Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
3182 posts

Uber Geek
+1 received by user: 988

Subscriber

  Reply # 1893236 31-Oct-2017 16:38
One person supports this post
Send private message quote this post

coffeebaron:

 

chevrolux:

 

The small Mikrotik CCR will do that no problem.

 

Have to say though, wondering the use case? 

 

 

Inter office file sharing from NAS / server would be one suitable use case.

 

 

Absolutely. But we do that very easily over 100Mbps - and actually one of our servers that is the remaining one with spinning disks is the biggest bottle neck that I notice. One of the small backup jobs (Proxmox to NAS, compressed image etc) is the "app" server (a LAMP stack with a few things running on it) and that gets smashed out within an hour.

 

If audio/video is your thing then absolutely. But general office files it's like working off a local NAS.

 

Still, if you have the desire, and budget, go hard!




2838 posts

Uber Geek
+1 received by user: 1478

Subscriber

  Reply # 1893278 31-Oct-2017 19:37
Send private message quote this post

Just to be clear I see no problem with spending up to a couple of grand per device, just not tens of thousands say for a top end Cisco which is completely overkill in every aspect but the IPSec throughput. They will be replacing existing 550x/551x ASA's which are EoL.

 

As I said the Fortigate's are looking VERY promising, looks like the SonicWall's could be contenders too.

 

 

 

 





Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


 
 
 
 


251 posts

Ultimate Geek
+1 received by user: 6

Trusted

  Reply # 1893284 31-Oct-2017 19:43
2 people support this post
Send private message quote this post

I'd avoid Sonicwall at all costs...  quite possibly the worst firewall I've ever had the displeasure of working with...  specs on paper look impressive...  reality is quite different.


59 posts

Master Geek
+1 received by user: 6


  Reply # 1893330 31-Oct-2017 21:11
One person supports this post
Send private message quote this post

It does sound like you're getting into the territory where building could be as effective as buying.

 

Could I suggest that you take a look at StrongSwan, on whatever Linux/BSD you'd be happy compiling it on?

 

I've been running it in commercial applications for about 5 years now, and it's only limited by how much hardware I want to throw at it. Modern CPUs just smash this kind of workload. In my case, the software stack is deployed via a tightly managed DevOps workflow using Chef, everything is software-defined, and it's a ton more compliance-driven and secure than anything else for the price.

 

Indeed you may need to either upskill or outsource, but in either case you're getting a result that's built around your specific spec and not any other features you may not necessarily need.

 

FWIW I'd be happy to help out with advice or configs. Just flick me a DM if you want.

 

Best of luck in your hunt!


6849 posts

Uber Geek
+1 received by user: 3163

Moderator
Trusted
Subscriber

  Reply # 1893334 31-Oct-2017 21:24
Send private message quote this post

I've gotta be honest with you here. I could go on a wild tangent on how Cisco, Juniper or even Cisco Meraki will be (and sounds to be) the best for you but I won't - it is stupidly expensive for what you're getting and you'll be just chucking money all over the place.

 

PFSense is sounding like more of the product for you. There is multiple ways on making it "enterprise grade" without breaking the budget in the process.

 

For starters - did you know they offer products and not just a great firewall OS? All their products are tested and I would consider enterprise grade also. See here: https://www.pfsense.org/products/
Secondary - you can buy in to support also to please the bosses if this is a requirement.
And finally - PFSense is a rock solid platform with many features available for less cost than a comparable Mikrotik or even Ubiquiti product. I've got a PFSense box that has an uptime of 4 years (not kidding) but mind you this isn't on the internet fully and is only powering a VLAN for a IP Phone network in a company and this just goes to show with how stable the platform as a whole is.

 

You'll get potentially the best VPN experience out of this as well as buying a product. All other routers in this range are just computers (like this) with custom operating systems on them so I wouldn't rule PFSense out. The "Netgate" appliances are rock solid and have been thoroughly tested. I would have no issues at all with installing this in a high traffic enterprise environment if they had to adhere to a budget.





Michael Murphy | https://murfy.nz
Want to be with an epic ISP? Want $20 to join them too? Well, use this link to sign up to BigPipe!
The Router GuideCommunity UniFi Cloud Controller | Ubiquiti Edgerouter Tutorial


180 posts

Master Geek
+1 received by user: 23


  Reply # 1893417 1-Nov-2017 07:38
Send private message quote this post

Lias:

 

Just to be clear I see no problem with spending up to a couple of grand per device, just not tens of thousands say for a top end Cisco which is completely overkill in every aspect but the IPSec throughput. They will be replacing existing 550x/551x ASA's which are EoL.

 

As I said the Fortigate's are looking VERY promising, looks like the SonicWall's could be contenders too.

 

 

 

Both the Sonicwalls and Fortigates are hardware accelerated and that is what you are going to need.

 

The caveats you need to be aware of:

 

 - Fortigate specs are quite often very optimistic, usually based on UDP throughputs with the box doing absolutely nothing else.

 

 - Sonicwall assigns streams to cores. If you want single stream performance it may not be the box for you. If you want 1Gbps using multiple UDP/TCP streams it'll be fine (a TZ-500 is going to be closest to your needs)

 

 

 

At the end of the day nothing else can beat hardware acceleration on bang for buck.


180 posts

Master Geek
+1 received by user: 23


  Reply # 1893419 1-Nov-2017 07:46
Send private message quote this post

Glazza:

 

I'd avoid Sonicwall at all costs...  quite possibly the worst firewall I've ever had the displeasure of working with...  specs on paper look impressive...  reality is quite different.

 

 

 

 

Maybe you're mixing Sonicwall up with something else. The spec sheets are pretty accurate. I run lots of Sonicwalls at home on a 1Gbps 2Degrees fibre circuit and what I get correlates well with published numbers.

 

If you were getting poor performance it's most likely a configuration issue. I've seen one site have a meltdown over performance using speedtest, turned out they had ports blocked that speedtest needed and this impacted performance massively. Once we unblocked the necessary ports speedtest numbers correlated with spec sheets.  Also MTUs can have a big impact with some ISPs (due to black hole routers that don't seen info required for PMTU).


15109 posts

Uber Geek
+1 received by user: 3915

Trusted
Subscriber

  Reply # 1893452 1-Nov-2017 09:09
Send private message quote this post

High-end Sonicwalls can cope with this but not for the money you are talking about. I'd suggest that if you want reliability, monitoring, and support with those specs, you'll need bigger budgets.

 

 


59 posts

Master Geek
+1 received by user: 6


  Reply # 1893509 1-Nov-2017 10:18
2 people support this post
Send private message quote this post

vulcannz:

 

 

 

At the end of the day nothing else can beat hardware acceleration on bang for buck.

 

 

 

 

Intel consumer-grade CPUs have hardware support in the form of AES-NI, and Linux has good kernel support for this from 4.x onwards. So this statement is also neatly true for off-the-shelf computer hardware.


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.