[virogenesis]

How about mikrotik, https://mikrotik.com/

I am a satisfied user of their software (and hardware) for the past 10years.

If you don't mind the rather rustic interface, it should be as closest to a professional grade cisco as you can get.

[southerntofu]

I've successfully used Microtik hardware, but they are pushing for their own non-free software stack (RouterOS) and while they support pfSense, it seems pfSense itself has some shady practices. OPNSense only works on x86 so far and Microtik hardware is mostly ARM.

I'd personally be interested in a hardware vendor supporting a free-software stack (but with an accessible price range), or an established software vendor (ideally a workers coop) maintaining an administration dashboard to setup on commodity hardware.

[iso1631]

Certainly better than Juniper SRXs and Cisco Firepowers, however if you have a lot of mangle rules you'll run into issues. Had a large amounts of drops and even more reorders with just 600M going through a 1036 with c.200 mangle rules.

Haven't run into any issues with Fortigates, yet. Time will tell.

Thats for Firewall/nat/router style devices, for wireless we've got a large number of unify flying saucers. I've use mikrotik wireless in the past, but it's not on the same level at all.

[southerntofu]

> Fortigates

Are these running a free-software stack? Couldn't find info about it since fortinet website blocks Tor traffic.

[archi42]

No, if you're looking for strict FOSS ideology, they're probably not what you want ;-) It's all enterprise grade: Proprietary hardware (they have some ASIC for security processing, probably helped with GPs issues) and you only get software updates as long as you're on a support contract.

OTOH I know a lot of people who are pretty happy with them, but that might relate to the fact that I recently started at a company selling them (among other brands). What impressed me most was the well executed "single pane of glass" integration of the first deployment I saw; all switches could be easily managed from the FortiGate web interface. Compared to that the Unifi Manager feels like a chaotic hack job from the 90s.

(To be fair, at home I still use Unifi APs and the switches are based on bang-for-buck: The 8P GBe 2P SFP+ Mikrotik in the study and the 24P GBe PoE 4P SFP+ Aruba as a "core" in the basement [that is, once it arrives, for now an ancient Netgear switch has core switching duty], Firewall is a loaned FortiGate, which I will probably replace with an OPNSense when I have to return it -- I'd go all FortiNet if the basement switch alone wouldn't cost about as much as my PC, though).