Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
Which software router are you looking at? Coyote? Most of the software routers I have used are no longer being supported or developed.
The choices in hardware router/firewall devices are not that great. I've been using a Zyxel 1000G for a few years and it has been, mostly, reliable. I've had it get wonky and require a reboot twice in 6 years. The interface is very very different...completely object-oriented. Fortunately Zyxel provides excellent tech support, they'll even log in to your router and configure it for you if needed.
I don't think you'll run into any throughput issues with your load on any device, or software-based system.
Mike Copeland
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
Which software router are you looking at? Coyote? Most of the software routers I have used are no longer being supported or developed.
Nothing has been recommended by our consultants yet. I'm trying to prepare in advance.
The choices in hardware router/firewall devices are not that great. I've been using a Zyxel 1000G for a few years and it has been, mostly, reliable. I've had it get wonky and require a reboot twice in 6 years. The interface is very very different...completely object-oriented. Fortunately Zyxel provides excellent tech support, they'll even log in to your router and configure it for you if needed.
The CISCO was rock solid for quite a while. However, a couple years ago its memory failed and was replaced with a used substitute. Since then we've had to cycle the power on it about once every 2-3 months to restore connectivity.
Its web interface is horrendously byzantine in terms of its "security" features, which did not behave well in IE, and even worse in Firefox. It could take 10-15 minutes of going through various windows and resubmitting credentials before it would give up the goods and show me something.
I don't think you'll run into any throughput issues with your load on any device, or software-based system.
That's good to know.
Thanks very much, Mike.
Ken
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
I've had good luck with the RV042G router/firewall, part of the Cisco Small Business line of routers. I have one location with 60 systems routed through a single RV042G without any hiccups or complaints. The RV042G is getting long in the tooth though, and I would love to find a sub-$200 router/firewall that would handle the work. Maybe the Cisco RV320K9?
I've also used one of the TPLink boxes and had issues getting a box that worked. The other problem is that it seems like every router/firewall has WIFI built in whether you want it or not, you pay for it. I've already got WIFI taken care of, thanks very much!
I've purchased and attempted to configure a Ubiquiti EdgeRouter, which gets rave reviews, is exceptionally low priced, but WOW what a pain to configure! But from what I can tell, the Ubiquiti product line is worth some effort and I do hope they'll improve their UI for the configuration. If anyone else has experience with a Ubiquiti router, I'd love to chat!
Mike Copeland
Ken Dibble wrote:
Which software router are you looking at? Coyote? Most of the software routers I have used are no longer being supported or developed.
Nothing has been recommended by our consultants yet. I'm trying to prepare in advance.
The choices in hardware router/firewall devices are not that great. I've been using a Zyxel 1000G for a few years and it has been, mostly, reliable. I've had it get wonky and require a reboot twice in 6 years. The interface is very very different...completely object-oriented. Fortunately Zyxel provides excellent tech support, they'll even log in to your router and configure it for you if needed.
The CISCO was rock solid for quite a while. However, a couple years ago its memory failed and was replaced with a used substitute. Since then we've had to cycle the power on it about once every 2-3 months to restore connectivity.
Its web interface is horrendously byzantine in terms of its "security" features, which did not behave well in IE, and even worse in Firefox. It could take 10-15 minutes of going through various windows and resubmitting credentials before it would give up the goods and show me something.
I don't think you'll run into any throughput issues with your load on any device, or software-based system.
That's good to know.
Thanks very much, Mike.
Ken
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
On Wed, Dec 21, 2016 at 5:09 PM, Mike Copeland mike@ggisoft.com wrote:
I've purchased and attempted to configure a Ubiquiti EdgeRouter, which gets rave reviews, is exceptionally low priced, but WOW what a pain to configure! But from what I can tell, the Ubiquiti product line is worth some effort and I do hope they'll improve their UI for the configuration. If anyone else has experience with a Ubiquiti router, I'd love to chat!
A couple of the local LUGs have had some discussions about Ubiquiti. The hardware specs sound good, but there were some concerns about GPL violations, and specifically, some changes Ubi made that introduced security flaws and were not released as source code. This was a while ago, so you might want to check for updates to these issues.
