Picking out hardware for an office network

[Eson]

Hi

Ive been asked to pick out the network hardware for a church thats being renovated. At the same time they are bringing in 100/100. Not because of the bandwith but because it was cheaper in the long run than DSL 4/1. They are not going to be using anywhere near that capacity.

There is only two computers in the whole building at the moment, they are both on the bottom floor, but they want to have the option to expand. There are two floors and on each there will be several group/discussion rooms thats going to be equipped with TP-outlets. So I've decided to get one 16 ports gigabit switch on each floor to keep the internal throughput at a nice level. So my first question to you guys is: What is some good models, 16p gb switches? And may I say right here that cost is important, the church board does not consider these things top priority in the budget. I may have to go on the used market.

I have to say first that I really dont have much knowledge about these things but I guess I was the only guy in town that knew something so dont laugh

My second conondrum is how to solve the router/firewall. The company thats installing the fiber is also installing the media converter so what I end up with in my hand is a TP-cable. They want to have basic firewall capabilites, for example to stop people from using p2p or bitorrent or things like that. Looking at a hardware firewall thats capable of 100mbit looks expensive. Since cost is very important im pondering the idea of perhaps going with an old computer as a both router/firewall, perhaps using m0n0wall. Is that solution even viable? As I said I dont know much about these things. Perhaps I should get a router with built in firewire functions. I hope you can provide me with ideas whats best for this specific scenario. Perhaps I should also mention that the company that installs the fiber also provides three static ips.

So one building, two floors, two computers, perhaps 6-9 outlets on each floor. A 100/100 internet connection that needs to be distributed to the two computers. Give me your thoughts on the best solution considering performance/cost ratio.

 

[Goosemaster]

I am going to write a LOT. Please read it.
http://www.comptechdoc.org/independent/networking/guide/netterms.html
That link is a networking term repository so any terms I mention will probably be there.



What will help your church out more than the latest technologies and the fastest speeds is reliability and quality of service.

Yes, you have a GigE internet connection.
Yes, that equates to a possible 1000Mbps.
Yes, that would be really cool to take advantage of.
No, most people in church won?t be able to discern it from a regular T-1 line.

Gigabit is quite tantalizing, but keep in mind that most pc?s couldn't even reach the theoretical 125MBps in their wildest dreams. For the most part, don?t use gigabit. It's too expensive, it's pretty much superfluous, and frankly, it's a waste of their money.


It looks like you have some plans already, so let?s critique them, from the inside out.


SWITCHES

First of all, I am quite confident that clients will only need 10/100 access. Wire each room that warrants wiring with regular cat5e cabling. Assuming that you will have less than 16 jacks, a 16 port 10/100 switch per floor will do nicely. Normally, these 10/100 switches would then plug in to a master, or ?core? switch that handles the entire LAN, that would be capable of handling switch-to-switch transfers at wire speed. Assuming that that was indeed the case, a gigabit switch would be warranted. In my personal opinion, I don?t see the entire church?s traffic reaching even 100Mbps, so a 10/100 core switch is sufficient. This core switch will be the last LAN device before the router.

For a switch you can get a Dell PowerConnect 2216 for $52 straight from dell.

Don't bother with their higher models that advertise gigabit uplinks and such. For that to even be useful, ten of the users would have to be maxing out their computers simultaneously, and all directed outside of the domain of that switch. HIGHLY unlikely. For reference, HDTV can be encoded at 6Mps for file sharing , and uncompressed HDTV can range between 25(sony) to 100Mbps streams. I mention this only to show you that there are indeed uses that demand gigabit. If 10 people are downloading a comrpessed HD file across the network, 10/100 switches won't even break a sweat. As you can see, that $52 switch can handle 3200mbps amoung it's various ports, so that should be enough

ROUTER

Most cheap Netgear routers max out at 1.5-10Mbps on their WAN interfaces. Netgear Prosafe routers max out at about 15Mbps Linksys WRT54GS?s max out at around 18Mbps. Most consumer routers will offer more than enough speed for your network, regardless of whether they utilize the GigE connection to it?s full potential.

If you were a seasoned enthusiast, I would wholeheartedly recommend m0n0wall or its derivative, pfsense. Unfortunately, and I mean this in the kindest way, you seem to lack basic networking wisdom, so I would not recommend that you undertake such an endeavor.

