[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 492
  • Last Modified:

does remote office have to use our Internet

We are thinking about installing SonicWall boxes in our remote offices to bring their PCs into our domain.
Currently, they get documents from Sharepoint and use Outlook rpc over http.
But, my concern is bandwidth.
I seem to recall that if their machines are brought into the domain, they get to the Internet through ours at head office? Is that correct?
The users are obviously part of the domain.
Can their machines still not use their own machines for web activity, or is the whole point of the secure vpn connection that all web traffic will come through our main SoncWall box at head office.
Cheers
John
0
jasonbournecia
Asked:
jasonbournecia
  • 4
  • 3
  • 2
2 Solutions
 
EvilKnievelCommented:
Hi,
Normally your sonicwall will filter traffic to the web and to your main office. Therefore only traffic to the ip range of your main office will travel through the VPN connection. All other traffic will be routed directly to the internet. However, if your domain has a proxy policy, which sets all clients to use a proxy located in your main office, internet traffic will be routed through your vpn.

Hope this clarifies it!
0
 
jasonbourneciaAuthor Commented:
Beautifully put :)
Do you know if the TZ100 boxes they are suggesting will still do the filtering?
0
 
carlmdCommented:
The TZ100 will do filtering. If you have more than a few pc's at the remote locations, or do a lot of remote printing, you should consider a TZ200, about a 40% performance improvement for approximately $125 more, or a TZ210 with 100% performance improvement for about $250 more. Best to be sure you have what you need up front.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
jasonbourneciaAuthor Commented:
Nine locations with usually two PCs at each location. They do print room registers each Friday which is a reasonable run.
Do you think we can still get away with the 100s? Or should we up it.
0
 
carlmdCommented:
With only two pc's and minimal normal printing, the TZ100's are probably ok. What is the ISP line speed at these nine locations?

What Sonicwall is being proposed for your home office? Since it will have 9 site to site vpn connections, it will have to be larger.
0
 
jasonbourneciaAuthor Commented:
Head office has a TZ190
The nurseries have Option 1 through BT, which seems to be totally adequate; so far!
Our external support people mention that if the nurseries start using terminal services or possibly a local app that pulls data from our SQL server, then it might be wise installing a second ADSL line at head office just for this data.
We did upgrade to Annex-M at head office late last year, which certainly helped the nurseries with pulling down documents from SharePoint and email.
0
 
carlmdCommented:
The TZ190 (legacy) has less throughput than the TZ100. I suggest you use the TZ190 at the remote location with the least activity, and replace it with a TZ210 or more likely NSA240.

Combination throughput numbers are:
   TZ190        90MBPS
   TZ100      100MBPS
   TZ210      200MBPS
   NSA240   600MBPS
0
 
jasonbourneciaAuthor Commented:
Thanks for the responses guys, I hope you're happy with the points split.
EvilKnievel, you answered the question, but carlmd opened a whole can of worms :)
The TZ190 is the gateway for head office and configuring it is beyond me.
I will put it to our support people that you suggest that goes to one of the remote sites.
Thanks again and hope the split is okay
John
0
 
EvilKnievelCommented:
Hi John, split is no problem,i couldn't have answered the model questions ;)
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now