Sunfox
join:2003-12-14
Markham, ON | Dual WAN routers, take 5... I have a love-hate relationship with my Zywall 35. I love its features, I hate the fact that it keeps breaking down on me... and I hate even more that for the past 3 times its broken, it starts working perfectly again just as I decide on a replacement.
Well, it's started acting funky again for the fifth time in a couple of years. Every 5 minutes or so (almost like clockwork) it goes unresponsive for 10 seconds or so. The rest of the network continues operating fine, it's just the Zywall that bombs out (and if I'm playing a game I always die, and that's just getting super frustrating).
At any rate, sometime last year I purchased an D-Link DSR-500N as a replacement. Alas, it has a number of bugs that haven't been resolved, and is missing a number of things that I love on my Zyxel, and when the ZW35 suddenly started working again the D-Link sat unused for about 6 months. A couple of months ago I decided to get *some* use out of it, purely for 802.11n WiFi (upgrading my old Linksys 802.11g system), and it's actually been pretty reliable at that (although its user interface is deathly slow).
I have one critical group of features that seem to be impossible to find on a router (except, of course, on my ZW):
1) I want Dual WAN
2) I want a kind of spillover load balancing mode, where the secondary WAN is *not* used for normal connections, but *is* active. Ideally I could route traffic to the second WAN after the first reaches a certain volume.
3) I want to be able to policy route certain ports to a particular WAN interface and *not* have them fall back to the other WAN.
The problem I'm finding, is that every single dual WAN router (except for expensive, subscription-based products) only offer two basic operation modes:
1) Active Round Robin (weighted or non)
2) Backup/Failover
The problem is, if the router is set to failover mode... then you can't policy route any traffic onto the "backup" connection. And if you chose active mode, then traffic is forced to alternate between the two WAN interfaces (the D-Link didn't even have a setting to keep a host on a particular IP for a little while). I discussed this with D-Link technical support, and the suggestion was to manually policy route every single possible service type to a particular WAN port. Yeah, right.
The simplest solution would be to go with another Zyxel. But for some inane reason they refuse to support UPnP, and I have a few applications where UPnP support is essentially required.
The other router I was looking at was the Draytek 2920N, which was recommended to me the last two times the Zyxel failed. Except I was reading through the manual tonight, and once again I can only find "weighted load balancing" and "backup" modes, and I'm suspicious based on the manual's verbage that you can't policy route to a connection in "backup" state.
Are there any other viable options? I kinda wish I had never bought the Zywall, because then I wouldn't have grown dependant on its apparantly unique feature set! |
|
 AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | USG 50 by zyxel hee hee |
|
Sunfox
join:2003-12-14
Markham, ON | You again! I already blame you for introducing me to Zyxel, a brand I had been content to forget after the days of 14.4 analog modems! 
At any rate, the USG50 does seem to be the most "direct" replacement for the ZW35, although I'm not sure it will have the SPI performance for two fast connections (assuming the rated 180 is really 90 max in one direction)... but I'd have to go all the way to the 200 to improve upon that.
The USG50/100/200 does have all the useful features of the ZW35, right? |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | Well the rating is for two way, so its 90-90 or 100-80 and so on..... I use the USG 100 on a 30-30 connection with no probs.
Well one would think that the usg is zywall plus plus but its a move to linux based OS and a cisco like object oriented design gui. So there will be some issues or gaps regardless.
In any case, it appears for the most part to have everything and a whole lot more. |
|
 NightfallMy Goal Is To Deny YoursPremium,MVM
join:2001-08-03
Grand Rapids, MI | reply to Sunfox
I had a Linksys RV082 and those are great dual wan routers. A little dated, but man, solid as a rock.
--
My domain - Nightfall.net |
|
|
|
| reply to Sunfox
»store.netgate.com/Netgate-m1n1wa···C83.aspx
Be sure to get the red one.
--
db |
|
 aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2 | reply to Sunfox
Maybe this will help.
»www.dualwanguide.com/ddwrt_dual_wan.html
? |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | One configures the load balancing in the USG series in the COnfig Menu under, submenu Interface under the TRUNK tab.
I have a 30 30 fibre op connection and a 1.5down and a 0.725up backup cable connection. I am using spillover.
The order you put the wan connections delineates which has priority.
As an aside, I used policy routing to force any connections to the Cable company email servers out the corrrect WAN, opposite to what is normally used. I also did this for an RDP purpose . Lots of flexibility and control!!!
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"
LlamaWorks Equipment |
|
 mozerdLight Will Pierce The DarknessPremium,MVM
join:2004-04-23
Nepean, ON | reply to Sunfox
said by Sunfox:I have a love-hate relationship with my Zywall 35. I love its features, I hate the fact that it keeps breaking down on me... and I hate even more that for the past 3 times its broken, it starts working perfectly again just as I decide on a replacement. The trials and tribulation suffered by Sunfox  
My suggestion is go with the ZyWALL USG 100 -- for the money [the value proposition] there is NOTHING out there that may compare -- NOTHING.
But be warned that if you go with the USG 100 there is a lengthy leaning curve leaning how-to configure stuff in an object oriented interface -- and this is no trivial task. However, the granularity and extensibility is remarkable once you've mastered the nuances.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business |
|
AnavSarcastic Llama? Naw, Just AcerbicPremium
join:2001-07-16
Dartmouth, NS
kudos:3 | If the tard from the backwater Nepean can do it, then Im sure you will have no issues. More to the point, the trained llama ( a hobbyist at best) can do it..........
You may also wish to look at Sonic wall 100 series it has good specs but your TC will be higher (bang for buck will be less). |
|
Reviews:
 ·Fairpoint Commun..
