dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
834
share rss forum feed

crussty

join:2013-03-25
Huntington Beach, CA

1 recommendation

Is USG right for me?

Hello all. I'm the new guy on the block and from the threads I've scanned, you all seem to be a great source of info on the Zywall's. Have not found my exact scenario, so I thought I'd explain what I'm trying to do and see if you guys can let me know if the USG is the right solution for me.

I have a FiOS connection with a block of 13 static IP's (96.x.x.2~14 w/ 96.x.x.1 as the gateway). This is on a business class connection to my home. The office/dev lab is a detached building from the main house.

So first, here's what I currently have:
I have the ONT going to a switch and distributing from there.
- 96.x.x.2 is for the FiOS Westell router; more or less just used as guest access or emergency Internet when everything else goes down.
-96x.x.x.3 goes to a netgear VPN router that servers the office (currently 192.168.254.x setup). The netgear of course hits a switch to feed the computers, etc. in the office, and a line is ran to the main house where it hits another switch and wireless access point to feed the house. This router also connects to my business partners home office via VPN (his subnet is 192.168.50.x).
- 96.x.x.4 is forwarded thru the netgear router to provide a public IP for our SBS Server (email, file server, share point, etc.)
- 96.x.x.5~13 is used for development hardware directly on the Internet. This come off the first switch at the ONT.
- 96.x.x.14 is unalocated.

What I would like to do is move the house out from behind the Netgear router onto it's own Asus 802.11ac router (currently used as the access point) using the unalocated .14 IP and on a 192.168.250.x subnet so it is isolated and has less points of failure for the wife to try to troubleshoot if I'm on the road, the Internet goes down and the office is locked up tight. But the kicker is I would like to be able to see what ever is behind the Netgear router from behind the Asus and vice versa (theoretically all IP's and all ports/traffic- everything from hitting the file server from the couch, to the kids printing on the office laser printer and maybe some iTunes library sharing... Oh and can't forget the DirecTV receivers in the house and office which need to play nice!).

So aside from ponying up for an L3 switch (which I'm told could do this nicely, but is out of budget...) I've been reading about the features of the Zywall and it seems like it could do this as well (and much cheaper too). I'm a little lost but it looks like using bridging mode, viritual servers or multiple DMZ's with some static routes- or some combination thereof, would let me doe this.

So my questions are,
- Is the Zywall USG the right tool for this? and if so
a- should I get the USG 20 or 50?
b- how the heck do I go about setting this up?

Many, many thanks in advance!



mozerd
Light Will Pierce The Darkness
Premium,MVM
join:2004-04-23
Nepean, ON

said by crussty:

you guys can let me know if the USG is the right solution for me.

I have a FiOS connection with a block of 13 static IP's (96.x.x.2~14 w/ 96.x.x.1 as the gateway). This is on a business class connection to my home.

So my questions are,
- Is the Zywall USG the right tool for this? and if so
a- should I get the USG 20 or 50?
b- how the heck do I go about setting this up?

- Yes
a - neither, you should consider the USG200 or my preference would be the USG300
b - hire >>> local to your geographic area >>> a network pro to help you and make sure that that pro understands the USG/SBS otherwise you'll waste a great deal of money. ZyXEL can probably suggest a resource for you to use -- just call their Tech Support and ask.
--
David Mozer
IT-Expert on Call
Information Technology for Home and Business

crussty

join:2013-03-25
Huntington Beach, CA

David,

Thanks for the suggestions, but unfortunately because this is a "want to do" not a "need to do", the USG200/300's are a little out of my price range; as is hiring someone.

I've got about a $250 cap on hardware to try to do this, and setup will be purely DIY with a little (lot) of help from the forums during the eveings and weekends when I can afford to take our network offline for trial and error.

Because of the price point and feature set, I was hoping the USG 20 or 50 would be my solution rather then buying a used/budget L3 switch.

Thanks.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to crussty

One question I have is the USG capable of being in multiple modes, bridging for some IPs and not for others???

Write off the expense as a buisness expense, your getting to the point that you need better gear whatever it may be.



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
Reviews:
·TekSavvy DSL
·Bell Fibe

1 recommendation

reply to crussty

See »USG series FW 3.00 Comparison

I would not go below USG50 for proof of concept assuming you have light traffic. For heavier traffic and production network USG200 or higher should do the trick.


crussty

join:2013-03-25
Huntington Beach, CA
reply to crussty

Thanks guys. I bit the bullet on the way home today and picked up an USC50 from Fry's. Figured it if doesn't work out, I always have 30days to return it... Unfortunately, write off or not, don't have the budget for anything more (barely had the budget for this at the moment...)

So that said, my first thing to do is spend the evening reading the user guide and trying to make sense of things. But if anyone has any pointers on specific areas to read up on, or ways to do this, I'd be grateful. From everything I've been catching online, it looks like there may be several ways to go about this.

Thanks!



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4

there are support notes one recent and two dated but still useful versions



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10
reply to crussty

Before you do anything upgrade to latest firmware »ftp://ftp.zyxel.com/ZyWALL_USG_50/firmware/



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to crussty

You should become familiar with saving your configurations in the maintenance section. Keep a copy on your desktop (its a basic text file) but that file will save your bacon. é
Also recomend setting up your primarly LAN and connections from a secondary Lan and hooking up the net once the primary LAN is working (from all connected computers, ie giving out IP addresses).
That way your not trying to troubleshoot with many variables simultaneously
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


crussty

join:2013-03-25
Huntington Beach, CA
reply to crussty

After spending time in the manual and user guides, a few quick questions that I am unclear on:

1. what is the difference between a virtual server and a 1:1NAT?
2. when would you use one vs the other?
3. how do policy routes play into this?

Thanks in advance!



Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:10

Check the built-in help! That's IMO best information resource on specific configuration items and has some general plus examples too.



Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:4
reply to crussty

Virtual Server is basically known as port forwarding. Typically used when you have servers but only one IP for the router. You would also need FW rules in conjuction.
1:1 NAT is used when assigning IPs (assuming your ISP has given you a block of them) to specific servers on your LANS. For these one would also apply FW rules.

Policy routes for the router are pretty much handled automatically now behind the scenes. They are designed to ensure you tell the router how to get traffic on your lans out to the net. They are only invoked once you stray from normal setups. In the case of 1:1 NAT I believe the router also automatically applies policy routes.

I have policy routes in my situation, for the following
a. dual wan so the policy route tells the router where to send lans output if the primary connection fails
b. routes to tell router that when users access email they are routed to the secondary WAN
c. any users assigned an L2TP Ip pool address --- upon entering the router from the outside, need their traffic to be sent out back to the L2TP tunnel when appropriate.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


u475700
Premium
join:2004-02-16
reply to crussty

You might find the tips compiled by Brano in this topic to be helpful:
»Secure your USG - quick how-to