Yes you can probably pull it off.
Yes, with a fast system you will be able to get around 500Mbps.
Yes, it will offer all the features you could ever need.

What happens when something goes wrong and the Church NEEDS the network or all hell will break loose?

Exactly.

Stay away from something that you don?t know how to troubleshoot. I know m0n0wall like the back of my hand now, and I would still hesitate to put it in a production environment due to support issues.

I could sell you a $500 soekris embedded pc with m0n0wall ready to login to and go @ 50Mbps, but would you really want to have that much uncertainty to deal with? That much reading to go through? Keep in mind that the m0n0wall manual consists of sparse details in the online FAQ and that most of the juicy details are hidden in pages and pages of messageboard discussions.

Yes, m0n0wall is tank-proof, but ask yourself, is the admin?



Basically, I would recommend the Netgear FVS124G Prosafe VPN Router.

1. It can handle 15Mbps of WAN traffic. That is more than you?ll ever need.
2. It has QoS (traffic shaping) and the ability to easily create rules to block/allow traffic.
3. It has a built in 4 port gigabit switch. Using this as your core switch will allow you to scale very well in the future if many users are added.
4. It supports VPN (free/extra stuff is good )
5. It costs about $150
6. If you ever decide that you need faster WAN speeds, you an still use it as a core switch (3 ports for you LAN and the other to connect it to a faster router)


Yes there are other offerings out there. Personally I use a Linksys wrt54gs router/AP with hacked firmware from dd-wrt.com. I use it solely as an AP and it performs fantastically.
The reasons that I cannot recommend it to you is that:
1. You must find version 4 or earlier of the router to hack it
2. You must be somewhat proficient in such things or you will end up with a dead router when you try to update the firmware on it.
3. If something goes wrong?..you get the point.


Basically, that setup will allow you to do most everything that you will need to do.


Keep in mind that if faster speeds are what you are after, you might want to take a seat and think about it. Think about what they need and not what you want.

It?s a church.

Maybe they?ll be doing video conferencing or VoIP someday, but even those intensive services will work admirably on this proposed option.

In the end, don't you think they will appreciate a fast network that works over one that does not, regardless of how ultra super mega fast it could be?

If you need anymore advice, have questions, comments, complaints, complementary gift chocolates or the like, please feel free to drop me a line

IM:

AIM: el goosemaster
Googletalk: wheaties@gmail.com
msn: ogoogle@comcast.net

and those are my emails as well.


Keep in mind that I have repaired a botched domain setup for a church here in VA before, so I know what you are trying to do firsthand.

 

[petey117]

i disagree:

Go for Gigabit networking. use a belkin 16 port gigabit switch. I have one, and it has performed flawlessly and can be purchased for less than $125
In today's day and age, using 10/100 instead of gigabit seems backwards if you are only talking about 16 ports, and can get away with a lower class switch

YOU MUST USE A FIREWALL!

with a 100/100 megabit connection, you will be the target of many hackers. a connection that fast is like a bulls-eye to these people
a cheap netgear / linksys type of router will choke on a 100mbit connection. I have seen them choke on 10mbit with more than 10 users.

the real hard part i see for you, is being able to block p2p apps and the like. this is not as easy as it sounds, as they are, by nature, meant to get around firewalls in one way or another.
I would suggest ipcop.org or smoothwall.org (in that order) for a software firewall.
you can download either one, load it on an old pc, and get it going with almost no effort.....now any advanced configurations, well that will be the same no matter what you use, and may be past your abilities.

that is my .02

 

[Goosemaster]

Originally posted by: petey117
i disagree:

Go for Gigabit networking. use a belkin 16 port gigabit switch. I have one, and it has performed flawlessly and can be purchased for less than $125
In today's day and age, using 10/100 instead of gigabit seems backwards if you are only talking about 16 ports, and can get away with a lower class switch

YOU MUST USE A FIREWALL!

with a 100/100 megabit connection, you will be the target of many hackers. a connection that fast is like a bulls-eye to these people
a cheap netgear / linksys type of router will choke on a 100mbit connection. I have seen them choke on 10mbit with more than 10 users.

the real hard part i see for you, is being able to block p2p apps and the like. this is not as easy as it sounds, as they are, by nature, meant to get around firewalls in one way or another.
I would suggest ipcop.org or smoothwall.org (in that order) for a software firewall.
you can download either one, load it on an old pc, and get it going with almost no effort.....now any advanced configurations, well that will be the same no matter what you use, and may be past your abilities.

that is my .02

I disagree.

