• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

VPN/Router/Firewall solution for small business

C

ckeleshian

Banned
Its for a small business that uses almost completely windows computers. We need 20+(at least 15) IPSec tunnels. Most of the computers connect via 802.11G pcmcia or pci cards. Ideally this solution would be a router/firewall/WAP/vpn all-in-one box. We're hoping for the cheapest solution possible, but up to $1500 is alright. I've seen a few Netvanta and Cisco solutions for $1400-2000, but also many other off-brand smaller solutions for $100-400. Would these work or not? Are clients much more money? I don't understand the reasons for the price differences in router/vpn/firewall solutions. Thanks!

Netgear FVL328 router/vpn
Netgear FVS338 ProSafe VPN Firewall 50
Sonicwall Pro 1260 - $1000
D-Link NetDefend VPN Firewall DFL-200 - $245
D-Link - DI-804HV Express EtherNetwork 4-Port Broadband VPN Router - $50
Soho/MultiCom SpeedSurf - $630
Lightning/MultiCom Ethernet II - $737
ZyXEL Prestige 2602HWL
 
take a look at imagestream routers .. they will need an addon for wireless but the VPN firewall wirespeed upto DS2 is great and new with lifetime software warrenty is around $2K... cheaper for used (I had one for sale for $1200....)
 
when are those speeds necessary? this is a small company operating on a dsl line. would a $300 option be much different?
 
What would be the best(easiest to install/use, most stable/reliable) sonicwall and ZyXel solutions with 20+ simultaneous IPsec tunnels and 15+ clients?
 
Originally posted by: ckeleshian
when are those speeds necessary? this is a small company operating on a dsl line. would a $300 option be much different?
Click to expand...

always overspec, the rebels will do the T1 no prob and can scale down to 56K I use a rebel here on my DSL for a big system here as for VPN tunnels I know one that is running 7 tunnels like it wasn't there....

 
Originally posted by: ckeleshian
What would be the best(easiest to install/use, most stable/reliable) sonicwall and ZyXel solutions with 20+ simultaneous IPsec tunnels and 15+ clients?
Click to expand...

We use a SonicWALL Pro 2040, but I think that was $2500. And it's the yearly maintenance contracts that kill ya. Personally, I would set up a Linux box. Might I suggest Fedora Core? That is what I hope to do, once I have time... I'm stuck on setting up L2TP/IPSec tunnels; I may just give up and go with SSL tunnels....
 
I would use an open source solution for this. I would build a monowall box using a basic computer and a ide to compact flash converter. This is going to give you more bang than any product you can purchase for an environment that small.


http://www.m0n0.ch/wall/
 
Originally posted by: watts3000
I would use an open source solution for this. I would build a monowall box using a basic computer and a ide to compact flash converter. This is going to give you more bang than any product you can purchase for an environment that small.


http://www.m0n0.ch/wall/
Click to expand...

Oh yeah, excellent suggestion. I've toyed with m0n0wall. I plan to go with a full linux distro because there is some additional functions I would like to add, but a m0n0wall will give you at least as much functionality as a SonicWALL and is just as easy to configure and administer.
 
Nortel Contivity 100 series unit.....you can get it with a SPI firewall for cheap.
Comes with 4 "lan" ports, a WAN port and an optional port for hooking up a dirty lan for wireless, etc....
 
I would not buy the Sonicwall. Their service for the lower-class models is miserable and patch releases are slow. Unless they screw something up in which case they might release a few in succession.

Not to mention that it's impossible to get L2TP setup and in doing so they attempt to force you to use their own VPN solution.
 
Another vote for m0n0wall here....have used it with both PPTP and IPSEC for a year or so now with no hickups.....
 
ckeleshianm, what's on the client end of your VPN tunnels?

If you expect to pull the tunnels directly to Windows client boxes, I can't strongly enough recommend the Cisco VPN client. Which is basically a freebie if and only if you have a Cisco device serving the clients. Their Windows client is by far the best I've seen. Their firewalls are all not quite where they should be. The PIX is okay, the 506E is about $1k and will get you to 25 clients. The problem is, it's now a dead-end platform. Their replacement is to use the new ISR series routers, the 800/1800/2800/3800, check the 800 and 1800 for your needs. They have good performance and features, especially for their price, but they also come with more than acceptable bugs. Until that platform is more mature I'd be cautious about using it. There's also Cisco's VPN Concentrator series, which are very expensive.

The firewalls you listed to ask about, I think all of them do not come with a Windows IPsec VPN client. That means you need to buy an IPsec VPN client such as SSH Sentinel to be able to connect to them. (Or try to use the one built into Windows, which is extremely crippled, and pretty much futile). VPN clients tend to go for $50-$100 per system they're installed on, which all the sudden makes the lower end firewalls not be such a good deal anymore. The same goes for any Linux or BSD solution like Moonwall, great firewall but without a good Windows client you might not have a usable solution.

Sonicwalls never appealled to me. They're okay. Limited functionality. Did they ever add a CLI? If there's no CLI, it's still a toy to me. The boxes themselves work, though.

I don't like the Contivity, and doubly don't like Nortel.

Netgear has gone far, far downhill since they were part of Nortel. Indian tech support on Chinese hardware and software. If you trust your network to this, you get what you pay for. D-Link is a little better but the same fundamental equation, as is Linksys. I don't build corporate networks on home-grade gear, in the long run it just isn't cost effective (remember, skilled labor to maintain the network, and employee productivity, are not free).

ZyXEL is also SOHO grade, but I've heard a lot of good things about them. Never used their gear though.

OpenBSD and PF is a great firewall, requires a lot of UNIX skills to set up and run. Linux is not as good a firewall but distributions like Moonwall make it reasonably easy to install and maintain. If your IPsec clients are hardware based, that might be a great option, just run it on a $300 Dell SC420 or similar.

In your particular environment, I'd put in a PIX 506E with a huge disclaimer that the box is unlikely to get anything other than critical security updates - i.e., no new features.
 
Originally posted by: PorBleemo
I would not buy the Sonicwall. Their service for the lower-class models is miserable and patch releases are slow. Unless they screw something up in which case they might release a few in succession.

Not to mention that it's impossible to get L2TP setup and in doing so they attempt to force you to use their own VPN solution.
Click to expand...

Yeah, I had the same problem with L2TP, which I would like to use. I set it up just how their guide says to. I go over and over it and double double check everything, but still the tunnel just doesn't work.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top