router advice

Good morning!

There are 3 non-profit orgs in our building (including mine) that share a single internet connection.  We are preparing to upgrade to a 100mb pipe for this connection to alleviate bandwidth concerns (duh, right?).  We currently share 10mb.  For this new pipe, we'll need a new router.  Each org also has it's own firewall after the router.

In order to prevent future traffic problems, we'd like the ability to shape and prioritize traffic.  We'd also like the ability to monitor problem areas more closely than we currently can.

Naturally, budget is a big concern, but we do have some resources to invest in this.

What suggestions do you experts have on a specific product/model series to investigate?

Any advice, experience, etc...?

Thank you!
Gladys KernsAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

James HConnect With a Mentor IT DirectorCommented:
Untangled is a good product, but setup isn't as simple as it seems.

However, with your added comments, what you are looking for is different.
Each org should prioritize their traffic before it hits the edge (Comcast).
What I would suggest is getting a managed switch and just police the port they plug into and control the overall bandwidth they can consume. Otherwise (using infamus suggestion) you will have to create a sub-interface and create ACL's for each to police how much bandwidth they can consume.

How are you splitting off your ISP to the orgs now?
James HIT DirectorCommented:
What kind of traffic are you trying to prioritize? Need to be specific here.
Who is the ISP? What is the handoff? Fiber or Ethernet?
You need to also ensure your edge devices can support the bandwidth increase. Throughput should be verified for each org.
Gladys KernsAuthor Commented:
Thanks Spartan!

1.)  We'd like to prioritize type of traffic based on port, address or application such as SMTP and inbound http to an internal web server over people watching netflix or hulu.  We'd also like to keep any one org from consuming 100% bandwidth at any one point in time.  Our current router is "dumb" and just lets anyone do anything.

2.)  Comcast business fiber, but the handoff will be ethernet

3.)  Edge/Org firewalls... I totally agree.  This will probably need to be upgraded too.  What do you think of Untangle's software and devices?
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

helpfinderConnect With a Mentor IT ConsultantCommented:
I think it' s not a expensive poece of hw and can do its job. I mean ZyWall firewall which you can use as a router and firewall as weel for monitoring your network. You can buy several licences like antispam, antivirus etc if you want.
I do not know how big your network is how many users are there, but good starting point could be ZyWall 50 which is around 260€ so it could be aprox. 200 USD
InfamusConnect With a Mentor Commented:
Try take a look at Cisco 2900 series...
Gladys KernsAuthor Commented:
Thanks guys - I should have said that I will accept multiple solutions on this - any advice that seems sound.

I should have also said - only about 100 users in total across all 3 orgs.
I would suggested putting a layer 3 switch between the router and client's firewall.

Then create vlans on the switch and let the switch handle the routing.
Gladys KernsAuthor Commented:
Infamous/Spartan - that's almost what we're doing now.  I have a Juniper SRX and I have it segregating and routing smaller subnets of our primary ISP subnet to our edge firewalls through a single port - and then accessing that port through a switch to each edge FW.

Bandwidth policing on the SRX based on subnet isn't working the way I wanted/expected and so we dropped even attempting it a few months ago.  With that, we currently also have almost no way of knowing where a high traffic demand is coming from.  Edge firewalls are cheap and mostly useless for this too.... I'm thinking about untangle for my own org's edge FW just for this alone.

Ultimately what I need is something both easier to use and more robust for all us silly non-profit IT guys (all two of us, the 3rd org doesn't even have in-house IT).  The routing rules in the SRX were easy to setup, but any advanced rules were not at all.

Thanks guys!  I'll investigate these things... I needed somewhere to start and you gave me that.
Gladys KernsAuthor Commented:
Thanks all - I'm sorry I forgot to come back and close this.

We wound-up sticking with our Juniper SRX and adding an Exinda box to it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.