Simply saying that 10/100 is going backwards explains nothing.

The fact remaisns, unless refuted, that this is a simple church network with simple church network needs. Gigabit all the way to the client is pointless. Hell, most PC's won't even have a gigabit NIC so it's even more pointless.

As for "choking" on a 10Mbit line, the netgear I recommended is fine for business use. They will NOT choke on a 100Mbit line for the sake of choking. Unless someone is sending you something @ greater than 15Mbps speeds, which is HIGHLY unlikely, it will be fine.

As for the firewall issue, that Netgear has a SPI firewall with rulesets and ACLS. I would never recommend NOT using one. You can get it to block various ports. Blocking p2p apps is difficult, but blocking every outbound service besides required ones will help keep all but the msot detemined users at bay

Yes there are better options.

An astaro setup will DECIMATE the capabilities of a simple smoothwall or clarck conenct setup, allowing for 65% of the GigE connection to be utilizied using a p4 1.6ghz and 512MB of RA< but ocne again, WHAT IS THE POINT?

This is a church.

From experience, many small ones have VERY tight budgets.
Going gigabit is a waste of their money.

With the price of one of those $125 switches you can get 2 or, with a little haggling 3 of the switches that I recommended.

[/defending:evil]

 

[petey117]

the dell 2600 series are junk, i have put 3 in production, and all of them have consistent problems, lockups, and various issues. I do not use them any more.
I will NEVER reccomend hardware based on price alone.
you are correct: this is only a church - one that does not have on-site support, and cannot have outages every other day - they need stability. for a few dollars more, you get a stable switch (i have 10 in various locations, and over the past 6 months, have not had a single issue with any of them)
by not going gigabit, i mean it is backwards, as they are looking to expand. how far are they going to expand? who knows. best to plan for more and not need it, than plan for less, and need more.

a statefull packet inspection firewall will not do those things that the church wants, such as blocking P2P apps. only an application layer gateway can do that. This is why i reccommend using a software solution, as it is much more versatile that a $50 hardware solution.

If you think several users are not enough to choke that router on a 100mbit line, then consider the amount of people that will be trying to hack into a 100mbit connection (especially such a poorly guarded one)
do you think that router would be stable with people doing port scans on it? how about a DOS attack?

Just to let you know, i do not speak out of my ass....i have built 2 person networks, and 500+ node datacenters. designed, and built. I have used all sorts of hardware, from cisco, to netgear, linksys, belkin, foundry, extreme, and others.
I am a CCNA CCDA and MCSE

I suggested ipcop and smoothwall due to it's user friendliness, not it's capabilities compared to other solutions. after all, it is not you and i that will be administering this network, but rather Eson

 

[Goosemaster]

Originally posted by: petey117
the dell 2600 series are junk, i have put 3 in production, and all of them have consistent problems, lockups, and various issues. I do not use them any more.
I will NEVER reccomend hardware based on price alone.
you are correct: this is only a church - one that does not have on-site support, and cannot have outages every other day - they need stability. for a few dollars more, you get a stable switch (i have 10 in various locations, and over the past 6 months, have not had a single issue with any of them)
by not going gigabit, i mean it is backwards, as they are looking to expand. how far are they going to expand? who knows. best to plan for more and not need it, than plan for less, and need more.

a statefull packet inspection firewall will not do those things that the church wants, such as blocking P2P apps. only an application layer gateway can do that. This is why i reccommend using a software solution, as it is much more versatile that a $50 hardware solution.

If you think several users are not enough to choke that router on a 100mbit line, then consider the amount of people that will be trying to hack into a 100mbit connection (especially such a poorly guarded one)
do you think that router would be stable with people doing port scans on it? how about a DOS attack?