Thank you, Ted!
Mike
Ted Roche wrote:
On Wed, Dec 21, 2016 at 5:09 PM, Mike Copeland mike@ggisoft.com wrote:
I've purchased and attempted to configure a Ubiquiti EdgeRouter, which gets rave reviews, is exceptionally low priced, but WOW what a pain to configure! But from what I can tell, the Ubiquiti product line is worth some effort and I do hope they'll improve their UI for the configuration. If anyone else has experience with a Ubiquiti router, I'd love to chat!
A couple of the local LUGs have had some discussions about Ubiquiti. The hardware specs sound good, but there were some concerns about GPL violations, and specifically, some changes Ubi made that introduced security flaws and were not released as source code. This was a while ago, so you might want to check for updates to these issues.
[excessive quoting removed by server]
My consultant is proposing some species of Sophos UTM, which I can purchase as hardware only, without an ongoing subscription service, if all I want is ordinary router/firewall capability. (Subscriptions are required for various add-on functions such as anti-malware protection, a built-in VPN, and/or URL blocking, among other things.)
Does anyone have experience with Sophos devices?
Also, what would you recommend for a free (as in beer) VPN application, so I can avoid paying a subscription for that? This would only be used occasionally, to provide remote access to our VMWare management software in the event of an emergency that prevents me from physically reaching our building. (The consultant recommends against installing the vSphere client on our RDP server as dangerously insecure.) I know there are several out there. What have you used and why have you used it?
Thanks very much for all of your responses so far. They've all been useful in helping me to understand the "modern" state of routers and firewalls.
Ken Dibble www.stic-cil.org
Which software router are you looking at? Coyote? Most of the software routers I have used are no longer being supported or developed.
Nothing has been recommended by our consultants yet. I'm trying to prepare in advance.
The choices in hardware router/firewall devices are not that great. I've been using a Zyxel 1000G for a few years and it has been, mostly, reliable. I've had it get wonky and require a reboot twice in 6 years. The interface is very very different...completely object-oriented. Fortunately Zyxel provides excellent tech support, they'll even log in to your router and configure it for you if needed.
The CISCO was rock solid for quite a while. However, a couple years ago its memory failed and was replaced with a used substitute. Since then we've had to cycle the power on it about once every 2-3 months to restore connectivity.
Its web interface is horrendously byzantine in terms of its "security" features, which did not behave well in IE, and even worse in Firefox. It could take 10-15 minutes of going through various windows and resubmitting credentials before it would give up the goods and show me something.
I don't think you'll run into any throughput issues with your load on any device, or software-based system.
That's good to know.
Thanks very much, Mike.
Ken
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
A reminder that a a VPN is a "Virtual Private Network" and when you connect to another network, you are connecting as if your machine is part of that network, and sometimes, your network is part of theirs, too. For your work environment, this might not be a threat, but I know I have clients whose work environment is not one I consider sanitary enough to connect to.
I'd suggest OpenVPN for you, Ken: https://en.wikipedia.org/wiki/OpenVPN
(For some of my clients, we've got a Linux box in their network, and can connect over ssh using Linux native tools or Putty on Windows, and then RDP or VNC to share screens without sharing networks. Other folks here have recommended stunnel, too.)
On Tue, Jan 10, 2017 at 2:35 PM, Ken Dibble krdibble@stny.rr.com wrote:
My consultant is proposing some species of Sophos UTM, which I can purchase as hardware only, without an ongoing subscription service, if all I want is ordinary router/firewall capability. (Subscriptions are required for various add-on functions such as anti-malware protection, a built-in VPN, and/or URL blocking, among other things.)
Does anyone have experience with Sophos devices?
Also, what would you recommend for a free (as in beer) VPN application, so I can avoid paying a subscription for that? This would only be used occasionally, to provide remote access to our VMWare management software in the event of an emergency that prevents me from physically reaching our building. (The consultant recommends against installing the vSphere client on our RDP server as dangerously insecure.) I know there are several out there. What have you used and why have you used it?
