Best VPN firewalls

Posted on 2010-08-23
Medium Priority
Last Modified: 2012-05-10
I have a corportate HQ and two (more to come) branch offices that I need to tie together.  My main objective is to get the servers talking on the same domain/forest.  If someone has a secure way to accomplish this without a VPN, I would love to hear it.  Otherwise, what is the best firewall/VPN solution?  I've looked at WatchGuard and SonicWall. Thoughts?
Question by:MasterComputing
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 33501829
One way to connect the office would be a Poitn-to-Point T-1. thats how i have  one of mine. The other few are setup on VPN tunnels using a Cisco ASA 5510.
LVL 63

Expert Comment

ID: 33501921
VPN tunnel at the router level is probably the most flexible.

What about Dial in VPN in the future ?

I personally prefer the Netscreen ( juiper ) routers, reasonably priced and very powerful.
Even an NS 5 GT 201 or similar on ebay can handle 25 simultaneous  VPN tunnels - $70 - $170 each

There are newer models also available as the SSG series if needed.

I hope this helps !

Accepted Solution

darthcontra earned 1000 total points
ID: 33502015
Personally, I would look at a Cisco ASA or integrated services router for the main office.
For the branch offices it would depend on number of users, but either a smaller ASA or possibly the Linksys RVO42 router.

You are talking 3 sites currently with more to come.  Do you have an idea for how many more?  This will determine the requirements of the main office device.
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Expert Comment

ID: 33502032
If you dont want to do VPN, use a dedicated ethernet drop. MPLS TLS from verizon. Other providers should have something similar.

For VPN i would go with cisco asa or the cheaper route would be sonicwall.

Expert Comment

ID: 33502091
MPLS or Point-toPoint T1 will get you the connectivity without the overhead of VPN, at the expense of potentially higher monthly costs.  Since it sounds like these are somewhat permanent locations, it might be worth looking into.

If you decide to go the VPN route, Sonicwall firewalls are very price competitive and offer a lot of other valuable features.
LVL 18

Expert Comment

ID: 33502158
Have a look at Check Point UTM-1 appliances, especially the smaller Edge boxes

or Juniper small SSG/SRX range

The Newer SSGs and SRX tend to be a bit more expensive than the older NS5GTs as mentioned above.  The 5GTs are still great little bits of kit but if official vendor support is a requirement then I would not consider them.

Both of these vendors provide very good enterprise level solutions with a similar level of performance and feature parity.  Each will allow remote access VPNs, ie the dial in VPN or users to connect to the corporate LAN form hotels etc

LVL 26

Expert Comment

by:Fred Marshall
ID: 33503464
Juniper Networks SSG series are very capable - lots of features and possibilities.  Excellent support.  Will support  plenty of VPNs

Cisco/Linksys RV042 for VPNs is a simpler approach.  I use them standalone for VPN connections.

Using fiber MPLS private connections between sites now.  No VPN but could do if desired.

Either way, all sites are on separate subnets.  So you have to decide how to handle that.

Expert Comment

ID: 33509002
I will second to the statements that you are best off with router based VPN.

The Juniper SSG's are great products with good performance. If you are unexperienced with routers I would recommend something like ZyXEL ZyWALL USG-100 og maybe the new USG-25 or USG-50.

They are cheaper than Juniper, checkpoint, Wtachguard and sonicwall and you will not have to pay for support and upgrades.
You only pay a regular fee if you want antivirus and intrusion detection.
In my experience most people find them reasier to set up as they have wizzards for stuff like multiple WAN and for VPN setup.

But any of the products mention will be able to do the trick!

Just be aware how you set up your DNS structure and remember that traffic is routed on different subnets. If you need site to site traffic and not only site to HQ there are ways to solve that. IMO the Junipers SSG's do this the best way, but that's just my thought.


Author Closing Comment

ID: 33521583
Thanks for all the input.  I think I'll go the Cisco ASA route.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question