Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




5064 posts

Uber Geek
+1 received by user: 121

Trusted

# 37097 7-Jul-2009 14:20
Send private message

Looking at putting in a Citylink connection into a building with a Internet connection on the back of it. This will be 25Mbs/symmetric. Most of the time the connection will be standalone only accessible via wireless or if a PC is plugged into specific ports on the network and therefore not connected to the corporate WAN.

But in a DR situation (well main network failure) we are looking to use this connection for backup connectivity via a VPN solution.  When that happens we would disconnect our main WAN and plug this Internet connection into the main switch from the router.

I am not sure in this instance 60-70 users a home grade wireless router can cut the mustard, both performance and security wise. I don't want an expensive Cisco router but is there some sort of SMB router/firewall people might be familar and could recommend.

How good are the BSD based router solutions like Smoothwall or pfSense?

Thanks

Larry





Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Lifetime subscriber

  # 232059 7-Jul-2009 14:34
Send private message

Do you have a preference for hardware or software-based?

I like (and have deployed on a couple of occasions) Endian Firewall. Based on IPCop, but much improved since they started. And free.

www.endian.com




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown



5064 posts

Uber Geek
+1 received by user: 121

Trusted

  # 232063 7-Jul-2009 14:41
Send private message

Don't really care so long as it's robust. So I could just put this on a standard PC with two NICs?




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


 
 
 
 


Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Lifetime subscriber

  # 232069 7-Jul-2009 14:49
Send private message

Yes. And apparently 2.3 is coming out really soon, with even more nice stuff (VLAN support and advanced ACLs for proxy, for example).

I've setup one to run at my old office with 4 NICs for the multiple zones they required (internal, public, dmz, etc) and it does the job flawlessly.

I recently setup another box (this being a Celeron with 256MB -- totally not recommended for serious traffic) for a friend. Still, it does the content filtering quite well.

A recent C2D PC with upwards of 1GB of RAM should handle most of your traffic needs. Recent hardware scales better than old one, anyways.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

Amanzi
918 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 232160 7-Jul-2009 18:32
Send private message

lchiu7: Looking at putting in a Citylink connection into a building with a Internet connection on the back of it. This will be 25Mbs/symmetric. Most of the time the connection will be standalone only accessible via wireless or if a PC is plugged into specific ports on the network and therefore not connected to the corporate WAN.

But in a DR situation (well main network failure) we are looking to use this connection for backup connectivity via a VPN solution.  When that happens we would disconnect our main WAN and plug this Internet connection into the main switch from the router.

I am not sure in this instance 60-70 users a home grade wireless router can cut the mustard, both performance and security wise. I don't want an expensive Cisco router but is there some sort of SMB router/firewall people might be familar and could recommend.

How good are the BSD based router solutions like Smoothwall or pfSense?

Thanks

Larry



What do you consider 'expensive'? You can get a Cisco router for around $700 plus maybe $300 to configure it, so for around $1000 you'd have a rock-solid firewall. I wouldn't recommend running a PC-based firewall - if you bought a new computer for the job you'd be paying close to $1000 anyway, and if you ran it on old hardware then you're opening yourself up to some risk of hardware failure. SMB routers like SonicWall wouldn't be that much cheaper than the Cisco box anyway.



5064 posts

Uber Geek
+1 received by user: 121

Trusted

  # 232177 7-Jul-2009 19:33
Send private message

I thought of Sonicwall and tried calling them. No reply (Sydney) or no returned calls. I just wanted to find out what they meant by comes with 10 nodes and you have to pay for additional nodes? I think it's to do with the VPN solution but nobody called me back.

I am not interested in the VPN solution - we have a solution for that - just want the routing and basic firewall capability and ensure it passes IPSEC traffic.

As for whether an appliance is better than a PC, well this thing is not protecting the entire network all the time - usually only a few off-network users. The only time it might need more is when it's in a backup network mode and that would be hopefully only be for a few hours. So it just seemed overkill to look for an industrial strength solution.




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Lifetime subscriber

  # 232181 7-Jul-2009 19:53
Send private message

Although I agree with amanzi on the price-point question, I disagree on the problems he mentioned with a PC-based firewall, especially on this case. You're saying it's a backup system, and you don't want to (or can't) spend a lot. For $500 or less you can get a decent solution (hardware included) and still have reliability. Even old servers can do it, with their multiple PSUs, NICs, etc.

Appliances are better when you can afford them, but they don't necessarily make the PC a no-go. They're just more tailored for a single (or a few) task(s), whereas the PC is able to be used for other means as well.

Also on the hardware-failure subject: that's a box of chocolates. Any piece of hardware can go bad, even Cisco switches (hell, everyday at the office I see a few stacked on the shelves, waiting for the next recycling run). Of course, certain brands (or lack thereof) could be less reliable, so pick wisely (eg. I wouldn't run a firewall with D-Link nics). Valid point nonetheless, amanzi.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown



5064 posts

Uber Geek
+1 received by user: 121

Trusted

  # 232184 7-Jul-2009 20:02
Send private message

magu: .. (eg. I wouldn't run a firewall with D-Link nics). Valid point nonetheless, amanzi.