Thanks very much for all of your responses so far. They've all been useful in helping me to understand the "modern" state of routers and firewalls.
Ken Dibble www.stic-cil.org
Which software router are you looking at? Coyote? Most of the software routers I have used are no longer being supported or developed.
Nothing has been recommended by our consultants yet. I'm trying to prepare in advance.
The choices in hardware router/firewall devices are not that great. I've been using a Zyxel 1000G for a few years and it has been, mostly, reliable. I've had it get wonky and require a reboot twice in 6 years. The interface is very very different...completely object-oriented. Fortunately Zyxel provides excellent tech support, they'll even log in to your router and configure it for you if needed.
The CISCO was rock solid for quite a while. However, a couple years ago its memory failed and was replaced with a used substitute. Since then we've had to cycle the power on it about once every 2-3 months to restore connectivity.
Its web interface is horrendously byzantine in terms of its "security" features, which did not behave well in IE, and even worse in Firefox. It could take 10-15 minutes of going through various windows and resubmitting credentials before it would give up the goods and show me something.
I don't think you'll run into any throughput issues with your load on any device, or software-based system.
That's good to know.
Thanks very much, Mike.
Ken
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
I like the Opera browser and I have been using it a lot lately since they offer a free VPN that will activate automatically when you open the browser. One issue so far is that some web sites can recognize that you are using a VPN and they won't respond.
On 1/10/2017 12:27 PM, Ted Roche wrote:
A reminder that a a VPN is a "Virtual Private Network" and when you connect to another network, you are connecting as if your machine is part of that network, and sometimes, your network is part of theirs, too. For your work environment, this might not be a threat, but I know I have clients whose work environment is not one I consider sanitary enough to connect to.
I'd suggest OpenVPN for you, Ken: https://en.wikipedia.org/wiki/OpenVPN
(For some of my clients, we've got a Linux box in their network, and can connect over ssh using Linux native tools or Putty on Windows, and then RDP or VNC to share screens without sharing networks. Other folks here have recommended stunnel, too.)
On Tue, Jan 10, 2017 at 2:35 PM, Ken Dibble krdibble@stny.rr.com wrote:
My consultant is proposing some species of Sophos UTM, which I can purchase as hardware only, without an ongoing subscription service, if all I want is ordinary router/firewall capability. (Subscriptions are required for various add-on functions such as anti-malware protection, a built-in VPN, and/or URL blocking, among other things.)
Does anyone have experience with Sophos devices?
Also, what would you recommend for a free (as in beer) VPN application, so I can avoid paying a subscription for that? This would only be used occasionally, to provide remote access to our VMWare management software in the event of an emergency that prevents me from physically reaching our building. (The consultant recommends against installing the vSphere client on our RDP server as dangerously insecure.) I know there are several out there. What have you used and why have you used it?
Thanks very much for all of your responses so far. They've all been useful in helping me to understand the "modern" state of routers and firewalls.
Ken Dibble www.stic-cil.org
Which software router are you looking at? Coyote? Most of the software routers I have used are no longer being supported or developed.
Nothing has been recommended by our consultants yet. I'm trying to prepare in advance.
The choices in hardware router/firewall devices are not that great. I've been using a Zyxel 1000G for a few years and it has been, mostly, reliable. I've had it get wonky and require a reboot twice in 6 years. The interface is very very different...completely object-oriented. Fortunately Zyxel provides excellent tech support, they'll even log in to your router and configure it for you if needed.
The CISCO was rock solid for quite a while. However, a couple years ago its memory failed and was replaced with a used substitute. Since then we've had to cycle the power on it about once every 2-3 months to restore connectivity.
Its web interface is horrendously byzantine in terms of its "security" features, which did not behave well in IE, and even worse in Firefox. It could take 10-15 minutes of going through various windows and resubmitting credentials before it would give up the goods and show me something.
I don't think you'll run into any throughput issues with your load on any device, or software-based system.
That's good to know.
Thanks very much, Mike.
