Dan Dhillon
asked on
Network solution for a serviced office
Hi,
I'm about to start a project for a serviced office with 10 offices looking to offer broadband and voip solution to these tenants and maybe a WiFi solution too.
1. What is the best way to do this?
2. What firewall do you recommend?
3. What type of cabling do you recommend for future proof.
4. Is it possible to offer public ip address to each tenant?
Thanks.
I'm about to start a project for a serviced office with 10 offices looking to offer broadband and voip solution to these tenants and maybe a WiFi solution too.
1. What is the best way to do this?
2. What firewall do you recommend?
3. What type of cabling do you recommend for future proof.
4. Is it possible to offer public ip address to each tenant?
Thanks.
Before you order an internet connection, ask the all of the offices what there internet requirements are.
how many mbits and if there going to use private services natted to the internet how many external addresses they need
when you know the required bandwidth, and the amount of ip addresses order the connection.
i would use an cisco asa in muti context so you can build for every office there own firewall.
this specially for sip alg when using posible different voip providers.
cant tell you the model yet, for this we need to know the throughput and if you want to use the security services,
like ids, antivirus, content filtering etc.
with cabeling use atleast cat 5E.
how many mbits and if there going to use private services natted to the internet how many external addresses they need
when you know the required bandwidth, and the amount of ip addresses order the connection.
i would use an cisco asa in muti context so you can build for every office there own firewall.
this specially for sip alg when using posible different voip providers.
cant tell you the model yet, for this we need to know the throughput and if you want to use the security services,
like ids, antivirus, content filtering etc.
with cabeling use atleast cat 5E.
ASKER
Hi,
Thank you for the replies.
What if I used a checkpoint firewall could that do it?
Yes I've been looking at a 1GB connection symmetrical pipe.
Will be using cat6 cabling and layer 3 switches. Do you have any other recommendations?
Thanks
Thank you for the replies.
What if I used a checkpoint firewall could that do it?
Yes I've been looking at a 1GB connection symmetrical pipe.
Will be using cat6 cabling and layer 3 switches. Do you have any other recommendations?
Thanks
If you want you can use a checkpoint offcource,
you only need to be sure the firewall model can handle the traffic.
most suppliers have a matrix to select the correct model
you only need to be sure the firewall model can handle the traffic.
most suppliers have a matrix to select the correct model
ASKER
Hi Benjamin,
What other firewall can I use apart from checkpoint and cisco asa multi context mode?
Each office would need own private ip address so they can do their own NATing ie Web services etc.
Thanks
What other firewall can I use apart from checkpoint and cisco asa multi context mode?
Each office would need own private ip address so they can do their own NATing ie Web services etc.
Thanks
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Start with a big pipe. 1G symmetric at the very least.
Run router + repeater hardware which all support QOS, so you can give priority to Apps like Skype or other VOIP systems, over video services like Youtube, Wistia, Vimeo.
2. What firewall do you recommend?
Run a DMZ machine connected to your incoming traffic running Ubuntu Bionic.
Then use Fail2Ban + iptables + Tarpitting to auto manage ip blocking/unblocking. This will save you a massive amount of time.
3. What type of cabling do you recommend for future proof.
This will be highly dependent on your building wiring.
Running copper is always best with a switch + repeater as first device on every floor.
You may also get away with running Powerline Ethernet (copper speed over AC wiring), depending on how wiring is organized.
4. Is it possible to offer public ip address to each tenant?
Er... Items #1-#3 relate to outbound connections.
#4 relates to inbound connections, so this means you're getting into the hosting business, running servers like HTTPS, SFTP, IMAPS, POP3S, MySQL/MariaDB.
Unless you already have a few decades of experience running hosting - building NOCs (network operation centers) + tooling multi-connection link aggregation (many different ISP connections) + backup generators with fuel reserves - you should avoid this business like the plague.
Better to stick with only incoming connections.
Tip: One thing you've likely failed to think about is torrent tracking.
You must work out how you will sense + block torrenting, else some idiot is guaranteed to fire up some torrent client inside your network without installing a VPN.
This will cause your upstream ISP to shutdown your entire connection, so one idiot with a laptop running a torrent client can take out your entire connection in a few seconds.
You must run the same tracking ISPs run to sense + block torrenting, else you'll be out of business in a heartbeat.