Am setting up a new ESXi based web portal, and need to get a firewall to block access to the ESXi. But am a bit stuck on the networking technicality. Any recommendations would be appreciated.
The firewall unit should provide basic protection such as DOS/DDOS, IDP, etc and also provide OTP (preferably via e-mail like the SonicWall SRA4200, which unfortunately doesn't have firewall functionality) for the ESXi, and the web/dB VMs on it.
My data link is 100Mbps and originally I've been eyeing on the WatchGuard XTM 505 as the ideal candidate as its UTM throughput is way over that. However, I have a feeling (haven't been able to get confirmation yet) that it can't send OTP via e-mail.
I also considered the Zyxel USG 300 also but there has been numerous reports that the USG 100 is susceptible to periodic reboot and long reboot time (up to 5 minutes). Unlike the WatchGuard units, I have also been unable to get details on the UTM throughput of the USG 300. And price wise, getting to the USG 300 level is more than the XTM 505 for a 3 year subscription.
Also thought about pairing a WatchGuard XTM 23 with a Zyxel SSL 10 but the throughput of the XTM 23 is only 40Mbps.
And also thought about the Juniper SSG 5 with Zyxel SSL 20. But the 3 year subscription on the SSG is also rather expensive.
As you can tell I've considered the different alternatives but am not sure which way to go. Preferably I want to have one unit as I only have 1U remaining for the network device, or stick with one brand because I have less documentation to read.
There are 2 NICs on the server. The ESXi is accessible via its own NIC and should be completely blocked unless authenticated via OTP also. Public access to the VMs via the other NIC should only allow HTTP, POP/SMTP traffic. However, I want to provide FTP, SSH access once authenticated via OTP. There are no internal users so web filtering is not required. The only POP mail traffic is to serve me so mail traffic is minimal. 90% SMTP traffic is from my web forum to send mails to the members of my site.