical support and further concurrent user licensing.

Benefits of the Remote Worker Bundle

When workers come into the office sick, they risk spreading illnesses to the whole staff, but self-quarantining at home doesn’t mean the work has to stop! Our Remote Worker Bundle includes all the fundamental pieces organizations need to set up basic work-from-home security for their employees. Projects never need to be put on pause when remote workers are able to work with all of the company resources and apps they’re used to at their workstation. This bundle is also ideal for any company with a high volume of business travel.

Flexible, scalable remote access for all

SonicWall SMA appliances are compatible with any firewall brand or model you may already be using. Remote workers will be able to access any company printers, applications, files, or cloud resources from the comfort of their home while their session sits behind the same company firewall that protects their data in the workplace! SonicWall’s SMA 210 and SMA 410 appliances are compatible with any cable or DSL connection from any Internet service provider, meaning whatever Internet provider your workers already have at home will work.

Need to add more users? The SMA 210 can support up to 50 users with concurrent licensing and the SMA 410 can protect up to 250 remote workers at once. The best part? Because these stackable user licenses are perpetual, you’ll only ever pay for each user one time–no need for renewals.

Remote worker bundle: configuration included

Ready to wash your hands of remote security risks? To provide secure network access for employees working from home, optimization of remote access appliances and services is critical. The Remote Worker Bundle includes our proprietary remote access configuration service, in which our team of network engineers expertly configure profiles and access groups via SSL or IPSec settings. Additional access control optimization is also incorporated to help further safeguard your data.

All configuration work is completed by our manufacturer-certified network architects at the Firewalls.com Security Operations Center (SOC) in Indianapolis. You’ll even get post-deployment support from the same team of engineers that configured your appliance.

Security best practices when working from home

Bolster your password hygiene – Remote workers carry additional risks to company data. Ensuring that users rely on strong, complex, and lengthy passwords guarantees that your data stays safe even in the case of a lost or stolen device.

Make sure end user protection is up to par – Any device operating on the company network should be properly protected by strong anti-virus capabilities such as SonicWall Capture Client, web filtering, encryption, anti-spam, and malware protection. Mobile workers should enjoy the same air-tight security when roaming as they would at their desk.

Avoid public Wi-Fi – As we covered in Episode 14 of our podcast, public wireless networks can be a breeding ground for wireless threats. Advanced threats like evil-twin attacks, rogue access points, ad-hoc networks, and client misassociation can wreak havoc on BYOD users. In a world with growing open wireless networks, Wi-Fi attacks using Emotet malware infected systems are able to not only steal personal information but also spread malware by laterally scanning public wireless networks.

Email security & encryption – The inbox represents one of the biggest attack vectors for users of all kinds, but remote workers are especially at risk. Email applications are the most popular form of remote work as employees peer at their inbox several times throughout the day. Encryption, anti-spam, and email sandboxing services such as Capture ATP for SMA are all great ways to keep the team safe, whether home or away.

← Older posts Newer posts →