| [Servers] Help with finding an appropriate router please! Hi Everyone. I'm looking for some help finding an appropriate router for a small business network. I'd prefer something not too complicated but with ample power and configurability. I'll admit it - I'm a tinkerer who can hold his own - but I'm not a network professional by any means. I tried to set up a decommissioned windows server box with RRAS and DHCP and failed miserably. I'd like to blame lack of patience, but I really had no clue where to start.
We're using Verizon FiOS business 150mbps plan, with 5 static IPs. Its a completely cat 6 gigabit network, and I'm looking for something that can handle the speed that we're paying for from verizon. It also has to be able to deal with giving the static IPs to the local servers (see proposed network diagram below). Something that can handle VPN is a plus.
For those of you who are unfamiliar with verizon, you need to use their Actiontec router to power the guide, remote dvr, etc for their set top boxes, so I'm going to keep it the same way I've got it currently working - the actiontec verizon router has its own external ip - its own separate internal network, just for the TVs over coax (MoCA). This seems to be working just fine as of now. I'm using dell powerconnect 2724 managed gige switches, and have 2 of them.
I think I got everything, let me know if I'm missing any info.
Thanks in advance. |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Do you mean the download speed is 150Megs... = transfer rate 18.75KB/s
At home I have a 30down and 30up plan. Just looking at FIOS yup, its 150Mbps down and 35Mbps up. Awesome!!
I am using a zyxel USG100 (rated up to 150Mbps - usually means it is an aggregate number ie includes both up and down so should support a 75-75 or 100-50 type connection in theory). The USG200 is rated at 200 and perhaps this a better match for your (150-35 combo). Its fairly easy to use, once you embrace the object oriented design.......... identify objects and then carry out instructions on those objects including policy routes - to determine flow of object related information. Free firmware upgrades and tech support (in California). 5yr warranty with the USG series.
I have an actiontech which I simply select (after turning wifi off), an RFC1483 transport bridge mode protocol available in the WAN settings on the action tech. Plug my router into it and voila it pulls an IP and Im off and running. Not sure if I mimicked the MAc address of the action tech, will have to check that.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | reply to dagwag77
Is it FFTH service??? |
|
| Yes, it is a fiber connection from Verizon FiOS Business.
I'll take a look at the Zyxel, thanks Anav - you happen to know if it will support routing the multiple static IPs? |
|
|
|
| reply to dagwag77
Site to site, remote access, or combination of both for your VPN?
Whereabouts within your network map were you thinking of putting this device? Where the
router / 172.16.1.1 is right now?
Regards |
|
| Remote access for the vpn, and yes, replacing the router thats currently at 172.16.1.1 |
|
| reply to dagwag77
For throughput and configuarability, you pretty much want to move up to the big iron, which
is going to be names like SonicWall (TZ-series), Juniper (SSG or SRX devices), Cisco (the
higher 800-series, 1900-series devices), etc. Expect to pay out the nose for the device
of course, and likely licence fees for the VPN client.
If you were to leave the setup as is, then you shouldn't have to worry about routing on the
static IPs, unless any device behind the new router is going to be addressed as such.
My 00000010bits
Regards |
|
| What do you guys think of the Cisco SRP541W?
»www.newegg.com/Product/Product.a···33150128 |
|
 mozerdLight Will Pierce The DarknessPremium,MVM
join:2004-04-23
Nepean, ON | reply to dagwag77
I would suggest that you follow Anav  recommendation .. From a value proposition perspective the ZyXel ZyWall USG 100 if you're user count is under 25 ot the USG 200 if you're user count is under 50 cannot be beat from a functional / price / service-support comparison against any other SMB brand. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3
2 edits | In this case I suggested the USG200 due to his throughput requirements. Nothing wrong with the CISCO unit that I can see. It has wifi in addition (which I prefer to run separately).
Suggest that before you buy any unit, you read through the user guides and support notes so as to compare and at least have your expectations and reality in sync.
We have FFTH fiber op here in our local area and I was reading recently how one chap removed the actiontech and replaced it with an ASUS rt-N56U model. There were two variations, one in which the unit provided both routing and TV functions and the variation that I preferred, a firmware config that provided tv control, and left a passthrough port for whatever router you wanted for internet.
Since my USG100 pulls an IP from the actiontech in bridge mode I am not sure if I will go this route (an extra cost for no reason). If I added TV then it would make sense. They report the TV functionality improved dramatically with the Asus.
Do you put your action tech in bridge mode? |
|
| Thanks for all the help. I'm looking at the ZyXel usg200, watchguard xtm 23 w or 330, and sonic wall nsa 240 or 250. I think I've got it narrowed down to those 3 - too many options... and the prices jump up over the 1k mark.
