Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developerssite to site VPN's


1906 posts

Uber Geek


# 204799 18-Oct-2016 10:59
Send private message

Hi Guys

 

Site to site IPSEC VPN's  , all via sonicwall (low end) firewalls
For 2 site to site VPN's connecting to a Head Office , through Fibre Internet
The firewalls are very old , and low end units, but the VPN's arnt passing alot of data.

 

 

 

Just what sort of reliability can be expected ?
Is it unrealistic to expect site 2 site VPNs to be free from occasional dropouts ?
Or are top of the line , expensive firewall needed for reliable droput free VPNs
Is a dedicated line between sites needed ?


 

 

 

 

 

 

 

 

Create new topic
2636 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1652758 18-Oct-2016 11:04
Send private message

Brief dropouts are not normally an issue as long as the firewall is reconnecting.  Are both sites using the same ISP to minimise routing issues?  Perhaps put some monitoring in place so you have good data about the interruptions.




"4 wheels move the body.  2 wheels move the soul."

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

5411 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1652760 18-Oct-2016 11:09
Send private message

" ... The firewalls are very old , and low end units, ..."

 

What are the "low end units"?

 

How old is "very old"?




Sideface

 
 
 
 


21301 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1652763 18-Oct-2016 11:18
Send private message

If the Sonicwalls are TZ105 onward I'd expect very good reliability IF your connectivity is reliable (You can't have traffic on a road, if there is a break in the road).

 

 

3169 posts

Uber Geek

Subscriber

  # 1652768 18-Oct-2016 11:34
Send private message

We've got one client using two Linksys WRT54GL units, running Tomato firmware, for their site-site VPN.

 

It is only passing a few RDP sessions but it has never dropped the connection once, and they have been installed for over 5 years now.

 

They cost less than $100 each at the time.

 

Both sites are on fibre with the same ISP so that could be helping.

3496 posts

Uber Geek

Trusted

  # 1652886 18-Oct-2016 14:02
Send private message

I Can't speak for Sonicwall but we have used (virtualised) PFsense for years with very high reliability - passing usually 20-30mbps at any time through the network (it's Mesh - probably 30 tunnels or so) with virtually no dropouts. It also supports AES encryption which is CPU accelerated these days... not that it takes a huge amount of CPU anyway....

 

Perhaps the biggest issue with older devices is that if it only supports DES etc. that these are no longer thought of as secure encryption methods.




Speedtest 2019-10-14



1906 posts

Uber Geek


  # 1653409 19-Oct-2016 11:09
Send private message

Any recommendations for an IT company who specialises in site to site VPN's

 

I need a second opinion , the site to site just isnt reliable
Its all sonicwall TZ170's

1508 posts

Uber Geek


  # 1653428 19-Oct-2016 11:26
Send private message

Is that an IT company to replace the hardware or configure it?

 

If it is new hardware, IFM do Cisco and we have never had a bad experience with them. http://www.ifm.net.nz/

 

 

 

Our experience with site to site VPN's has been fine. We run into Azure, one to CHCH and one to our Aussie office and a couple to client sites. All from the main firewall in AKL. We have had one issue with the Aussie office which was due to the ISP in Aussie breaking a route. Other than that they have all been solid. We run Watchguard hardware and the clients are mostly Cisco and one SonicWall.

 

As others have said, the connection needs to be good to guarantee a good connection. The hardware could (big could as I don't know the hardware) be fine as long as it is not overstressed already or flaky. Just be aware if it is really old, you are not going to have much choice in encryption standards and it might be slow due to no encryption offloading.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B

 
 
 
 




1906 posts

Uber Geek


  # 1653457 19-Oct-2016 12:14
One person supports this post
Send private message

toyonut:

 

Is that an IT company to replace the hardware or configure it?

 

If it is new hardware, IFM do Cisco and we have never had a bad experience with them. http://www.ifm.net.nz/

 

 

 

Thanks for that, Ive contacted them

What does this tag do
1022 posts

Uber Geek

Subscriber

  # 1653474 19-Oct-2016 12:32
Send private message

Also, not sure if you mean all sites are on fibre or just head office

 

Depending on budget, Cisco Meraki does a wonderful job. MX64 in each site office, MX64W if you need wireless; this can be your router and handles site to site VPN automatically.

 

Automatic support for dual internet connections too if you wanted to have 4G backup connections or something

 

 

 

Edit - small offices with only a few devices could use the Z1 too pretty well priced

5411 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1653475 19-Oct-2016 12:37
Send private message

1101:

 

<snip>

 

Its all sonicwall TZ170's

 

 

Released 2004
Discontinued 2009
Support withdrawn 2011




Sideface

938 posts

Ultimate Geek

Trusted
Chorus

  # 1653485 19-Oct-2016 12:49
Send private message

1101:

 

Any recommendations for an IT company who specialises in site to site VPN's

 

I need a second opinion , the site to site just isnt reliable
Its all sonicwall TZ170's

 

 

[Shameless Plug Alert]

 

You could also consider the SecureME service from Spark Digital. It's very competitively priced and is scaleable to your needs. See http://www.sparkdigital.co.nz/solutions/security/secureme/ for details. It's self managed via an online portal that the customer or their IT company can use from anywhere.

 

  •  

    • Connectivity
    • Connection options include ADSL2+ / VDSL / UFB / 3G/4G (optional)
    • Connect branch sites securely via a Virtual Private Network (VPN) to create a low cost wide area network or connect to your own existing wide area network. Options available are IPSEC, SSL, PPTP and OpenVPN(SSL)
    • Remote user VPN and device connectivity for staff on the move
    • WiFi access point supports guest internet access for staff and customers
    • Cloud-based self-management portal to remotely manage sites and users.

    Security

     

    • ISCA-certified firewall
    • Content filtering, centralised management, real-time alerts and reporting
    • Optional PCI DSS certification at network level.

    Reliability

     

    • 24/7 service desk
    • Optional failover from broadband to Spark mobile 3G network
    • Single point of accountability for device and internet connection
    • SLAs for service recovery
    • Next day replacement of hardware for self-managed install if required




The views expressed by me are not necessarily those of my employer Chorus NZ Ltd

436 posts

Ultimate Geek
Inactive user


  # 1654537 19-Oct-2016 15:43
Send private message

TZ170s are fairly old and rated to about 30Mbps of IPSEC throughput (they used Cavium Nitrox's for IPSEC acceleration).

 

 

 

You could use them as trade-ins on the SonicWALL Secure Upgrade program. Get yourself a couple of TZ-300s at a decent price under the program, they will handle a 100Mbps fibre circuit with all security services (IPS, GAV/AS, App Control, Web Filtering and SSL Decrypt) enabled - plus the new capture service is a nice malware killer.

 

 

 

 

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft New Zealand Partner Awards results
Posted 18-Oct-2019 10:18

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36

MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28

Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15

D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31

Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29

Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24

Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59

Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07

Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02

Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41

Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36

2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17

Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46

Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.