Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Router / Firewall suggestions - Dual Wan

Posted on 2010-11-29
Medium Priority
Last Modified: 2012-05-10
Hi All,
Looking to replace an existing uclinux based appliance router/firewall as it seems to be dropping an interface every now and then.

Hoping to find something decent that we can connect our two wan links, Fibre (Ethernet) and DSL (via bridged cisco877) to and route accordingly. The fibre should be used by our web/email servers and DSL for internet access by our staff.
We have 16 static IP's for use with the sites / services we host internally.

Something with IPS and VPN would be good

Was looking at the Cisco ASA's but they apparently can't handle dual wan links other than for failover which is not what we want.

So any suggestions please, would prefer to try Cisco or something else that has high availability option.
Question by:art_r
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
LVL 18

Expert Comment

by:Sanga Collins
ID: 34236544
Juniper SSG series or SRX series can handle dual WAN links. I am pretty sure that the cisco ASA can do the same. the base model does not allow this but the 'security plus license' in routed mode will allow you to create up to 20 active vlans. You can then use 1 for fibre and the the other for the dsl connection.
LVL 33

Expert Comment

ID: 34239455
The Cisco ASA series can not do load balancing between 2 external ISPs.  It can not have a catch all route on 2 separate paths.   So the ASA is limited to a failover scenario when talking about dual ISPs.

Here is the cisco write up on that config:
LVL 18

Expert Comment

by:Sanga Collins
ID: 34239504
Then i recommend getting a juniper ssg or srx. they both support virtual routers so what i do is put the second ISP in another virtual router so that it has its own default gateway. you can then route traffice out through the fiber or the DSl as you see fit.
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

LVL 15

Expert Comment

ID: 34239861
We use Sonicwall NSA 2400's, TZ200 and TZ210's.  All of these can do what you need.  They have the ability to load balance or failover dual wan connections.  They also support SSLVPN or the traditional GlobalVPN client.
LVL 15

Expert Comment

ID: 34239874
Forgot to add that they both support IPS as well.  How many users and how much traffic do you expect to traverse these links?

Author Comment

ID: 34261539
Sorry, forgot to mention users and traffic...

Around 50 users and in terms of traffic to the websites only around 100GB/month, it is only a 4/4Mbps link. We do have inter office VoiP on the fibre link too.

As for Juniper, heard ok things about ssg but I think the newer srx's I have only read bad things, OS not mature enough or not doing things it is said to do?

Sonicwall, will have a look at the bigger units as I have had a TZ190 before which I wasn't that impressed with, but maybe the bigger unit would be better.
LVL 18

Accepted Solution

Sanga Collins earned 500 total points
ID: 34261646
I agree with the feedback on juniper. I have been using their equipment for the last 5 years and have all manner of devices from old-school netscreen devices to newer ssg and srx devices. I definitely recommend the netscreen and ssg devices. They are amazingly robust and customizable even with the base licenses. The srx devices are really high level pieces of equipment. if you do not have advanced networking knowledge they can be daunting to use, and even seting it up just to get online is an exercise in futility.

Sonicwall has the same user experince as ssg and netscreen devices. they aim to make it as simple as possible to manage and configure their equipment. I only have one sonicawall device so i can not speak on them in detail, but i do not think they will cause you undue headaches and stress

Cisco devices are in the middle between user friendly and unecessarily complex. i only recommend those if you have prior experience with cisco ios.

hope that helps
LVL 15

Assisted Solution

getzjd earned 500 total points
ID: 34263566
Even being a CCNP and having done numerous PIX installations, it is hard to recommend them unless you are looking for a high end complicated solution.

A Sonicwall TZ210 should suit you fine as we have several of them supporting up to 70 users or so at the locations.  However, if you are looking for something with a bit more memory and processing power without breaking the bank, check out the NSA series.   We have a nsa2400 at our HQ site and have not had any issues with it.    You also have the NSA E series

The SSL VPN is a nice feature and the globalvpn works well too.

Author Closing Comment

ID: 34263860
Thank you both, will check out both Sonicwall and Juniper appliances to see which will best suit our needs.

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question