[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Best VPN firewalls

Posted on 2010-08-23
Medium Priority
Last Modified: 2012-05-10
I have a corportate HQ and two (more to come) branch offices that I need to tie together.  My main objective is to get the servers talking on the same domain/forest.  If someone has a secure way to accomplish this without a VPN, I would love to hear it.  Otherwise, what is the best firewall/VPN solution?  I've looked at WatchGuard and SonicWall. Thoughts?
Question by:MasterComputing
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 33501829
One way to connect the office would be a Poitn-to-Point T-1. thats how i have  one of mine. The other few are setup on VPN tunnels using a Cisco ASA 5510.
LVL 63

Expert Comment

ID: 33501921
VPN tunnel at the router level is probably the most flexible.

What about Dial in VPN in the future ?

I personally prefer the Netscreen ( juiper ) routers, reasonably priced and very powerful.
Even an NS 5 GT 201 or similar on ebay can handle 25 simultaneous  VPN tunnels - $70 - $170 each

There are newer models also available as the SSG series if needed.

I hope this helps !

Accepted Solution

darthcontra earned 1000 total points
ID: 33502015
Personally, I would look at a Cisco ASA or integrated services router for the main office.
For the branch offices it would depend on number of users, but either a smaller ASA or possibly the Linksys RVO42 router.

You are talking 3 sites currently with more to come.  Do you have an idea for how many more?  This will determine the requirements of the main office device.
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.


Expert Comment

ID: 33502032
If you dont want to do VPN, use a dedicated ethernet drop. MPLS TLS from verizon. Other providers should have something similar.

For VPN i would go with cisco asa or the cheaper route would be sonicwall.

Expert Comment

ID: 33502091
MPLS or Point-toPoint T1 will get you the connectivity without the overhead of VPN, at the expense of potentially higher monthly costs.  Since it sounds like these are somewhat permanent locations, it might be worth looking into.

If you decide to go the VPN route, Sonicwall firewalls are very price competitive and offer a lot of other valuable features.
LVL 18

Expert Comment

ID: 33502158
Have a look at Check Point UTM-1 appliances, especially the smaller Edge boxes

or Juniper small SSG/SRX range

The Newer SSGs and SRX tend to be a bit more expensive than the older NS5GTs as mentioned above.  The 5GTs are still great little bits of kit but if official vendor support is a requirement then I would not consider them.

Both of these vendors provide very good enterprise level solutions with a similar level of performance and feature parity.  Each will allow remote access VPNs, ie the dial in VPN or users to connect to the corporate LAN form hotels etc

LVL 26

Expert Comment

by:Fred Marshall
ID: 33503464
Juniper Networks SSG series are very capable - lots of features and possibilities.  Excellent support.  Will support  plenty of VPNs

Cisco/Linksys RV042 for VPNs is a simpler approach.  I use them standalone for VPN connections.

Using fiber MPLS private connections between sites now.  No VPN but could do if desired.

Either way, all sites are on separate subnets.  So you have to decide how to handle that.

Expert Comment

ID: 33509002
I will second to the statements that you are best off with router based VPN.

The Juniper SSG's are great products with good performance. If you are unexperienced with routers I would recommend something like ZyXEL ZyWALL USG-100 og maybe the new USG-25 or USG-50.

They are cheaper than Juniper, checkpoint, Wtachguard and sonicwall and you will not have to pay for support and upgrades.
You only pay a regular fee if you want antivirus and intrusion detection.
In my experience most people find them reasier to set up as they have wizzards for stuff like multiple WAN and for VPN setup.

But any of the products mention will be able to do the trick!

Just be aware how you set up your DNS structure and remember that traffic is routed on different subnets. If you need site to site traffic and not only site to HQ there are ways to solve that. IMO the Junipers SSG's do this the best way, but that's just my thought.


Author Closing Comment

ID: 33521583
Thanks for all the input.  I think I'll go the Cisco ASA route.

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question