 ·Verizon FiOS
| reply to Sunfox
There is still the OP's UPnP issue. I use firewall rules and port forwarding for BT in lieu of UPnP (which is somewhat of a greater security hazard), but I don't know if this will work for the OP's purposes.
There is a mechanism explained in the USG Notes available from ZyXEL for cases where a game, say, wants to establish some particular open port based on a response from a server. I haven't delved into this.
Note USG 50 web GUI sometimes hangs with a nominally configured 3.6.24 Firefox on Ubuntu, but can be accessed in private browsing mode when this happens. I haven't worked out all of the parameters of this issue yet to determine the degree of annoyance that is intrinsic to this combination of software.
Otherwise, I think the router is superb.
kirby
Running Deluge through ZyXEL USG 50 2 X 30/15 FiOS/FAST |
|
Reviews:
 ·link2voip
·TekSavvy DSL
| reply to Sunfox
pfsense (which comes preinstalled on the Netgate I linked for you) meets all your requirements, including UPnP. Is $225 too rich for you? A little reluctant to drop the cash for something you're not familiar with? pfsense is a free download and runs on any old computer, or in a virtual machine. Try it before you buy dedicated hardware, or don't buy dedicated hardware at all.
I like to link to Netgate because it's a ready-made plug-and-play router, but you can enjoy pfsense without spending a dime if you don't mind doing the setup work, which isn't terribly complicated, really.
--
db |
|
mozerdLight Will Pierce The DarknessPremium,MVM
join:2004-04-23
Nepean, ON
1 edit | said by clarknova:pfsense (which comes preinstalled on the Netgate I linked for you) meets all your requirements, including UPnP. I like pfsense and I agree that pfsense provides significant capabilities and value -- superb value in-fact -- what I do not like is the ongoing cost associated with running a pfsense box like an old PC or such -- most PC's cost a lot more in electricity costs than a unit like the USG100. Yep electricity costs money and a typical PC consumes a lot more electricity. And yes one can build a superb UTM/firewall using a modern PC with pfsence. And if integration of UTM services is of concern then one can consider Untangle [exploiting the Debian OS] -- the free version that does most of the work for U.
In today's environment I would NOT buy any firewall appliance that did not provide quality Gigabit ports for all interfaces. Plus when one adds in UTM services the appliance must have the horsepower to handle such services without negative bandwidth impacts. And, IMO, UTM services are important to exploite even for the lowly home LAN/WLAN.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business |
|
Reviews:
·link2voip
·TekSavvy DSL
| said by mozerd:In today's environment I would NOT buy any firewall appliance that did not provide quality Gigabit ports for all interfaces. Plus when one adds in UTM services the appliance must have the horsepower to handle such services without negative bandwidth impacts. And, IMO, UTM services are important to exploite even for the lowly home LAN/WLAN.
»soekris.com/products/net6501.html
Problem solved. I'm sure the 6501 would run Untangle as well as it does pfsense.
--
db |
|
Sunfox
join:2003-12-14
Markham, ON | That does look like nice hardware... now if only someone actually sold that in a manner that could get support! |
|
Reviews:
·link2voip
·TekSavvy DSL
| I've used Soekris support (I have a 5501) and they go above and beyond. The mailing list is also incredibly helpful. Of course there are support avenues for whatever software you run on it to, such as the pfsense forums and mailing list.
--
db |
|
| reply to Sunfox
If you're that turned off from Zywall, but willing to spend alittle more dough, what about
the following devices?
SonicWall TZ series
- all GUI based config, live demo here
Netgear SRX5308
Juniper SSG-5
Cisco SA5xx series
Cisco RV0xx series
Cisco 89x model router
If you're an Ebay scavenger type, you could always look for older equipment, some off
the top of my head would be a PIX515E or higher with multi interface or Netscreen-25
or higher, which would fit the bill.
The downside on all the gear above is of course a) cost, b) support, and c) the fact
that most enterprise pieces of kit don't support UPNP.
If you were to get the Cisco 800-series or PIX, there's dual wan configs in the Cisco
forum here on DSLR you could easily crib.
Just my 00000010bits.
Regards |
|
Sunfox
join:2003-12-14
Markham, ON | Does the SonicWall not require yearly payments for firmware updates (AKA "support")? Looks like $115/year for the TZ200 or $155/year for 210.
When I looked at the Netgear SRX5308 when it came out in 2010 (yup, I've been looking for a new router at least that long), the only load balancing options were Round Robin and general Failover (tech support confirmed this). Has that changed in newer firmware?
I have to look closer at the Juniper.
I know the Cisco RV models are generally recommended. Although I think there was some reason why I didn't go with them. Can't recall though, will have to re-check.
Took a look at the SA520... don't see any load balancing options besides the stock RR/FO. Wish I knew why this is such a unique feature to find.
Having difficulty finding the 89XX series. I can only find Cisco IP phones with that model number, and there's no 89XX mentioned on Cisco's router or security pages.
Thanks for the options! |
|
Reviews:
·link2voip
·TekSavvy DSL
| reply to Sunfox
said by Sunfox:That does look like nice hardware... now if only someone actually sold that in a manner that could get support!
I should have mentioned too that the pfsense developers also sell commercial support, but I've used pfsense professionally for a couple years now and never seen the need, owing to the quality of the forums and mailing list.
--
db |
|
Sunfox
join:2003-12-14
Markham, ON | The problem I have with pfsense... is I can't tell how good it is. When I go to their site, I see the current version is 2.x, but all of the documentation is (at best) for version 1.2 and dated 2009. And then when I look at the instructions on how one is supposed to set up MultiWAN (»doc.pfsense.org/index.php/Multi-···on_1.2.x) ...I'm not left wowed. |
|
