PLEASE help me setup a network for my small business...

[JMann238000]

Hi all,

I am pretty technically savvy, but am getting some pretty high level speak from some friends of mine that are System Admins for large companies. And I don't know if I need all the things they say I need. So heres the deal.

- T1 line just installed through Megapath
- Samsung Ubigate IBG1000 modem/gateway from Megapath
- New building has a patch panel with CAT 5 feeding all offices
- We will have 4 computers and 4 Cisco VOIP phones on the network. VOIP phones are a hosted solution so they should work with any internet connection.
- We will have at least one wireless access point.
- I will not be sharing files between computers (Have dropbox)
- I will not be running a server
- No VPN

My questions are:

1) Should I run a firewall? If so then which one?
2) I was told to order a good switch, so I ordered a Dell Powerconnect 2816. Is that overkill?
3) Do I need anything else?

At our current office we have been using a $30 Netgear wireless router with 4 port switch on a business DSL connection. I realize I should upgrade some gear and make it more secure, but I don't know just how far to take it.

Any help would be appreciated.

Thanks!
-Josh

 

[Cooky]

1) Should I run a firewall? If so then which one?
2) I was told to order a good switch, so I ordered a Dell Powerconnect 2816. Is that overkill?
3) Do I need anything else?
=============
1. yes, you definitely need a firewall, if the gateway from ISP doesn't provide that functionality.
You wouldn't drive a car that doesn't come w/ doors or locks, would you?

2. It's been many years since I dealt w/ Dell switches.
From what I heard they're hit or miss, but they shouldn't be overkill.
Overkill is ordering a $1500 Cisco switch for SMB.

3. Do you need anything?
That really depends on your application requirement.
All you need the Internet for is VoIP & file sharing/storing?

The most critical is your VoIP phones.
You'll probably want to get something that can handle QoS to prioritize VoIP traffic & call signaling.
It may function just fine w/ no QoS, but you'll have plenty of headache when you start getting jitter and dropped calls.
May not be a big deal if your business is not client facing, and you can deal w/ poor call quality.

If you have large files a single T1 may not cut it.

 

[drebo]

You can only QoS in the outbound direction, so it's pretty useless to even bother.

I'd recommend a Juniper SRX100 firewall. Relatively expensive, but very feature-rich and good. Stay away from SonicWalls, they'll break your hosted pbx service.

As a standard, unmanaged switch, Dells work OK. However, 6 of one is half-a-dozen of another. Netgear or Dell, isn't going to make much of a difference if you're not using the management features.

 

[theevilsharpie]

You can only QoS in the outbound direction, so it's pretty useless to even bother.

Inbound QoS is possible for TCP connections.

 

[ViviTheMage]

QoS wont matter once it hits the internet, all traffic is on one switch ...

 

[RadiclDreamer]

For 8 devices I feel that anything over a cheap dlink etc is overkill, just keep one on the shelf as a spare and call it a day. The poweredge line are nothing but problems.

 

[Cooky]

QoS wont matter once it hits the internet, all traffic is on one switch ...

I'm not talking about doing QoS end to end, but simply send VoIP traffic out before others when there's congestion.
What do you think will happen to the calls when OP starts uploading massive files to Dropbox?

 

[drebo]

Inbound QoS is possible for TCP connections.

No, you can SHAPE inbound TCP connections.

QoS is something entirely different (typically comprised of priority queueing).

Traffic shaping based on policies can somewhat kind of pretend to provide QoS, but it's not the same thing.

 

[theevilsharpie]

No, you can SHAPE inbound TCP connections.

QoS is something entirely different (typically comprised of priority queueing).

Traffic shaping based on policies can somewhat kind of pretend to provide QoS, but it's not the same thing.

QoS is a concept, and both priority queuing and traffic shaping are among a handful of mechanisms for achieving a desired QoS.

 

[JMann238000]

Keep in mind we have been running our VOIP phones through this cheap Netgear router/switch for 2 years now without much of a hiccup.

Ok so back on track.

1) Which firewall
2) Already ordered the Dell switch so kinda stuck there
3) Will the firewall act as the router?

How should I configure all this?

Thanks,
Josh

 

[JMann238000]

Looks like it includes some firewall feature as well as a router built in?

Could I get up and running with this and the switch? Then if I decide to get a dedicated firewall in the future I always could?

http://www.samsung.com/global/busine...2b_prd_id=438#

Just click the brochure link.

 

[Jamsan]

For firewall, I'd go somewhat in line with drebo's recommendation, except with the SSG line of firewalls. They're a little cheaper than the SRX's, ScreenOS is a little easier to use than Junos, and there are some models that come with built in wireless AP's, so one device can manage your entire network.

http://www.juniper.net/us/en/products-services/security/ssg-series/ssg5/ (specifically, part number SSG-5-SB-W-US)

 

[chuck2002]

What about the T-1? Why do you want to have this? Just get a bigger pipe for your DSL and save a ton of money.

As for the firewall, you could get a real, dedicated device, but if you are coming from a 4 port router, it sounds like you really don't need anything bigger. I'd say get a router from ASUS or some other brand that have firmware that can be hacked to run tomato or ddwrt and then you will have a cheap device that is highly customizable.

You can return the switch to Dell. You really don't need a managed switch for the amount of computers you have and your environment. Save the money here. You will never be managing anything, and if you do, it will be because you broke it from managing it...
Also, you didn't mention what you are using for email, and if you are using dropbox already, you could get a google apps account for under 10 users for free and use their email with your domain and their file serving. This is an excellent service for the cost savings for a small business.
One other quick suggestion if you thought you might want a file server solution: I would go with a windows home server install. It will handle up to 10 computers, automated backups of each workstation in a set it and forget it fashion, file server that you could have for large files that you don't want to dropbox, etc. It is 100 bucks. Worth every penny and really easy to manage.

Adding cost and complexity doesn't always make a positive gain in performance and most times is a waste of time and resources.