Smallish office - do we need a standalone HW firewall?

[strangebiscuit]

I'm setting up the network for a relatively small office (approx. 1900 sq. feet, 12 users). The owner wants everything wireless and the most heavy traffic will be coming from VOIP softphones. Obviously we'll need good throughput and the owner wants to go high-end so I'm looking at Meraki equipment. They're recommending the MR24 access point which looks pretty solid...but they're also suggesting the MX60 firewall. The MX60 itself isn't all that expensive...but when you add on the subscription license it's a decent chunk of change.

Am I crazy for thinking this enterprise level firewall may be a little bit of overkill? Would it be a terrible mistake to substitute with a cheaper ZyXel or Cisco (or other) model, or even just a good router with a built-in firewall? Obviously security is important, but this small company doesn't necessarily deal in ultra-sensitive information.

Also I've heard some good things about Ubiquity APs as a lower cost alternative to Meraki. I don't see them claiming to offer the 900 Mbps radio rate that the Meraki MR24 has, but the prices are so much lower and the feedback seems very positive. Anyone worked with either Meraki or Ubiquity before? Recommendations?

Thanks for your help and suggestions!

 

[zx10guy]

There are quite a few considerations when you deploy wireless in an office environment. This is why site surveys are typically required or some sort of RF predictive/planning tool. In office environments, you might run into issues with the actual construction of the building such as any concrete/cinder block walls, metal studs, etc, etc. Also in business environments, you're probably competing with other businesses running their own wireless networks. Layer in the requirement to run VoIP wirelessly, you have some challenging requirements.

Use of SOHO wireless devices should be immediately crossed off your list. With regards to your possible candidates, be aware that Meraki was acquired by Cisco. So if you're having issues with how they handle licensing, you'll be in for a shock when they get assimulated. Ubiquity is a unique proposition but based on some information I've seen on how the internals are in their devices, I'm not that impressed with the quality.

An option to consider is Aruba's (Dell PowerConnect W--OEM'd from Aruba) Instant APs. These APs provide many of the functionality of a full wireless controller solution without the cost. The first IAP set up on the network becomes the virtual controller for the entire network. Each subsequent IAP you add just joins the network and is managed by this virtual controller. If the virtual controller fails off the network, the remainder IAPs go through an election process to promote itself as the new virtual controller. The IAPs provide the ability to do band steering, spectrum analysis (depending on the IAP you are using), RF management, and have a built in firewall. The nice part about this setup is that there are no licenses to deal with.

Another option is to use a SonicWall firewall and then use their SonicPoints AP as every SonicWall firewall can act as a wireless controller

 

[strangebiscuit]

Thanks for the reply!

I'm not too worried about concrete walls or interference...the office is only 1,900 sq ft and it's all pretty much one contiguous space.

Good suggestions for APs...funny though, I've read reviews where people specifically replaced their SonicPoints with the Ubiquity Unifi AP Pro and said they had significantly improved performance.

Still curious as to whether anyone thinks we really need a standalone enterprise HW firewall like the Meraki MX60 or if we could go with a regular router with built-in firewall or a cheaper model/brand of firewall.