Spec me a small business VPN router

Discussion in 'Networks' started by Beerbaron, Mar 5, 2013.

  1. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    Hi,

    I am looking for a new router for one of our small offices. The features I'm after are:


    • 10/100/1000 WAN
    • VPN (for remote users). VPN access must support MAC OS if it requires software
    • Needs to support ~30 users for remote user VPN
    • If possible can be rack mounted but its not too important
    • Ideally something small business in cost/configuration


    Any recommendations?

    Thanks.

    - - - Updated - - -

    I've just come across these. Generally not a huge fan of D-Link stuff by these seem to tick most boxes:

    D-Link UK | DSR-1000N Wireless N Dual Band Unified Service Router

    D-Link | DSR-500 Unified Services Router w/ WAN Failover
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  2. BraderzTheDog

    BraderzTheDog Kilobyte Poster

    276
    2
    49
    Depends what you want you want in terms of features but here are a few.

    High end: Checkpoint - either hardware appliance or can be installed on a virtual machine if you have spare blade servers lieing around.
    Positives - easy to administer, very good gui, smartview tracker is fantastic tool for debugging, software blades, application awareness, can be distributed (manager & fw)
    Negatives: - Licenses expensive, can be a pain to debug if you don't know linux

    Mid range - Juniper SSG's or SRX - Hardware only based appliance, alot cheaper than checkpoint - huge range from SSG5 to SSG550 to suit all business needs.
    Positives - good web based gui, cheap solution (can pick up an ssg20 for about £200), very solid platform, scalable & great vendor support
    Negatives - Doesn't do much in the way of layer 7, cli language is VERY bispoke at least on SSG (SRX platform is more like cisco).

    Low end - Cisco ASA 505 or Fortinet - Cheap solution can pick these up for about £300 - £400 new from vendor. Does what it says on the tin.
    Positives - Cheap, well known and easy to deploy, alot of documentation especially Cisco (if you have a problem someone else somewhere will have had the same).
    Negatives - Not much functionality other than a basic Firewall and VPN solution, this does mean less stuff to go wrong but still... Not a massively great product.

    All of the above are firewalls, all can route packets will do the major routing protocols OSPF / RIP / EIGRP / BGP. All will give the ability to setup site to site and remote access VPN. Good solid products, I wouldn't use a router from personal experience.

    Hope this helps.
     
    Certifications: CCNA R&S, CCNA-SEC, CCSA, JNCIA FWV, MCITP, MCTS, MTA, A+
  3. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    I don't classify D-Link as something I'd want running at any of my clients.

    We're a reseller and use them pretty much exclusively over here, they work well, no silly VPN licensing & an OSX client is available.

    You can do a unit comparison with their Product Matrix here: http://www.fortinet.com/sites/default/files/basicfiles/ProductMatrix.pdf

    We're currently testing a Cyberoam unit we've been approached about which is also the SMB segment, better reporting and individual user blocking features but I'm still cautious as they are relatively unheard of or proven to us.
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  4. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    Thanks for the info.

    Its not a client but one of our offices. Only really 3-4 users there plus a few servers so quite small. We are looking for something quick and easy to setup.

    - - - Updated - - -

    What would you recommend from that product matrix?
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  5. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Just to clarify:

    The sites only got 3-4 users and a couple of servers, but needs 30-40 VPN users that will connect ?
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  6. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    How many are going to be connected at the same time mate?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  7. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    there are only a few staff that work at the office. there are a couple of servers that people connect to when they are out and about working at clients/other offices. the current router has the option to add 32 VPN users which is full, although i doubt they are all used. all 32 wont connect at the same. there isnt the option to add more 32 users with it limited to 32 at the same time.
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  8. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Ahh.

    Well with the Fortigates (and most other brands of similar level) you can do LDAP passthrough to your AD, so no need for different credentials and no limits.

    So would 5-10 be connecting concurrently then ?
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  9. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    no ad as its all mac with local accounts
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  10. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Looks like you could get away with a Fortigate 40C, but I'd suggest a 60. This is mainly as I've not had experience with the 40's as we don't use lower than the 60's ourselves.

    You do get faster throughputs on the VPNs with the 60's/80's. Also depends on the cost of them in the UK. There are wifi varients of those models too if that

    As an example we generally spec 60's for offices of around 10-25 people then move up to the 80's.

    User Maximums:

    Ok, so as per the latest firmware OS 5 it looks like all the desktop models with model numbers < 100 can have up to 500 local users.

    Source: http://docs.fortinet.com/fgt/handbook/50/fortigate-max-values-50.pdf

    More specific values for pre OS 5 can be seen at this link, which indicates anything greater than the 50 models have up to 100 local users available.

    Source: http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-max-values-40-mr3.pdf
     
    Last edited: Mar 9, 2013
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  11. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    If you want the correct product you need to work out how many remote workers are going to be connected at the same time (roughly).

    What Firewall products do you use at other sites?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  12. Beerbaron

    Beerbaron Megabyte Poster

    545
    9
    76
    I would guess at about 10 users. the current firewall used is the one on the Draytek router.
     
    Certifications: BSc (Hons), MSc, ITIL v3F, MCP, MCDST, MCITP: edst7, MCTS, MCSA: Server 2003, MCSA: Windows 7, N+, NVQ IT lvl 3, MCSA Windows 7, VCP5, CCENT, CEH
    WIP: CISSP
  13. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  14. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Sonicwalls...nooo, run.

    Personal preference but I really dislike their interfaces and charging a license per VPN client.
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  15. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Eh? You mad? :)

    Interface is easy and the VPN licensing depends on whether its SSL or the standard Global VPN client.

    Much cheaper than Cisco etc. and you get enterprise features. Granted its more expensive that Drayteks etc. but you don’t get the security with Drayteks.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  16. GSteer

    GSteer Megabyte Poster

    627
    31
    109
    Ah, I'm comparing to Fortigates, so no higher up the cost spectrum, I just find their interfaces easier to use.

    I'll defer to your licensing knowledge on them, the only ones I've worked with seemed to require licenses per connected user.

    As for madness, yes, certified :twisted:
     
    Certifications: BSc. (Comp. Sci.), MBCS, MCP [70-290], Specialist [74-324], Security+, Network+, A+, Tea Lord: Beverage Brewmaster | Courses: LFS101x Introduction to Linux (edX)
    WIP: CCNA Routing & Switching
  17. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Madness+ ? :)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.