dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
700
share rss forum feed

mejohnm

join:2013-01-20

Interested in Zyxel

Hello all,

I have been researching which firewall to get for my company. I am planning to use it on a 150/50 line. There will be some servers such as Exchange, SharePoint, and other Servers which will be running. I thought of the USG 50 would be okay for my needs but I am not 100% sure. I have already downloaded the manual and have read it throughly. Just want to be sure the unit can handle the line speed. What is your thoughts?



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

How may users will you be supporting from the inside/outside?

The fact that you will be running Exchange, SharePoint and other servers requires that you look at the traffic loads expected.

If you're doing this for a business then the USG300 should be your starting point.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business


mejohnm

join:2013-01-20

Users are around 20 so very small company, start-up type. The point of having the servers is because that is our job to admin and to program these servers. We figured that if we can show some of our stuff during sale meetings, which will require about 5 VPN connections (probably 3 max at that same time), then we could have a better chance of getting a positive answer from customers.

We have been running VM's in our machines, but we want a central place to "show" what we can do.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

USG300 seems to be the right choice. For more details and comparison refer to »USG series FW 3.00 Comparison



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to mejohnm

Well it depends.......
The USG 100 is what I would recommend simply it has a bit of growth for you on the VPN side, handles double the number of connections over the 50. It will handle the throughput for a straight connection but you would be hard pressed to find a plugNplay device for cheap that can do VPN with the throughput your looking for. You would have to jump to the 1000 model for example. Zyxel did have the basic VPN firewall for high throughput but VFG6005 but obviously didnt sell well is its now legacy and it was nowhere near as nice in terms of software fidelity or control (not USG firmware).
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to mejohnm

Why would the 300 be more cost effective for what he needs???


mejohnm

join:2013-01-20

Well, I am looking at the specs. Max. Concurrent IPSec VPN Tunnels with USG 50 is 10 and Max. Concurrent SSL VPN Users is 5 Users. That could force us into problems. The USG 100 looks better with Max. Concurrent SSL VPN Users at 25 users. Of course while the throughput while services are running is also something we are looking at, the price is also a big factor here.


mejohnm

join:2013-01-20
reply to mejohnm

My question is, with the USG 100, will the users be able to use the full 150/50 line while only firewall services are running and then lets say 5 VPN users are also connected?



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
reply to mejohnm

All the speeds ZyXel is posting are cumulative both ways, so if you want to calculate your download speed divide the number by two. ... which brings you to USG300 for your requirements.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5
reply to mejohnm

said by mejohnm:

My question is, with the USG 100, will the users be able to use the full 150/50 line while only firewall services are running and then lets say 5 VPN users are also connected?

Good question. Which for me translates into a more specific question. Does the rated VPN throughput of the router affect all connections or just the VPN connections? So a throughput of two way throughput of 225 (which should be able to handle a 150+50 = 200) according to the spec sheet is brought down to 90 by VPN traffic. Which means its unable to take full advantage of the ISP.

Not sure where you all are getting your numbers but your smoking crack as the only router that can handle the VPN traffic at full throughput of his connection is the 2000. The 300 has no special magic I think you guys are drinking coolaid.

A note to the poster, exactly why I proposed the 100 vice 50 was the increase in SSL VPN and IPSEC connections capability (10 to 50 for ipsec, and 5 to 25 for SSLVPN). Keep in mind zyxel stock firmware provides only 2 SSLVPN connections on all models up to and including usg 300 and thus you have to purchase an upgrade license to get more (no limits on stated max ipsec connections though).

The USG 300 rated VPN throughput is 130 total (up and down added) and thus it does NOT meet the 200 (150+50) of the ops ISP capabilitity.

The USG 1000 is closer at 180 and the 2000 is the clear winner at 600 with some caveats.

The real question is how much is practical and thus I concluded the USG 100 provided the number of VPN connections needed and the Firewall throughput that could use all of his BW. VPN tunnerl throughput is too expensive of a model (at least for zyxel) to match his ISP capability. I have a fibre op 50 down 30 up and my speed are GRRREEEAAT. So not sure how much faster he needs??
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment

mejohnm

join:2013-01-20

Tell you the truth, today I saw a cable business provider at 128 / 10 that I will get and save some money.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 edit
reply to Anav

Right, VPN is always slower and it for mostly depends on the CPU speed (encryption speed and cipher used). USG VPN throughput is rated using AES and it's worth mentioning USG line has special encryption chip ZyXel SecuASIC to do the encryption calculation thus offloading main CPU to do other things.



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON
reply to mejohnm

said by mejohnm:

Users are around 20 so very small company, start-up type. The point of having the servers is because that is our job to admin and to program these servers. We figured that if we can show some of our stuff during sale meetings, which will require about 5 VPN connections (probably 3 max at that same time), then we could have a better chance of getting a positive answer from customers.

Since you will be exploiting collaboration services you need to comprehend traffic patterns and the load those collaborative services will place from the various demands placed against your servers. Will you be utilizing VoIP and if yes what is the worst case scenario you expect.... VoIP IS REAL TIME as are some colaborative services and the one thing that you do not want is to have bottlenecks that will drive your users to hate you.

AS I stated before your starting point is the USG300 .... But if you do not do a proper load analysis you might as well shoot craps.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

mejohnm

join:2013-01-20

There will be no VoIP running in this system.



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

said by mejohnm:

There will be no VoIP running in this system.

In that case you could then consider the USG200.

If you will have concurrent streaming services running the rate of concurrency will determine how quickly your bandwidth will saturate -- so I would not be so quick to discount your 150/50 line. In the world of technology you never have enough bandwidth.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

mejohnm

join:2013-01-20

This morning I ordered the 128dn/10up line. For around 80 Euros, I might get the same for my own home. We will cancel the other line and look for another WAN connection at a later date. I will do some comparing between the USG 100 and 200, and then of course talk to the others.