I'm not using the actiontec in bridge mode. It has its own external facing static ip, since verizon sells the statics in blocks, I have a few extra, so why not... The signal from the ONT is "split" via switch to the router/firewall and the actiontec. The 3rd party router/firewall handles assigning the remaining static ips (nat 1:1). |
|
| reply to dagwag77
said by dagwag77:Thanks for all the help. I'm looking at the ZyXel usg200, watchguard xtm 23 w or 330, and sonic wall nsa 240 or 250. When I said big iron, I wasn't thinking THAT big, but...
Was going to mention you may want to check the Sonicwall Live Demo here. Another
big killer can be you get the piece of gear and useability's in the crapper. I personally
don't use Cisco SB gear, but the good news is it's likely going to be nearly as easy as
your regular Linksys stuff config wise.
Regards |
|
| Haha, I figured that if I was going to drop a good amount of $ on a device, might as well be one that comes with a service contract for when I inevitably screw something up and something with enough juice to last me a bit as my other gear and services around it improve.
I've played around with the live demos and spoken with tech support for the three and I'm leaning towards the Watchguard. Now I just need to figure out the 23, 23w, or the 330. I really like the 505 but I don't think I'll grow into that, although I'd like to...
Thanks for all your help. |
|
mozerdLight Will Pierce The DarknessPremium,MVM
join:2004-04-23
Nepean, ON
2 edits | said by dagwag77:figured that if I was going to drop a good amount of $ on a device, might as well be one that comes with a service contract for when I inevitably screw something up and something with enough juice to last me a bit as my other gear and services around
Service and support is included in the price of the ZyWALL gear -- that's 5 years of Support included and covers parts, labour, configuration support, troubleshooting, firmware updates, etc.... Also if you're considering the Watchguard lineup you should then also compare that to the ZyWALL USG1000 or up from that --- the USG200 is not in the same class as the Watchguard stuff.
Infoworld review of the USG1000
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business |
|
| Just wanted to follow up, finally went with a Watchguard 505. Seems like a pretty solid piece of hardware.
Thanks for all the help. |
|
| reply to dagwag77
How much was the final bill dagwag77?
6GigE interfaces, 850Mbps thruput, 40K sessions... yeah, that should
last awhile, don't you think? 
Regards |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | He did say small business.
XMT505 Recommended for main offices/ headquarters with up to 1,500 users.
»www.scmagazine.com/watchguard-te···ew/3461/
Unit plus Security Bundle 1 year - WG505031
List Price: $1,790.00
Special: $1,115.00
Unit plus Security Bundle 3 year - Application Control and Reputation Enabled Defense #WG505033
List Price: $2,870.00
Special: $1,789.00
I would definitely go for the three year security bundle!!
Hey you can upgrade the 505 to their other models, great flexibility, in case your business balloons over 1500 employees.
Please Note: Model upgrades can only be applied to appliances with less than 1 year of services. Please contact us for a quote on appliances with more than 1 year of services.
For examplee...
X505 to X510 #WG017880
List Price: $2,485.00
Our Price: $1,739.00
X505 to X520 #WG017881
List Price: $5,380.00
Our Price: $3,766.00
Yeah that X520 is the one that I would go for, you never know how fast you might grow.
Do agree it appears to be verrry nice.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
| said by Anav:He did say small business.
XMT505 Recommended for main offices/ headquarters with up to 1,500 users.
Yeah, that threw me too. Considering its listed for "main offices/headquarters". I think the more appropriate measure is to look at the throughput. Why would I buy a device that isn't going to put through all the bandwith I'm paying Verizon for? Even if we aren't 1500 people.
What the website doesn't tell you is that those throughput speeds are bi-directional, and you really want to look at the XTM throughput (whats the point of the device without the security software).
said by HELLFIRE:6GigE interfaces, 850Mbps thruput, 40K sessions... yeah, that should
last awhile, don't you think?
With the 505 and the security bundle running, I'm only seeing about 135 mbps down. So - I may be upgrading to the 510. Whats nice about the watchguard stuff is that you upgrade within the model line (505 -> 510 -> 520, etc.) without a hardware upgrade.
For those of you wondering about pricing, guardsite.com has pretty much the best watchguard pricing out there, though I'm using a different provider. The 505 with 1 yr bundle is $1115, 3 year bundle is $1789 and the 510 with 1 yr bundle is $1789, 3 yr bundle is $3169. |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | I agree its a smart modelling scheme. Throw in misleading throughput so as to encourage an upscale of routers within the allotted time period. Great bargain!!
The Asus RT N56U has throughput speeds in the order of 800Mbps and 35,000 connections, but its a home router 
»www.smallnetbuilder.com/lanwan/r···rts/view |
|
| reply to dagwag77
said by dagwag77:What the website doesn't tell you is that those throughput speeds are bi-directional, and you really want to look at the XTM throughput (whats the point of the device without the security software). Bidirectional, packet size, IMIX, etc.... Test to YOUR environment. My personal
favorite is get two or more PCs with GigE NICs and firing up IPERF streams till
a) the Windows Network graph is maxed out or b) the device lights on fire. Plus
its an amusing way to spend a lazy weekend doing something to soothe the inner
geek
Regards |
|
