Link to home
Create AccountLog in
Avatar of zc2
zc2Flag for United States of America

asked on

Please recommend a Firewall+VPN appliance

It should satisfy the following conditions:
1. Capable of 75Mbs bandwidth
2. Up to 25 users
3. Its VPN client must flawlessly work on all client machines including Linux and all modern Windows versions.
4. Costs less that $500

Currently we use a Sonicwall TZ170, its maximum bandwidth is just 25Mbs
Avatar of John
John
Flag of Canada image

Cisco RV345 VPN router (900 mbits/sec internal throughput) and is under $500.

Juniper SSG or comparable is better but over $500. We use these at our clients and they will fulfil you need. The Cisco might, the Juniper will.
Avatar of zc2

ASKER

Thank you. Does the Cisco one have an installable Linux VPN client software or the user will have to mess with IPsec ?
I use the firmware on both Cisco RV and Juniper as supplied. They are not traditionally programmable machines and have GUI interfaces to set up IPsec tunnels. Cisco is easy, Juniper is more structured and picky.
ASKER CERTIFIED SOLUTION
Avatar of Blue Street Tech
Blue Street Tech
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of zc2

ASKER

Sorry, I think you did not understand my question. I meant, if the VPN feature is fully configured on the appliance, and the client with windows machines are able to connect to it, how difficult to setup the proper VPN connection on a Linux machine?
I just use the interface on the machines I have - simpler in the long run.
Avatar of zc2

ASKER

Blue Street Tech,
Thank you for the detailed answer. The tough security is not a highest priority. But I need to be sure that the users with Linux boxes at their homes could easily connect to the device.
It is pretty straightforward and automated. The Virtual Office portal now provides seamless NetExtender installation, connection, and upgrading of Mac and Linux NetExtender clients. A NetExtender RPM package is available for installation on Linux. Just instruct your user base to browse to your public IP/4433 and the client will download and configure once they have put in their credentials.

If you wanted to perform this manually you can by following these steps:

NOTE: Super user rights are required to install this software on a Linux OS.

To obtain a Netextender file for your Linux OS:
1. Connect to your mysonicwall.com account at http://www.mysonicwall.com.
2. Click on Download on the left pane, select the Free Downloads
3. Select the NetExtender on Software Type Drop down.
4. Click on the NetExtender client link to download the latest version ( Choose the right package RPM 64/32 bit or TGZ 32bit/64bit )
Note: You can access previous versions by clicking on the “Additional Software Versions” link
5. Save the new NetExtender client file to a directory on your management computer.

You're done!

My previous question about being serious about security was a little rhetorical; we are far beyond the days when security was optional (and some would rightly argue it never was an option); strong security is a necessity. :)
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of zc2

ASKER

Thank you all, TZ300 looks good. That's funny, but I cannot find where can I buy it....
Here you go.  The price is a bit higher than $484 though, but not by much.

http://www.dell.com/en-us/work/shop/dell-sonicwall-tz300/apd/a9714056/software

Be sure to purchase from a reputable vendor and avoid "grey market" items.  If they are grey market, you cannot register them and they are not eligible for upgrades.
Avatar of zc2

ASKER

Thank you very much! I have ordered a TZ300 at DELL. It is frustrating though, they need more than a month to fulfill the order. :(  I should search somewhere else before I buy, but it is too late now.
Thanks again and have a happy thanksgiving!