We spent a lot of money for fortinet firewalls to have the two features. MT has the best gui with a ton of features.
is there a question with that?
I’m thinking he’s saying he paid a lot of money for firewalls to have anti-virus and url-filter by database
So… the suggestion is for RouterOS to have an anti-virus and URL filter?
@complete2006 Am I interpreting this right, or are you saying you already have these things, but to get them, you had to spend a lot of money?
so what’s the request exactly? for routeros to cost a lot more just to have these two features 
?
guys, sorry I lost the focus on this thread.
If I have a look (we user actual fortigate) on existing solutions for customer whises like
- URL blocking using classification of the url like porn,gambling …
- a content virus scanner for SMTP,HTTP,POP3,FTP
The product in the market are mostly bad and expensive (200-5000$ yearly fee for URL and virus updates).
They have problems and if you know the user interface of MT you are not really happy to work with this stuff.
Routerboards today have enough performance to hold an url-blocker DB and the can scan content for viruses.
I simply want an integration (easy for I386) of existing virus scanner and an firewall rule to filter the url with the database.
There is a big need here in the market. Products like zyxel are offering this at this time.
URL-Filter on mentioned devices (FortiNet, ZyXEL) works the same way:
every requested URL is checked against online database and clasified as allowed or not.
You can achieve same functionality using OpenDNS filtering options.
Anti-virus on these devices is not efective as AV installed on user’s computers,
because data stream is analyzed not whole files.
Unified Security Gateways have a lot of useful features, but IMHO is not good idea to buy these devices
only for URL-filtering or anti-virus scanning.
HTH,
Aha, what other good features have UTM-FW compared MTOS?
It is a short way from a fw-router to an “UTM-like-router” when the targeted customer is in the “mikrotik class”. This customers need routing, ruled based fw, url-filter and antivirus.
I don’t think about the companies with need for mobile token, AD-authentication or other “think-they-need-it”-things.
And, imho, the virus scanner on the target machine makes much more troubble than an central gateway for filtering the high risk traffic.
Aha, what other good features have UTM-FW compared MTOS?
SSL VPN, IDS/IDP, App Patrol, HW accelerated IPSec to name a few, for other read your Fortinet user manual.
It is a short way from a fw-router to an “UTM-like-router” when the targeted customer is in the “mikrotik class”
‘UTM-like’ is not the same as fully featured ‘UTM/USG’ device.
This customers need routing, ruled based fw, url-filter and antivirus.
URL database and AV signatures are maintained by external/third party companies.
If MT will implement these features, also yearly licence fee wiil be paid by MT customers to these companies.
And, imho, the virus scanner on the target machine makes much more troubble than an central gateway for filtering the high risk traffic.
As I wrote earlier AV engine on UTM/USG devices is flow/stream based, just read technical specification and compare how works AV software installed on user PC.
Some high-end UTM devices have AV engine which works in proxy mode, but price is very, very high.
Regards,
A customer who will think to setup a MT as router will not use IDS, hardware acc. IPSEC …
I don’t think that it is a good idear to source everything out. We are the ISP and I don’t want to advise my customers to use open-vpn and pay them and I am shure that anual license fee for url-database and virus are accepted if they are not as horrible high as they are with the regular suppliers.
If I will source out strategic things like security I will give up the earnings of this sector and I will make it easy for the customer to change ISP.
We are the ISP and I don’t want to advise my customers to use open-vpn and pay them and I am shure that anual license fee for url-database and virus are accepted if they are not as horrible high as they are with the regular suppliers.
If you want to run URL-Filtering and AV services for your customers, consider one of ZyXEL USG series device, according to your network size.
They are very reliable and license price is very reasonable.
HTH,