Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 516
  • Last Modified:

Small Office VPN recommendations

I am trying to help out a side client who three small offices, and each office only has 3-9 employees.  Currently, only his "main" office is the only office with a Windows domain controller server, and the other two office just use remote desktop (terminal server) to connect in.  However, his main office has a residential grade D-Link router and has port 3389 open for the terminal server sessions.  He recently got some sort of DBrute virus, which it seems uses port 3389.  I want to put in new firewalls that connect each office with a hardware VPN.  In my "real" job, we use a Sonicwall firewall, and since I am familiar with Sonicwall products, I am thinking of simply recommending that he purchase a Sonicwall TZ 200 for this main office with the server and two Sonicwall TZ 100 firewalls for his other two offices.  Does this seem like a good option?  The Sonicwall's aren't very cheap, but I assume they are decent products and will be somewhat similar to the older Sonicwall Pro2040 I manage at my real job.  I assume both the TZ 100's can VPN to the 200 permanently?

Thanks for any advice.
0
jbobst
Asked:
jbobst
  • 2
  • 2
1 Solution
 
crouthamelaCommented:
VPNs is a much better way than opening ports. Unless they use a whole lot of bandwidth, you could probably get away with TZ100's at each site even. The latest Gen SonicWALLs are way nicer than the older ones, you can't go wrong with them.
0
 
jbobstAuthor Commented:
Thanks for the advice crouthamela.  In trying to decipher the specs on the TZ 100 and TZ 200, I was worried that if I purchased all 100's, that the main office wouldn't be able to have two VPN tunnels.  Will the 100's allow multiple VPN connections?  On the Specification page from Sonicwall, it says the TZ 200 has two Global VPN's Bundled and a maxium of 10 clients (do I have to buy additional Global VPN's if my client ever needs to open up another office?).  The TZ 100 has no bundled clients, or rather, it says N/A.  But I do see that is says it can do a maximum of 5.  I guess I am not sure then what I need exactly to have each location connected through VPN.
0
 
crouthamelaCommented:
There's 3 kind of VPNs you can configure:

1. Site-to-Site, the TZ 100 has 5 licenses for that. This is what you would use to create an always-up connection between sites.
2. GVC - The old way of doing Remote Access VPN from home or on the road. Install the GVC client software, connect to the site with a username/password.
3. SSL-VPN - The new way of connecting for Remote Access, uses port 443 instead of 500 to make connectivity easier in high-security environments. The client is a lot nicer too.

You are primarily concerned with #1 as I mentioned, so with TZ100's you would be limited to (5) sites/VPNs if you get one for the main site.
0
 
jbobstAuthor Commented:
Thanks for the explanations...I totally missed the part about site-to-site connections on the specifications.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now