?
Solved

Small Office VPN recommendations

Posted on 2012-03-16
4
Medium Priority
?
514 Views
Last Modified: 2012-03-16
I am trying to help out a side client who three small offices, and each office only has 3-9 employees.  Currently, only his "main" office is the only office with a Windows domain controller server, and the other two office just use remote desktop (terminal server) to connect in.  However, his main office has a residential grade D-Link router and has port 3389 open for the terminal server sessions.  He recently got some sort of DBrute virus, which it seems uses port 3389.  I want to put in new firewalls that connect each office with a hardware VPN.  In my "real" job, we use a Sonicwall firewall, and since I am familiar with Sonicwall products, I am thinking of simply recommending that he purchase a Sonicwall TZ 200 for this main office with the server and two Sonicwall TZ 100 firewalls for his other two offices.  Does this seem like a good option?  The Sonicwall's aren't very cheap, but I assume they are decent products and will be somewhat similar to the older Sonicwall Pro2040 I manage at my real job.  I assume both the TZ 100's can VPN to the 200 permanently?

Thanks for any advice.
0
Comment
Question by:jbobst
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 11

Expert Comment

by:crouthamela
ID: 37730634
VPNs is a much better way than opening ports. Unless they use a whole lot of bandwidth, you could probably get away with TZ100's at each site even. The latest Gen SonicWALLs are way nicer than the older ones, you can't go wrong with them.
0
 
LVL 1

Author Comment

by:jbobst
ID: 37730944
Thanks for the advice crouthamela.  In trying to decipher the specs on the TZ 100 and TZ 200, I was worried that if I purchased all 100's, that the main office wouldn't be able to have two VPN tunnels.  Will the 100's allow multiple VPN connections?  On the Specification page from Sonicwall, it says the TZ 200 has two Global VPN's Bundled and a maxium of 10 clients (do I have to buy additional Global VPN's if my client ever needs to open up another office?).  The TZ 100 has no bundled clients, or rather, it says N/A.  But I do see that is says it can do a maximum of 5.  I guess I am not sure then what I need exactly to have each location connected through VPN.
0
 
LVL 11

Accepted Solution

by:
crouthamela earned 2000 total points
ID: 37730972
There's 3 kind of VPNs you can configure:

1. Site-to-Site, the TZ 100 has 5 licenses for that. This is what you would use to create an always-up connection between sites.
2. GVC - The old way of doing Remote Access VPN from home or on the road. Install the GVC client software, connect to the site with a username/password.
3. SSL-VPN - The new way of connecting for Remote Access, uses port 443 instead of 500 to make connectivity easier in high-security environments. The client is a lot nicer too.

You are primarily concerned with #1 as I mentioned, so with TZ100's you would be limited to (5) sites/VPNs if you get one for the main site.
0
 
LVL 1

Author Comment

by:jbobst
ID: 37730987
Thanks for the explanations...I totally missed the part about site-to-site connections on the specifications.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
Sometimes, you want your microsoft VPN to route all the traffic to the remote network. Usually your employer network. This makes it possible to access all the nodes inside this remote LAN, even if they have no "public DNS" entries. To do so, you wo…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month12 days, 13 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question