Just to let you know, i do not speak out of my ass....i have built 2 person networks, and 500+ node datacenters. designed, and built. I have used all sorts of hardware, from cisco, to netgear, linksys, belkin, foundry, extreme, and others.
I am a CCNA CCDA and MCSE

I suggested ipcop and smoothwall due to it's user friendliness, not it's capabilities compared to other solutions. after all, it is not you and i that will be administering this network, but rather Eson

First of all, you are probably right on the switch front. People here won't shut up about them so that is what I recommended them.

Personally I only have experience with cisco catalyst switches as I have never had anything else. You are right to say that quality outweighs price for hardware.

As for gigabit, I still don't see your argument for it. If you have designed datacenters as you have stated, you indeed realize that even most servers only need 100Mbps pipes.
Yes they might expand, but we are not talking about a possible corporate entity here. For the most part, they will remain small, and a gigabit core switch will do.

I agree that security is of importance, but you are recommending a rather complicated solution to some guy "who was jsut around when it was assigned." Not to criticize Eson by any means, but learning smoothwall and ipcop from scratch is a lot of work. In addition, most any firewall can block all incoming and outgoing pots except 80 and 443 and keep the ship rather tight. Yes application layer QoS and traffic shaping abilities would be nice, but c'mon here..they have 2 computers....even if they get a 20 more computers a 4/1 DSL can easily handle 50 people browsing the web. Whatever they end up with will be much better.



I agree that smoothwall + ipcop are good solutions, but they still require a lot of Enon.

If anything, I woul recommend that they:

a) contract it out
b) get ready to get down and dirty:
-buy a cheap dell with two gigabit nics (one ofr WAN one for the LAN)
-a small gigabit switch to serve as the core swtich
-go to smoothwall.org and have at it
c) buy a premade box.

Enon, I recommend option b, and keep in mind that most anyone on these forums will be glad to help you along the way

Best of luck to you


P.S.

Petey117,

I would think someone with all your credentials would understand the futility of spending the money on gigabit for anything but the core switches for anything but an already saturated enviroment. I have seen and worked in enterprises still running on 10Mbit and working fabulously.

There comes a point where it is not how much bandwidth you have that matters, but how you manage it.

 

[petey117]

i agree with option B. smoothwall is pretty easy to setup on the initial setup screens, and is plug and play once that is done - there are many configuration options, but you don't have to modify them to just have it work...and it;s nice to have the option.

my argument for gigabit E is easy:
1) headroom - i have saturated 100mbit server connections easily, and with few people. (think stock trading quote systems for one)
2) availability - gigabit is the new 100mbit. all newer motherboards come with GIGE onboard nowadays. with the upgrade schedule of most churches, these switches will be in place for the next 10 to 15 years....it seems hard to fathom the need for gigE now, but in 3-4 years, it will be like 10mbit ethernet is today.
3) if you are uplinking more than one switch to the backbone, it is useless unless they have at least one GB port that can be used for an uplink. by getting all gbit switches, you can at least be sure your backplane, uplink, and nodes all have plenty of bandwidth. after all, they are only like $125 each - i bet the church has budgeted at least that much.

 

[Goosemaster]

Originally posted by: petey117
i agree with option B. smoothwall is pretty easy to setup on the initial setup screens, and is plug and play once that is done - there are many configuration options, but you don't have to modify them to just have it work...and it;s nice to have the option.

my argument for gigabit E is easy:
1) headroom - i have saturated 100mbit server connections easily, and with few people. (think stock trading quote systems for one)
2) availability - gigabit is the new 100mbit. all newer motherboards come with GIGE onboard nowadays. with the upgrade schedule of most churches, these switches will be in place for the next 10 to 15 years....it seems hard to fathom the need for gigE now, but in 3-4 years, it will be like 10mbit ethernet is today.
3) if you are uplinking more than one switch to the backbone, it is useless unless they have at least one GB port that can be used for an uplink. by getting all gbit switches, you can at least be sure your backplane, uplink, and nodes all have plenty of bandwidth. after all, they are only like $125 each - i bet the church has budgeted at least that much.

I agree that I overlooked the option of a gigabit uplink port

That said, I still would not equate the upgrade path of a church with that of a business.

Yes, you might have saturated 100Mbit networks with multiple bloomberg machines, but once again, this is a church that will for the msot part, probbly limit itself to basic office use.

