Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Need a VPN capable Firewall/Router

Posted on 2004-10-20
Medium Priority
Last Modified: 2010-04-12
Okay, here goes (first time posting a question)

I need to purchase a Firewall/Router that will allow multiple concurrent VPN connections from different locations.  I have employees that travel and need access to the Office LAN.  As of now I have a Netgear FVS318 ProSafe Firewall/Router, but it only supports 8 IPSEC connections.  I want to put the new Firewall/Router "behind" the FVS318 (supports 100 IPSEC connections) to create a sort of DMZ and forward all VPN connections to the new Firewall/Router.

My questions are:

 - What are some recommendations for the new Firewall/Router that I need?  I have looked into Netgear FVL328, and my boss loves it because it is cheap, but I'm not sure how well it will perform or how easy it is to setup/use.  I've also looked briefly at a CISCO PIX 501, but the price tag is a little high and I've heard that CISCO products are tough to configure and use.

- As far as VPN protocols, I hear that IPSEC is very secure but difficult to setup and use, while PPTP is less secure but easier to use.  Any advice on which protocol to use would be helpful.  Do the security benefits of IPSEC over PPTP out weigh the ease of use benefits of PPTP?

- What else should I look for in a new Firewall/Router?  My company is not very big, but we are growing rapidly.  Do some solutions scale better than others.

Thanks In advance.
Question by:naj2576
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 12363647
As for the PIX, the 501 only supports 10 simultaneous VPN connections, but it is easy to setup and configure. New GUI wizards makes it easy. The 506e would be more adequate for your needs and scales much higher.

IPSEC is much more secure, and very easy to configure as long as you use an easy client. Cisco VPN client (used with PIX) is extremely easy to setup and client config can be pushed with a pre-configured ini file for clients.

I would seriously consider replacing the FVS318 with something with more horsepower. If you already have some expertise with its little brother and the clients, that has value in itself. I've just never had good luck with Netgear products (I think I'm alergic to Nortel - <8-} )

You might want to consider capability to provided redundant WAN links sometime in the future. Some words of advice:
- With the prices as low as they are, get what you need now with some wiggle room. Don't spend much on extra features that you might need a year or two from now. A year or two from now when you need that function, the products will have evolved and prices lower enough that it may save money to wait.
- Spend money relative to what you are protecting. If you can go to jail for compromising a client's personal information, then spend appropriately and wisely. If the worst that can happen does not cost you anything, then spend accordingly.

Here are some low-end firewall products that you can look into:
My personal recommendation would be the PIX506e
Second on the list would be the Linksys RV082

Linksys RV082:


Adtran Netvanta


Watchguard Firebox

PIX 501

D-LINK w/DMZ port



LVL 23

Expert Comment

by:Tim Holman
ID: 12369316
I would also recommend upgrading your existing box - it will be a lot easier to support in the long run.
Is there a bigger Netgear box you can upgrade to ?

Author Comment

ID: 12371284

Thank you for all the helpful advice.  I've convinced my boss to up my budget a little so that I can get a firewall with a little more horsepower behind it, but I still have to keep things under $1K.

I was almost ready to go with the PIX 506e after looking at it, but now another person I've talked to is pushing SonicWall's TZ170 or PRO 2040.  He believes they are far easier to maintain(for someone not familiar with Cisco IOS) and are more scalable than the PIX.  

Any thoughts on these firewalls or SonicWall in general?
LVL 79

Expert Comment

ID: 12371417
According to SonicWall's own product chart, the TZ170 is targeted for 10 VPN connections, the 2040 at 50. In that case, I'd have to recommend the 2040.

However, I've tried several times to find documentation on Sonicwall's web site and it is very difficult to find anything other than the quick setup guides. Get into the documentation for the actual SonicOS, and I've found it quite overwhelming...
I'll take the PIX any day...

You'll have to make your own decision based on your own comfort level and skill sets..

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question