• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1374
  • Last Modified:

Router / Firewall suggestions - Dual Wan

Hi All,
Looking to replace an existing uclinux based appliance router/firewall as it seems to be dropping an interface every now and then.

Hoping to find something decent that we can connect our two wan links, Fibre (Ethernet) and DSL (via bridged cisco877) to and route accordingly. The fibre should be used by our web/email servers and DSL for internet access by our staff.
We have 16 static IP's for use with the sites / services we host internally.

Something with IPS and VPN would be good

Was looking at the Cisco ASA's but they apparently can't handle dual wan links other than for failover which is not what we want.

So any suggestions please, would prefer to try Cisco or something else that has high availability option.
0
art_r
Asked:
art_r
  • 3
  • 3
  • 2
  • +1
2 Solutions
 
Sanga CollinsSystems AdminCommented:
Juniper SSG series or SRX series can handle dual WAN links. I am pretty sure that the cisco ASA can do the same. the base model does not allow this but the 'security plus license' in routed mode will allow you to create up to 20 active vlans. You can then use 1 for fibre and the the other for the dsl connection.
0
 
MikeKaneCommented:
The Cisco ASA series can not do load balancing between 2 external ISPs.  It can not have a catch all route on 2 separate paths.   So the ASA is limited to a failover scenario when talking about dual ISPs.

Here is the cisco write up on that config:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml
0
 
Sanga CollinsSystems AdminCommented:
Then i recommend getting a juniper ssg or srx. they both support virtual routers so what i do is put the second ISP in another virtual router so that it has its own default gateway. you can then route traffice out through the fiber or the DSl as you see fit.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
getzjdCommented:
We use Sonicwall NSA 2400's, TZ200 and TZ210's.  All of these can do what you need.  They have the ability to load balance or failover dual wan connections.  They also support SSLVPN or the traditional GlobalVPN client.
0
 
getzjdCommented:
Forgot to add that they both support IPS as well.  How many users and how much traffic do you expect to traverse these links?
0
 
art_rAuthor Commented:
Sorry, forgot to mention users and traffic...

Around 50 users and in terms of traffic to the websites only around 100GB/month, it is only a 4/4Mbps link. We do have inter office VoiP on the fibre link too.

As for Juniper, heard ok things about ssg but I think the newer srx's I have only read bad things, OS not mature enough or not doing things it is said to do?

Sonicwall, will have a look at the bigger units as I have had a TZ190 before which I wasn't that impressed with, but maybe the bigger unit would be better.
0
 
Sanga CollinsSystems AdminCommented:
I agree with the feedback on juniper. I have been using their equipment for the last 5 years and have all manner of devices from old-school netscreen devices to newer ssg and srx devices. I definitely recommend the netscreen and ssg devices. They are amazingly robust and customizable even with the base licenses. The srx devices are really high level pieces of equipment. if you do not have advanced networking knowledge they can be daunting to use, and even seting it up just to get online is an exercise in futility.

Sonicwall has the same user experince as ssg and netscreen devices. they aim to make it as simple as possible to manage and configure their equipment. I only have one sonicawall device so i can not speak on them in detail, but i do not think they will cause you undue headaches and stress

Cisco devices are in the middle between user friendly and unecessarily complex. i only recommend those if you have prior experience with cisco ios.

hope that helps
0
 
getzjdCommented:
Even being a CCNP and having done numerous PIX installations, it is hard to recommend them unless you are looking for a high end complicated solution.

A Sonicwall TZ210  http://www.sonicwall.com/us/products/13281.html should suit you fine as we have several of them supporting up to 70 users or so at the locations.  However, if you are looking for something with a bit more memory and processing power without breaking the bank, check out the NSA series.  http://www.sonicwall.com/us/products/NSA_Series.html   We have a nsa2400 at our HQ site and have not had any issues with it.    You also have the NSA E series   http://www.sonicwall.com/us/products/E-Class_NSA_Series.html

The SSL VPN is a nice feature and the globalvpn works well too.
0
 
art_rAuthor Commented:
Thank you both, will check out both Sonicwall and Juniper appliances to see which will best suit our needs.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now