I will agree that if there is no significant price difference gige is the way to go, but will not capitulate on it being COMPLETE overkill.

 

[petey117]

there is no doubt that 1000mbit seems overkill right now but....ponder this:
like i mentioned above - this equipment will probably be in place for 10-15 years.
think back 10 years ago - 10mbit was like light speed
look forward 10 years from now:
we will have fiber to the curb at speeds of 500mbps
those lines will handle: internet, voice, IPTV and who knows what else - teleconferencing i'm sure
i think these changes will be happening in the next 3-4 years - why not be ready for it?

 

[Eson]

Sorry for the late reply guys, been busy. Really appreciate the input, especially from guys whos been doing this for a living.

So first the gigabit issue, I can see where both of you are coming from, I was thinking along the lines of Petey when I made the post. The future proof aspect of it all, but I guess I need to talk to them, how important is the cost, are they willing to spend the extra cash for something that they may never use. But you never know what the future might hold. I could also go with 10/100 with 1000 uplink ports, do you guys have any recommendations there?

Now regarding the router/firewall issue Im not sure what you guys conluded. Should I settle with a regualar consumer router, shouldnt the WAN-port aleast come close to that 100mbit of bandwith available? Many have recommended using a computer for both and if you are worried about my skills there will be another guy setting that up if I decide to go that route. He is well familiar with Linux and has done this before.

But If I understand you guys you would recommend a hardware router and using a computer for the firewall since blocking all outgoing ports isnt enough. We need something to block specific software.

This is supposed to be a self running network without the need for administration. Sure if something were to happen there are guys to fix it but as much as possible you would want a stable network. Would this be a reason not to go with a computer for router duties since its more prone to hardware failuries. I wouldnt think that would be much of an issue. This network isnt exactly misson critical. But if say m0n0wall is correctly configured you shouldnt have to interfere with it, correct?

So to sum it up, get two belkin routers, either gigabit/100mbit/100mbit with gigabit uplink.

Then either go with a regular consumer router and let a computer run the firewall. Or let a computer run the whole thing.

About the wiring, its already cat6 cables installed, they are going to use them to transport analog tv over so not to have to install an unnecessary amount of cables.

Dont know if it should be mentioned that they are planning on bringing in their webserver which is hosting there website. I guess it would be nice if that got one of three static ips.

 

[RebateMonger]

Originally posted by: Eson....Dont know if it should be mentioned that they are planning on bringing in their webserver which is hosting there website. I guess it would be nice if that got one of three static ips.

You hadn't mentioned a server or web hosting.

If you are really going to host a web site, consider installing Windows Small Business Server 2003, Premium Edition, and be done with it. It includes ISA 2004, which allows you to fully monitor and control Internet usage, by user. ISA blocks EVERYTHING by default. ISA also securely publishes web sites to the Internet, hiding the actual SBS Server and IIS.

Basically, you pass all the Internet traffic through two Gigabit Ethernet ports on the SBS Server. It controls who can do what and monitors all user traffic (including what web sites are visited). There's no need for an addtional hardware firewall or router.

These boxes are quite reliable. Yes, they do need someone to monitor them and patch them monthly. But that's true of ANY server. Or any network. Running a server or desktops without monthly patches and security scans is really dangerous nowadays.

Not to mention you get an SBS server...with full remote workplace capability, remote maintenance and user assistance, SharePoint for hosting internal or external cooperative workspaces, automated backups of everybody's data, daily status reports, and wizards for most common maintenance tasks and a full Exchange server for all your email, contact, and calendar needs.

 

[petey117]

i agree with RM on the one computer theory, although i am not convinced SBS would be the best solution. (more below)
Eson, to answer your questions:
we were suggesting a single box to be a router/firewall. no need to have 2 seperate units. We both in the end agred that a PC running a linux based firewall would probably be the best option

RM, the reason i don't entirely agree with SBS is as follows:
I currently maintain several MS based networks (i am an MS guy way more than a linux guy). a few of these networks use pix firewalls and cisco routers, and several are using linux boxes as firewall/routers. all of them are on 10MB or faster circuits. All of them use MS server software, such as 2003 server, 2000 server (both regular and advanced) SQL, exchange, and SBS

so....my point is this: i maintain the linux boxes about once a year (aside from the random patch or upgrade). no reboots, no crashes, nothing. The MS boxes....well, i think we all know that story. if it wasn't for MS server software, i would be flippin burgers. they require 10 times the maintenance of the linux box.
I have used SBS for the purpose that RM has suggested. It is acceptable, but a lot more prone to downtime, and configuration issues.

