• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Need help with choosing VPN/Firewall hardware for small office

Silenus

Silenus

Senior member
I work for a small company with a small network and have recently been tasked with finding a new hardware VPN/Firewall device for our office. We do have an ancient Netgear prosafe unit that has become flaky and requires frequent resets. The problem is I don't really know anything about VPN and how it works. I know basic networking stuff, and plenty of computer hardware and storage stuff. But I need help in picking something appropriate for our business.

Here is the outline for what we have and what the boss wants-

Current OFFICE config:
Cable modem (NOT static IP 🙁 )--->Netgear Prosafe FVS338 VPN/Firewall --> Gigabit switch which then branches out to a file server and about 14 computers/users.

Current HOME config at Boss's house:
Cable modem (not static IP) ---Netgear Prosafe FVS338 VPN/Firewall --> Switch/Wireless router --> various home PC's and laptops. THIS network is bridged(?) to the office network (is this a WAN? I don't know the correct terminology for this). in other words his home computers have access to the office computers through the interwebs and above mentioned Netgear routers.

What the boss wants: He wants to maintain the WAN(?) connection between the office network and his home network. He Also wants secure remote VPN access to the office network for a handful of remote users on laptops while traveling (not more than 5). He wants something with up to date and robust security features. I want to make sure whatever we use will not restrict our internet connection speeds IF the current one is doing so. We have service that is capable of 20-30 Mbps downloads but I NEVER see DL speeds anywhere above about 5-6 Mbps on speed tests here at the office. Could the current Netgear unit be restricting that?

Anyway...any help is appreciated. We have some others working that are more versed in actual setup of VPN and WAN type things...but I am needing a crash course in some of this...at least I need to know enough to suggest what new hardware would be appropriate for our business without over spending.
 
Number one: get static IPs on both sides. This is a MUST for VPNs (yes, it can be done otherwise, but is a pain in the ass). At the very least, you need a static IP at the office end, particularly because you have travelling laptops.

On the cheaper end, the Adtran NetVanta 3120 is a great little appliance, but it can struggle if you have more than 3-4 IPSec VPNs. So, if you plan on terminating the dial-in VPNs to this device (as opposed to using a separate VPN server), I would recommend stepping up to something a bit more robust, like a Cisco ASA5505.

You could use a combination, as well: Cisco ASA5505 at the office, with a NetVanta 3120 at the boss's house.

But, you WILL need to get a static IP at the office, at the very least.

Hire a competant consultant for the configuration, though. These types of installs are very easy to setup badly.
 
This is a setup I'm familiar with and have configured, even with these routers.

It sound like you already have a VPN between the home office and main office. This is only done with IPsec on those routers and with dynamic IPs, can be configured with DYNDNS.com services.

What kind of server do you have? With your current configuration you can set up RRAS on a Windows server to allow PPTP dial-up connections with Window built-in VPN client.
You can also use the Netgear IPsec VPN client to dial-in to your router, but those are $50 per user.

Basically, you seem to have what you need to do what you want. You just need to know how.
 
I don't understand why bosses feel the need to maintain a perm connection to the office. Esp since most of them share it to the family (it seems) so when his 13 year old son is downloading porn, it is coming over the office line etc. I personally consider it better to have him use the client to VPN in also.

Anyway, like mentioned above: Static IP's make a connection like this far easier. Also the Netgears could be limiting the connection. IPsec is pretty CPU intensive and many (cheap) firewalls have a throughput limit from 3 - 10 Mbps. Some are so CPU bound that clear IP is limited to less than the Internet connection. It isn't until you get up to the bigger gear (read Juniper SRX240 or the like) where you will see IPsec performance that is above internet speeds.

Devices like the SRX can terminate windows IPsec connections etc also if need them to.
 
It's unlikely the tunnel is configured at the home to push all internet traffic through it.

The Netgear FVS338 has a IPsec throughput of up to 19Mbps, and a LAN to WAN of 75Mbps. At $200 this is a deal compared to other routers with the same features.

Also, I believe these are a fairly new model even though they all look old. I have a few running with no lockups or problems and on larger networks. Maybe a firmware update is needed?
 
Last edited:
Both work and home are currently dynamic IP on internet access and the VPN currently in use is set IS using DYNdns service. They tell me it works...mostly. It is possible I can get the office to upgrade to static IP option on our plan which should only be a small amount more per month. I'll look into that for sure.

The home network is definitely not routing internet traffic though the office. Each location has it's own internet service.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top