Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


1101

3122 posts

Uber Geek


#204799 18-Oct-2016 10:59
Send private message

Hi Guys

 

Site to site IPSEC VPN's  , all via sonicwall (low end) firewalls
For 2 site to site VPN's connecting to a Head Office , through Fibre Internet
The firewalls are very old , and low end units, but the VPN's arnt passing alot of data.

 

 

 

Just what sort of reliability can be expected ?
Is it unrealistic to expect site 2 site VPNs to be free from occasional dropouts ?
Or are top of the line , expensive firewall needed for reliable droput free VPNs
Is a dedicated line between sites needed ?


 

 

 

 

 

 

 

 


Create new topic
Dynamic
3867 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1652758 18-Oct-2016 11:04
Send private message

Brief dropouts are not normally an issue as long as the firewall is reconnecting.  Are both sites using the same ISP to minimise routing issues?  Perhaps put some monitoring in place so you have good data about the interruptions.





“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.




Sideface
9357 posts

Uber Geek

Trusted
DR
Lifetime subscriber

  #1652760 18-Oct-2016 11:09
Send private message

" ... The firewalls are very old , and low end units, ..."

 

What are the "low end units"?

 

How old is "very old"?





Sideface


networkn
Networkn
32351 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1652763 18-Oct-2016 11:18
Send private message

If the Sonicwalls are TZ105 onward I'd expect very good reliability IF your connectivity is reliable (You can't have traffic on a road, if there is a break in the road).

 

 




CYaBro
4585 posts

Uber Geek

ID Verified
Trusted

  #1652768 18-Oct-2016 11:34
Send private message

We've got one client using two Linksys WRT54GL units, running Tomato firmware, for their site-site VPN.

 

It is only passing a few RDP sessions but it has never dropped the connection once, and they have been installed for over 5 years now.

 

They cost less than $100 each at the time.

 

Both sites are on fibre with the same ISP so that could be helping.





Opinions are my own and not the views of my employer.


Zeon
3916 posts

Uber Geek

Trusted

  #1652886 18-Oct-2016 14:02
Send private message

I Can't speak for Sonicwall but we have used (virtualised) PFsense for years with very high reliability - passing usually 20-30mbps at any time through the network (it's Mesh - probably 30 tunnels or so) with virtually no dropouts. It also supports AES encryption which is CPU accelerated these days... not that it takes a huge amount of CPU anyway....

 

Perhaps the biggest issue with older devices is that if it only supports DES etc. that these are no longer thought of as secure encryption methods.





Speedtest 2019-10-14


1101

3122 posts

Uber Geek


  #1653409 19-Oct-2016 11:09
Send private message

Any recommendations for an IT company who specialises in site to site VPN's

 

I need a second opinion , the site to site just isnt reliable
Its all sonicwall TZ170's


toyonut
1508 posts

Uber Geek


  #1653428 19-Oct-2016 11:26
Send private message

Is that an IT company to replace the hardware or configure it?

 

If it is new hardware, IFM do Cisco and we have never had a bad experience with them. http://www.ifm.net.nz/

 

 

 

Our experience with site to site VPN's has been fine. We run into Azure, one to CHCH and one to our Aussie office and a couple to client sites. All from the main firewall in AKL. We have had one issue with the Aussie office which was due to the ISP in Aussie breaking a route. Other than that they have all been solid. We run Watchguard hardware and the clients are mostly Cisco and one SonicWall.

 

As others have said, the connection needs to be good to guarantee a good connection. The hardware could (big could as I don't know the hardware) be fine as long as it is not overstressed already or flaky. Just be aware if it is really old, you are not going to have much choice in encryption standards and it might be slow due to no encryption offloading.





Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B


 
 
 
 

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).
1101

3122 posts

Uber Geek


  #1653457 19-Oct-2016 12:14
Send private message

toyonut:

 

Is that an IT company to replace the hardware or configure it?

 

If it is new hardware, IFM do Cisco and we have never had a bad experience with them. http://www.ifm.net.nz/

 

 

 

Thanks for that, Ive contacted them


jnimmo
1097 posts

Uber Geek


  #1653474 19-Oct-2016 12:32
Send private message

Also, not sure if you mean all sites are on fibre or just head office

 

Depending on budget, Cisco Meraki does a wonderful job. MX64 in each site office, MX64W if you need wireless; this can be your router and handles site to site VPN automatically.

 

Automatic support for dual internet connections too if you wanted to have 4G backup connections or something

 

 

 

Edit - small offices with only a few devices could use the Z1 too pretty well priced


Sideface
9357 posts

Uber Geek

Trusted
DR
Lifetime subscriber

  #1653475 19-Oct-2016 12:37
Send private message

1101:

 

<snip>

 

Its all sonicwall TZ170's

 

 

Released 2004
Discontinued 2009
Support withdrawn 2011





Sideface


Wheelbarrow01
1723 posts

Uber Geek

Trusted
Chorus

  #1653485 19-Oct-2016 12:49
Send private message

1101:

 

Any recommendations for an IT company who specialises in site to site VPN's

 

I need a second opinion , the site to site just isnt reliable
Its all sonicwall TZ170's

 

 

[Shameless Plug Alert]

 

You could also consider the SecureME service from Spark Digital. It's very competitively priced and is scaleable to your needs. See http://www.sparkdigital.co.nz/solutions/security/secureme/ for details. It's self managed via an online portal that the customer or their IT company can use from anywhere.

 

  •  

    • Connectivity
    • Connection options include ADSL2+ / VDSL / UFB / 3G/4G (optional)
    • Connect branch sites securely via a Virtual Private Network (VPN) to create a low cost wide area network or connect to your own existing wide area network. Options available are IPSEC, SSL, PPTP and OpenVPN(SSL)
    • Remote user VPN and device connectivity for staff on the move
    • WiFi access point supports guest internet access for staff and customers
    • Cloud-based self-management portal to remotely manage sites and users.

    Security

     

    • ISCA-certified firewall
    • Content filtering, centralised management, real-time alerts and reporting
    • Optional PCI DSS certification at network level.

    Reliability

     

    • 24/7 service desk
    • Optional failover from broadband to Spark mobile 3G network
    • Single point of accountability for device and internet connection
    • SLAs for service recovery
    • Next day replacement of hardware for self-managed install if required




The views expressed by me are not necessarily those of my employer Chorus NZ Ltd


vulcannz
436 posts

Ultimate Geek
Inactive user


  #1654537 19-Oct-2016 15:43
Send private message

TZ170s are fairly old and rated to about 30Mbps of IPSEC throughput (they used Cavium Nitrox's for IPSEC acceleration).

 

 

 

You could use them as trade-ins on the SonicWALL Secure Upgrade program. Get yourself a couple of TZ-300s at a decent price under the program, they will handle a 100Mbps fibre circuit with all security services (IPS, GAV/AS, App Control, Web Filtering and SSL Decrypt) enabled - plus the new capture service is a nice malware killer.

 

 

 

 


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.