Redundant ISP router

Posted on 2013-08-27
Medium Priority
Last Modified: 2013-09-13
Hello- I need a solid, reliable recommendation for an 8 workstation (incl POS) hotel/restaurant/golf pro shop. They are ordering a cable connection to augment the speed of their T1, which is quite slow, especially since they also share their WiFi with hotel guests (yeah, that's right, no firewall between the WiFi and the POS, aside from a windows firewall on the POS). I will also ask them to firewall off the WiFi traffic, but that I know how to handle. My question is, what kind of small office firewall should I propose that can handle either dynamic or failover ISP connections?

Note: POS is Point of Sale, not what you are thinking.
Question by:HardwareDude
LVL 12

Assisted Solution

duttcom earned 668 total points
ID: 39444423
I have a Netgear UTM 25 (in a small office scenario) which has dual WAN failover. I can run two connections in either failover or load balancing mode and it has been easy to administer and maintain thus far, and it does a great job with SPAM too. It's a lot better than the Watchguard it replaced, but that is just my opinion.

Author Comment

ID: 39451385
duttcomm - Thank you for your response, I was trying to find reviews on the unit but I guess it has not been out long, as there are few on newegg or Amazon.
LVL 12

Expert Comment

ID: 39451449
I've had mine a couple of years now. Netgear's firewalls are not very well known, but I tend to like Netgear stuff (switches etc) because it's reliable and about the right price and quality level for the small sized business it runs in. As I mentioned, I had a Watchguard but I never really warmed to it. The dual WAN ports are great - I have the option to route traffic two and from either port even down to specific LAN IP's and there is a DMZ option (which I don't use).

I note that if you google "Dual WAN firewall", you will get lots of results on the Netgear units. I don't know why so many firewall manufactuers don't offer mid-level dual WAN models given how useful a redundant line is (I learned that lesson the hard way).

Good luck in your search!
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.


Author Comment

ID: 39461885
duttcom- Thank you for your advice, but it seems that firewall is sold with a specific number of end users in mind. Since my customer is a hotel with WiFi, that number will fluctuate quite a bit and Netgear was not able to convey how the licensing works. I called Netgear Presales - first they were not familiar with that product and then they disconnected me (three times). Not having much luck with them.
LVL 18

Accepted Solution

Garry Glendown earned 668 total points
ID: 39468094
Take a look at Fortinet firewalls ... lots of features, decent ability to handle controlling traffic between the different areas, and also supports policy routing as well as backup routing ... FortiGate 60D should be more than sufficient to handle both the primary link as well as the cable link, as well as provide up to 50mbit of content scanning/filtering ... please note that it only has ethernet links so you will still need an external router to handle the T1 line ...
LVL 17

Expert Comment

ID: 39468172
I second the Fortinet proposal. Just what you need.

If you want several WiFi access points, then it can also work as a WiFi controller.
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 664 total points
ID: 39468372
We always us Draytek Routers. The new 2860n had 6 Gigabit LAN ports, can connect via ADSL / VDSL / Ethernet and USB, so 4 potential WAN connections.

It can also offer Vlan's so you can separate your POS from the network and / or separate your wifi traffic from the remaining traffic.  You can configure one WiFi per VLAN and that gives you plenty of flexibility.

They are easy to configure and work brilliantly.  Personally I won't touch anything with Netgear written on it - bitter experience has proven them to be very flaky and unreliable.

LVL 27

Expert Comment

ID: 39475713
I'm with Alanhardisty.
Have used many routers/firewalls and tend to find the Drayteks quite good in their price range.

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their VPS hosting experience that much smoother.
A discussion about Penetration Testing and the Tools used to help achieve this important task.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question