Router / Firewall suggestions - Dual Wan

Hi All,
Looking to replace an existing uclinux based appliance router/firewall as it seems to be dropping an interface every now and then.

Hoping to find something decent that we can connect our two wan links, Fibre (Ethernet) and DSL (via bridged cisco877) to and route accordingly. The fibre should be used by our web/email servers and DSL for internet access by our staff.
We have 16 static IP's for use with the sites / services we host internally.

Something with IPS and VPN would be good

Was looking at the Cisco ASA's but they apparently can't handle dual wan links other than for failover which is not what we want.

So any suggestions please, would prefer to try Cisco or something else that has high availability option.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

Sanga CollinsConnect With a Mentor Systems AdminCommented:
I agree with the feedback on juniper. I have been using their equipment for the last 5 years and have all manner of devices from old-school netscreen devices to newer ssg and srx devices. I definitely recommend the netscreen and ssg devices. They are amazingly robust and customizable even with the base licenses. The srx devices are really high level pieces of equipment. if you do not have advanced networking knowledge they can be daunting to use, and even seting it up just to get online is an exercise in futility.

Sonicwall has the same user experince as ssg and netscreen devices. they aim to make it as simple as possible to manage and configure their equipment. I only have one sonicawall device so i can not speak on them in detail, but i do not think they will cause you undue headaches and stress

Cisco devices are in the middle between user friendly and unecessarily complex. i only recommend those if you have prior experience with cisco ios.

hope that helps
Sanga CollinsSystems AdminCommented:
Juniper SSG series or SRX series can handle dual WAN links. I am pretty sure that the cisco ASA can do the same. the base model does not allow this but the 'security plus license' in routed mode will allow you to create up to 20 active vlans. You can then use 1 for fibre and the the other for the dsl connection.
The Cisco ASA series can not do load balancing between 2 external ISPs.  It can not have a catch all route on 2 separate paths.   So the ASA is limited to a failover scenario when talking about dual ISPs.

Here is the cisco write up on that config:
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Sanga CollinsSystems AdminCommented:
Then i recommend getting a juniper ssg or srx. they both support virtual routers so what i do is put the second ISP in another virtual router so that it has its own default gateway. you can then route traffice out through the fiber or the DSl as you see fit.
We use Sonicwall NSA 2400's, TZ200 and TZ210's.  All of these can do what you need.  They have the ability to load balance or failover dual wan connections.  They also support SSLVPN or the traditional GlobalVPN client.
Forgot to add that they both support IPS as well.  How many users and how much traffic do you expect to traverse these links?
art_rAuthor Commented:
Sorry, forgot to mention users and traffic...

Around 50 users and in terms of traffic to the websites only around 100GB/month, it is only a 4/4Mbps link. We do have inter office VoiP on the fibre link too.

As for Juniper, heard ok things about ssg but I think the newer srx's I have only read bad things, OS not mature enough or not doing things it is said to do?

Sonicwall, will have a look at the bigger units as I have had a TZ190 before which I wasn't that impressed with, but maybe the bigger unit would be better.
getzjdConnect With a Mentor Commented:
Even being a CCNP and having done numerous PIX installations, it is hard to recommend them unless you are looking for a high end complicated solution.

A Sonicwall TZ210 should suit you fine as we have several of them supporting up to 70 users or so at the locations.  However, if you are looking for something with a bit more memory and processing power without breaking the bank, check out the NSA series.   We have a nsa2400 at our HQ site and have not had any issues with it.    You also have the NSA E series

The SSL VPN is a nice feature and the globalvpn works well too.
art_rAuthor Commented:
Thank you both, will check out both Sonicwall and Juniper appliances to see which will best suit our needs.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.