The reason why i am pushing for the linux box (other than the reasons stated above) is now that you state you have a linux expert coming in, it seems like a good direction to go in (not to mention it is free), and similar to firefox, most linux firewalls are extendable through add-ons, which allow you to do some really cool stuff.
and if you are still on the fence try this:
yank the plug on a linux firewall in the middle of the day, and do the same with an SBS server and plug them both back in at the same time, and see which one comes up reliably 100% of the time.

remember, these are just my opinions, based on my experience.

 

[RebateMonger]

My point is that the OP should take a minute and browse Microsoft's SBS 2003 product pages. Many folks don't realize that they can have, in one inexpensive box, features that even large companies didn't have a few years ago. And, in my experience with several SBS networks, it can be quite reliable and inexpensive to maintain.

I just figure, if the OP is thinking about maintaining a server plus a firewall of some sort (whether hardware or Linux), then he ought to consider the integrated package alternative.

I think that both MS and Linux servers have their place. The client needs to look at the features, compare them to his needs, and make sure that he has a plan to support the chosen system. It's kewl that there are so many options nowadays.

 

[petey117]

no argument here!

 

[tropic]

Incoming $0.02:

Concentrate on the wiring job more than anything right now. Cat5e plenum is cheap and should be sufficient for most sites for at least the next decade--make sure you push a thorough wiring job through budgeting before worrying about GigE or 100mbps routing speeds.

I like to have a GigE LAN backbone in place--always good when you have a few servers with a lot of data to backup--but a church with two workstations doesn't really have to worry about QoS, high availability or SAS. Unmanaged networking kit is cheap. A vanilla 10/100mbps switch at each of your patch panels should be fine, or a hybrid 10/100 with a couple GigE uplinks to connect to a GigE core switch. If future growth/needs warrant GigE to each workstation (scary thought, actually), an organization purchasing 30 workstations won't blink at the added cost of GigE switches. The church can buy them when they actually need them.

I agree with Goosemaster on the gateway... m0n0wall will definitely do what you need it to do, but it's not a "set-and-forget" solution for a location without quick access to a nerd familiar with its workings. For such a small network (two workstations!) a well-written acceptable use policy including disciplinary actions to be performed upon violation might be a more feasible solution. Otherwise you'll be needing a person with good Linux knowledge to setup and maintain/update a routing/filtering toaster or some $$$ for a content-filtering device with a web interface and service subscription.

BTW: no disrespect to Goosemaster, but the FVS124G is awesome on paper and turns into a nightmare when you put it into production. It is NOT ready for business use. Netgear's had half a year to iron the bugs out, but it's still the most unreliable POS I've ever worked with. If you're set on Netgear, the FVS114 is a hell of a lot more reliable, but it lacks the QoS and failover features. If 100mbps routing speeds are an absolute necessity (bragging rights, you know) get a Buffalo Tech router or similar that can handle it.

 

[w0ss]

well here is my two sense late in the game.

Do as others have suggested and check out Small Business Server. I am a cisco guy but have tryed most internet gateways off and on. SBS is very easy wizards for everything. Plus it can be a web server. Monowall/astaro/linux/whatever pc router are an option as well but then you have to get a machine to do web hosting anyways.

For a Switch I would at least recommend Gige uplinks however by far the most important thing is to have at least one managed switch(linksys has some nice ones). With a managed switch you can go and see which port is using up all the bandwidth instead of running aroung looking at mac addresses or disconnecting plugs.

 

[petey117]

tropic: you forget about what the client wants: content filtering. you cannot always blow off what they ask for just because they currently have 2 computers. that is my opinion
also, the cost of a 10/100 switch with gige uplinks (a decent one anyway) would be at least as much as the ones that i have suggested. that was the reason for my suggestion. If you know differently, please let us know the model switch you have in mind

w0ss: I agree with a managed switch, but keep in mind, your gateway (whether SBS or linux) should have that capability anyway - especially if the managed switch only tells you that the port using all of the bandwidth is one of the uplink ports....

