Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
3397 posts

Uber Geek
+1 received by user: 1140

Subscriber

  Reply # 1893236 31-Oct-2017 16:38
One person supports this post
Send private message

coffeebaron:

 

chevrolux:

 

The small Mikrotik CCR will do that no problem.

 

Have to say though, wondering the use case? 

 

 

Inter office file sharing from NAS / server would be one suitable use case.

 

 

Absolutely. But we do that very easily over 100Mbps - and actually one of our servers that is the remaining one with spinning disks is the biggest bottle neck that I notice. One of the small backup jobs (Proxmox to NAS, compressed image etc) is the "app" server (a LAMP stack with a few things running on it) and that gets smashed out within an hour.

 

If audio/video is your thing then absolutely. But general office files it's like working off a local NAS.

 

Still, if you have the desire, and budget, go hard!




3078 posts

Uber Geek
+1 received by user: 1624

Subscriber

  Reply # 1893278 31-Oct-2017 19:37
Send private message

Just to be clear I see no problem with spending up to a couple of grand per device, just not tens of thousands say for a top end Cisco which is completely overkill in every aspect but the IPSec throughput. They will be replacing existing 550x/551x ASA's which are EoL.

 

As I said the Fortigate's are looking VERY promising, looks like the SonicWall's could be contenders too.

 

 

 

 





Information wants to be free. The Net interprets censorship as damage and routes around it.

 

Thinking about signing up to BigPipe? Get $20 credit with my referral link.


260 posts

Ultimate Geek
+1 received by user: 6

Trusted

  Reply # 1893284 31-Oct-2017 19:43
2 people support this post
Send private message

I'd avoid Sonicwall at all costs...  quite possibly the worst firewall I've ever had the displeasure of working with...  specs on paper look impressive...  reality is quite different.


59 posts

Master Geek
+1 received by user: 6


  Reply # 1893330 31-Oct-2017 21:11
One person supports this post
Send private message

It does sound like you're getting into the territory where building could be as effective as buying.

 

Could I suggest that you take a look at StrongSwan, on whatever Linux/BSD you'd be happy compiling it on?

 

I've been running it in commercial applications for about 5 years now, and it's only limited by how much hardware I want to throw at it. Modern CPUs just smash this kind of workload. In my case, the software stack is deployed via a tightly managed DevOps workflow using Chef, everything is software-defined, and it's a ton more compliance-driven and secure than anything else for the price.

 

Indeed you may need to either upskill or outsource, but in either case you're getting a result that's built around your specific spec and not any other features you may not necessarily need.

 

FWIW I'd be happy to help out with advice or configs. Just flick me a DM if you want.

 

Best of luck in your hunt!


Meow
7375 posts

Uber Geek
+1 received by user: 3541

Moderator
Trusted
Lifetime subscriber

  Reply # 1893334 31-Oct-2017 21:24
Send private message

I've gotta be honest with you here. I could go on a wild tangent on how Cisco, Juniper or even Cisco Meraki will be (and sounds to be) the best for you but I won't - it is stupidly expensive for what you're getting and you'll be just chucking money all over the place.

 

PFSense is sounding like more of the product for you. There is multiple ways on making it "enterprise grade" without breaking the budget in the process.

 

For starters - did you know they offer products and not just a great firewall OS? All their products are tested and I would consider enterprise grade also. See here: https://www.pfsense.org/products/
Secondary - you can buy in to support also to please the bosses if this is a requirement.
And finally - PFSense is a rock solid platform with many features available for less cost than a comparable Mikrotik or even Ubiquiti product. I've got a PFSense box that has an uptime of 4 years (not kidding) but mind you this isn't on the internet fully and is only powering a VLAN for a IP Phone network in a company and this just goes to show with how stable the platform as a whole is.

 

You'll get potentially the best VPN experience out of this as well as buying a product. All other routers in this range are just computers (like this) with custom operating systems on them so I wouldn't rule PFSense out. The "Netgate" appliances are rock solid and have been thoroughly tested. I would have no issues at all with installing this in a high traffic enterprise environment if they had to adhere to a budget.





232 posts

Master Geek
+1 received by user: 41


  Reply # 1893417 1-Nov-2017 07:38
Send private message

Lias:

 

Just to be clear I see no problem with spending up to a couple of grand per device, just not tens of thousands say for a top end Cisco which is completely overkill in every aspect but the IPSec throughput. They will be replacing existing 550x/551x ASA's which are EoL.

 

As I said the Fortigate's are looking VERY promising, looks like the SonicWall's could be contenders too.

 

 

 

Both the Sonicwalls and Fortigates are hardware accelerated and that is what you are going to need.

 

The caveats you need to be aware of:

 

 - Fortigate specs are quite often very optimistic, usually based on UDP throughputs with the box doing absolutely nothing else.

 

 - Sonicwall assigns streams to cores. If you want single stream performance it may not be the box for you. If you want 1Gbps using multiple UDP/TCP streams it'll be fine (a TZ-500 is going to be closest to your needs)

 

 

 

At the end of the day nothing else can beat hardware acceleration on bang for buck.


232 posts

Master Geek
+1 received by user: 41


  Reply # 1893419 1-Nov-2017 07:46
Send private message

Glazza:

 

I'd avoid Sonicwall at all costs...  quite possibly the worst firewall I've ever had the displeasure of working with...  specs on paper look impressive...  reality is quite different.

 

 

 

 

Maybe you're mixing Sonicwall up with something else. The spec sheets are pretty accurate. I run lots of Sonicwalls at home on a 1Gbps 2Degrees fibre circuit and what I get correlates well with published numbers.

 

If you were getting poor performance it's most likely a configuration issue. I've seen one site have a meltdown over performance using speedtest, turned out they had ports blocked that speedtest needed and this impacted performance massively. Once we unblocked the necessary ports speedtest numbers correlated with spec sheets.  Also MTUs can have a big impact with some ISPs (due to black hole routers that don't seen info required for PMTU).


16930 posts

Uber Geek
+1 received by user: 4763

Trusted
Lifetime subscriber

  Reply # 1893452 1-Nov-2017 09:09
Send private message

High-end Sonicwalls can cope with this but not for the money you are talking about. I'd suggest that if you want reliability, monitoring, and support with those specs, you'll need bigger budgets.

 

 


59 posts

Master Geek
+1 received by user: 6


  Reply # 1893509 1-Nov-2017 10:18
2 people support this post
Send private message

vulcannz:

 

 

 

At the end of the day nothing else can beat hardware acceleration on bang for buck.

 

 

 

 

Intel consumer-grade CPUs have hardware support in the form of AES-NI, and Linux has good kernel support for this from 4.x onwards. So this statement is also neatly true for off-the-shelf computer hardware.


1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17


Stuff takes 100% ownership of Stuff Fibre
Posted 24-May-2018 19:41


Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44


Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52


ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10


Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43


Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14


UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55


Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.