I have had 3 Dlink routers at home fail on me so amen to that!




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


19 posts

Geek


  # 232185 7-Jul-2009 20:04
Send private message

Zyxel USG 200 - IPSEC VPN's, Layer 7 Firewall and SSLVPN in one device. Highly configurable and performance is excellent.



5064 posts

Uber Geek
+1 received by user: 121

Trusted

  # 232188 7-Jul-2009 20:15
Send private message

And where does one buy that?




Staying in Wellington. Check out my AirBnB in the Wellington CBD.  https://www.airbnb.co.nz/rooms/32019730  Mention GZ to get a 10% discount

 

System One: Popcorn Hour A200,  PS3 SuperSlim, NPVR and Plex Server running on Gigabyte Brix (Windows 10 Pro), Sony BDP-S390 BD player, Pioneer AVR, Raspberry Pi running Kodi and Plex, Panasonic 60" 3D plasma, Google Chromecast

System Two: Popcorn Hour A200 ,  Oppo BDP-80 BluRay Player with hardware mode to be region free, Vivitek HD1080P 1080P DLP projector with 100" screen, Denon AVRS730H 7.2 Channel Dolby Atmos/DTS-X AV Receiver, Samsung 4K player, Google Chromecast, Odroid C2 running Kodi and Plex

 

 


Amanzi
918 posts

Ultimate Geek
+1 received by user: 110

Trusted
Subscriber

  # 232189 7-Jul-2009 20:17
Send private message

lchiu7: So it just seemed overkill to look for an industrial strength solution.


I guess our definitions of 'business grade' and 'industrial strength' differ a bit. Personally I wouldn't consider a desktop PC running a firewall app to be business grade, but I also wouldn't call the entry-level Cisco boxes industrial strength (that's what the big, $100k devices are for). But that's just my personal opinion.

magu: Also on the hardware-failure subject: that's a box of chocolates. Any piece of hardware can go bad, even Cisco switches


Not saying that Cisco switches don't break, but I would definitely say that a desktop PC has a higher chance of a hardware failure over a Cisco router. I don't have any hard evidence to back that up, it's just based on my own experience.

At the end of the day, it's what you feel comfortable with and how much risk you're willing to take. You seem to imply that because it's a DR connection, it's not that important - but in the event of a DR situation, it will be your most critical device. I'm just a fan of using the right tool for the right job. Sure, you may save a few hundred dollars now, but work out how much it will cost if that PC fails you in the event of DR.

19 posts

Geek


  # 232199 7-Jul-2009 21:02
Send private message

lchiu7: And where does one buy that?



Campbell Software are the NZ distributors for Zyxel


http://shop.campbell.co.nz/index.php?main_page=index&manufacturers_id=1&sort=20a&filter_id=9

Professional yak shaver
1599 posts

Uber Geek
+1 received by user: 8

Trusted
BitSignal
Lifetime subscriber

  # 232200 7-Jul-2009 21:03
Send private message

onehundredwatt: Zyxel USG 200 - IPSEC VPN's, Layer 7 Firewall and SSLVPN in one device. Highly configurable and performance is excellent.

I've never had a personal experience with Zyxel hardware, but I've heard of some very cases where they performed quite well. No idea of pricing, though.

amanzi:
Not saying that Cisco switches don't break, but I would definitely say that a desktop PC has a higher chance of a hardware failure over a Cisco router. I don't have any hard evidence to back that up, it's just based on my own experience.

Personal experience varies a lot indeed. So far, only one component on one of the firewalls I installed had issues: a D-Link NIC!

amanzi:
At the end of the day, it's what you feel comfortable with and how much risk you're willing to take. You seem to imply that because it's a DR connection, it's not that important - but in the event of a DR situation, it will be your most critical device. I'm just a fan of using the right tool for the right job. Sure, you may save a few hundred dollars now, but work out how much it will cost if that PC fails you in the event of DR.

Great way of putting it.




"Roads? Where we're going, we don't need roads." - Doc Emmet Brown

19 posts

Geek


  # 232202 7-Jul-2009 21:11
Send private message

We have hundreds of Zyxel routers and firewalls installed and in the 4 years I have been using them I would say they have been very reliable and great value for money. My previous post has a link with pricing. IPSEC tunnels to CISCO PIX or ASA devices are no problem and configuration is (relatively) straight forward. Campbell Software provide excellent over the phone help too.

836 posts

Ultimate Geek

Trusted

  # 232206 7-Jul-2009 21:32
Send private message

Zyxel are ok from personal experience. Regarding Cisco kit pricing to be fair this isnt apples to apple as you are compairing a new router with an install on an old pc. 2nd hand cisco vs old pc would be a more fair comparison - when you look at it that way it may be easier to stomach.


164 posts

Master Geek
+1 received by user: 5


  # 232213 7-Jul-2009 21:58
Send private message

I have used the draytek DV2910 before on a uns connection, they are very stable and easy to use. I have a spare one that is not being used if you want to borrow it and try it with your citylink connection.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.