Ken
Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
I just set up a spare user account on Windows with Firefox (other browsers are available!) set to use a proxy to a NAS box on my home setup; just swap users, open Putty, SSH (private key) to the NAS, and use Firefox on the local desktop. I have yet to find a site that can detect I'm using a proxy. Alternatively there are proxy-swapping add-ons for most browsers. p.s. I always have a big question-mark as to what commercial security packages offer that isn't adequately done by Windows Defender/Firewall.
On 11-Jan-2017 4:18 AM, Ken McGinnis wrote:
I like the Opera browser and I have been using it a lot lately since they offer a free VPN that will activate automatically when you open the browser. One issue so far is that some web sites can recognize that you are using a VPN and they won't respond.
<snip>
p.s. I always have a big question-mark as to what commercial security packages offer that isn't adequately done by Windows Defender/Firewall.
For one thing, the anti-malware packages allow centralized network administration and reporting, so that I, as network administrator, can get email notifications and look at activity reported from every machine, as well as block URLs globally.
Ken Dibble www.stic-cil.org
I briefly checked into Sophos, but found that to be overkill for our needs. We settled on pfSense which is available as an ISO, a virtual appliance and on hardware (it's open source). It supports ipSec and OpenVPN tunnels for external access. It does have firewall capabilities mostly based on port rules and stateful inspection:
https://www.pfsense.org/about-pfsense/features.html
Dedicated hardware is needed if you have a lot of traffic like in a switch where the theoretical throughput is 1 Gbit times half the number of ports or for a heavily used VPN gateway. But for a router/firewall the bottle neck is likely the internet connection rather than the computer. A regular PC is more powerful than most hardware that is built into physical routers.
At the risk of stating the obvious, all routers are software running on hardware, just that some you get to choose the hardware, others come with their own compact two/three nic computer pre-loaded with a cut-down OS (usually BusyBox) and proprietary routing software. I was reading some months ago an article (El Reg?) which claimed that many of the proprietary offerings have known unpatched flaws (try Google for info). Anecdotally, +1 for Zyxel - I have had no problems over many years, also Asus. I suspect that no-one ever got fired for buying Cisco, I also suspect you pay for the name.
On 21-Dec-2016 11:51 PM, Ken Dibble wrote:
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
Ken, We use a pair of Sonicwall Network Security Appliances which are due for renewal and we are upgrading to the latest ones. They are completely seamless, fit in with active directory no problem and are very configurable. Recommended but not cheap!
Dave
-----Original Message----- From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of Ken Dibble Sent: 21 December 2016 18:22 To: profox@leafe.com Subject: [NF] Hardware vs Software Router/Firewall Recommendations
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
+1
-----Mensaje original----- De: ProFox [mailto:profox-bounces@leafe.com] En nombre de Dave Crozier Enviado el: jueves, 22 de diciembre de 2016 9:34 Para: ProFox Email List Asunto: RE: [NF] Hardware vs Software Router/Firewall Recommendations
Ken, We use a pair of Sonicwall Network Security Appliances which are due for renewal and we are upgrading to the latest ones. They are completely seamless, fit in with active directory no problem and are very configurable. Recommended but not cheap!
Dave
-----Original Message----- From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of Ken Dibble Sent: 21 December 2016 18:22 To: profox@leafe.com Subject: [NF] Hardware vs Software Router/Firewall Recommendations
Hi folks,
Looks like our "ancient" (2008) CISCO router has died.
I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.
Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices). We have a 10 GB switch for virtual server/storage connectivity.
We do not host external (internet) email or websites on our network.
We've had slow growth in the number of machines and users (+/- 5% per year) over the past decade.
We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.
My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device. However, is the difference so significant for a network like mine as to rule out a cheaper software solution?
Do you have preferences for specific devices or software packages?
What do you all think?
Many thanks.
Ken Dibble www.stic-cil.org
[excessive quoting removed by server]
-
AndyHC -
Dave Crozier -
José Enrique Llopis -
Ken Dibble -
Ken McGinnis -
Mike Copeland -
Ted Roche -
Wollenhaupt, Christof