 

[Goosemaster]

Originally posted by: tropic

BTW: no disrespect to Goosemaster, but the FVS124G is awesome on paper and turns into a nightmare when you put it into production. It is NOT ready for business use. Netgear's had half a year to iron the bugs out, but it's still the most unreliable POS I've ever worked with. If you're set on Netgear, the FVS114 is a hell of a lot more reliable, but it lacks the QoS and failover features. If 100mbps routing speeds are an absolute necessity (bragging rights, you know) get a Buffalo Tech router or similar that can handle it.

No disrespect taken.

I had setup an astaro box with multiple nics as the companys router for a co. that I used to work for and it was GREAAT

Unfortuantely the boss didn't know how to manage it so we got that netgear and were about to try it out when he fired me

Glad to know the truth about it

 

[Goosemaster]

Originally posted by: petey117
i agree with RM on the one computer theory, although i am not convinced SBS would be the best solution. (more below)
Eson, to answer your questions:
we were suggesting a single box to be a router/firewall. no need to have 2 seperate units. We both in the end agred that a PC running a linux based firewall would probably be the best option

RM, the reason i don't entirely agree with SBS is as follows:
I currently maintain several MS based networks (i am an MS guy way more than a linux guy). a few of these networks use pix firewalls and cisco routers, and several are using linux boxes as firewall/routers. all of them are on 10MB or faster circuits. All of them use MS server software, such as 2003 server, 2000 server (both regular and advanced) SQL, exchange, and SBS

so....my point is this: i maintain the linux boxes about once a year (aside from the random patch or upgrade). no reboots, no crashes, nothing. The MS boxes....well, i think we all know that story. if it wasn't for MS server software, i would be flippin burgers. they require 10 times the maintenance of the linux box.
I have used SBS for the purpose that RM has suggested. It is acceptable, but a lot more prone to downtime, and configuration issues.

The reason why i am pushing for the linux box (other than the reasons stated above) is now that you state you have a linux expert coming in, it seems like a good direction to go in (not to mention it is free), and similar to firefox, most linux firewalls are extendable through add-ons, which allow you to do some really cool stuff.
and if you are still on the fence try this:
yank the plug on a linux firewall in the middle of the day, and do the same with an SBS server and plug them both back in at the same time, and see which one comes up reliably 100% of the time.

remember, these are just my opinions, based on my experience.

:thumbsup:


Keep it simple

ipcop + m0n0wall

1 core 4 port gigabit swtich

2 16 port distrubution layer gigabit switches...waht the hell


I recommend that you stay away from SBS....simply follow the rule that if you don't know how to use it stay away.

IP Cop + m0wall are so much easier to implement and learn that SBS....the wizards only cause trouble since they don't teach you anything useful for when something goes wrong.

<---seen HELLacious DNS messes over and over again from boy-wonders who think SBS is the answer to all theri prayers.

 

[w0ss]

Originally posted by: petey117
w0ss: I agree with a managed switch, but keep in mind, your gateway (whether SBS or linux) should have that capability anyway - especially if the managed switch only tells you that the port using all of the bandwidth is one of the uplink ports....

While I agree SBS or Linux(any router really) can tell you who the top talker is mostly you get just an IP. If you require all users to authenticate that is not an issue however the enviorment described will probaly be open access. Providing network support for Retail/Warehouse/Blue Collar companies I see it alot. I manage routers all day everyday and when a Hub site calls wanting to know why remote Circuit X is 100% utilized or there voice calls are choppy I can look and say x.x.x.x is using 99% of the bandwidth I can even give the customer a MAC address. Most of the time though the customer will have no idea what that machine is or where it is.

 

[petey117]

i understand. I guess either way works, but it is hard to make reccomendations without knowing what level of support this church is willing to maintain

 

[wseyller]

just get a really cheap switch and router and then overclock them to higher speeds.

 

[RebateMonger]

Originally posted by: wseyller
just get a really cheap switch and router and then overclock them to higher speeds.

Agreed.

 

[Goosemaster]

Just give everybody a blackberry and call it a day

 

[petey117]

i love my blackberry....but i can't stand trying to surf on it