VPN Router or UTM appliance for small business

[Icecold]

I was hoping for suggestions on a VPN router or UTM for a small business. The VPN functionality will be primarily used for remote users to make VOIP phone calls through the business phone system. There will be at most 10 VPN connections, and relatively little traffic.

There will be at most 20 devices on the local network.

Priorities are:

1. Stability

2. Voice quality through the VPN connection.

3. Ease of use for adding VPN users and managing basic settings such as port forwarding

4. Price -- preferably would like a solution under $500.

If gateway level antivirus and other UTM features are available in that price range that would be great, but the higher priority is stability with the VPN.

I had considered continuing to use the current router(which is not a good router and is due to be replaced anyways) and setting up a Linux box running OpenVPN but I want to ensure this is something that is easily managed and not something only I am comfortable making changes to.

I would also prefer to stay away from a router or UTM distribution running on a PC.(I love PFSense at home but if there are any issues in the business setting it would be blamed on having a DIY router)

 

[drebo]

SRX100. UTM licensing will push it over $500, but that'll be the case for everything.

Also, you're never going to get good voice quality through a VPN. Ever. 9 out of 10 calls will probably work fine...and you'll never hear about those. The 1 out of 10 where there's issues, though, will be like the sky is falling.

 

[gsaldivar]

One option might be a PFSense appliance: The entry-level VK-T40E is only $449, requires no ongoing licensing or fees, and includes one year warranty and one year of premium support to get you up and running. To provide for future growth, the FW-7551 is $699, includes all of the above and the faster Intel Atom C2358 processor (Rangeley) gives you QuickAssist Crypto Acceleration and AES-NI.

 

[Icecold]

SRX100. UTM licensing will push it over $500, but that'll be the case for everything.

Also, you're never going to get good voice quality through a VPN. Ever. 9 out of 10 calls will probably work fine...and you'll never hear about those. The 1 out of 10 where there's issues, though, will be like the sky is falling.

Thanks for the suggestion; I will look into it and see if it will meet our needs.

Our phone system vendor insists a VPN will work fine, but I have concerns about it as well. Prior to full implementation I was planning on doing further testing with my FreePBX box making calls through the VPN.(our vendor is not implementing FreePBX it was just something I had up and running in testing some things)

Fortunately, the remote users will not be utilizing the phone system heavily so hopefully it will work out.

 

[Icecold]

Honestly, the more I've looked into this the more I lean towards just setting up a PFSense box and calling it a day. It doesn't seem in this price range there is anything else that comes even close.

 

[gsaldivar]

If you decide to do the PFSense appliance, it looks like they have $40 off on the 7551 at the Netgate store: http://store.netgate.com/FW-7551.aspx

 

[drebo]

The assertion that PFsense is even in the same league as Juniper, Palo Alto, or Cisco is comical.

 

[xSauronx]

The assertion that PFsense is even in the same league as Juniper, Palo Alto, or Cisco is comical.

nevermind support costs. who knows pfsense? and who knows cisco/juniper/? that is surely a big thing to consider.

from: https://portal.pfsense.org/support-subscription.php
Our support model is unique in that everything is on an hourly basis.
*further down*
Support plans start with a 2-hour minimum commitment and are billed at an incremental hourly rate of $200 after that. (All prices USD).

 

[gsaldivar]

from: https://portal.pfsense.org/support-subscription.php
Our support model is unique in that everything is on an hourly basis.
*further down*
Support plans start with a 2-hour minimum commitment and are billed at an incremental hourly rate of $200 after that. (All prices USD).

You only need to worry about that after the first year of support (included with purchase) has expired. Once support hours are purchased, work is rounded to the nearest 0.1 hour (6 minute) increment and deducted from the balance.

 

[Owls]

Thanks for the suggestion; I will look into it and see if it will meet our needs.

Our phone system vendor insists a VPN will work fine, but I have concerns about it as well. Prior to full implementation I was planning on doing further testing with my FreePBX box making calls through the VPN.(our vendor is not implementing FreePBX it was just something I had up and running in testing some things)

Fortunately, the remote users will not be utilizing the phone system heavily so hopefully it will work out.

I have a few clients that use VOIP through a VPN and so far there haven't been any issues with call quality. It really depends on what kind of hardware is being used as a VPN. In most cases it's a Sonicwall TZ205

 

[sonitravel09]

For business networks I'm all about UTM appliances now. Right now I'm working on site at a place with an old RV082...those units work fairly well for VPN tunnels. I do a lot with a product called Untangle....which is my favorite lately.