gaz629
asked on
Need a fast and secure router for start up
Hi,
I have a client who needs a fast router/firewall as they will be hosting an App from their office.
This is a start up so money is tight, ensuring I put in a business grade router/firewall what is my best option for speed and security.
Thanks
Gareth
I have a client who needs a fast router/firewall as they will be hosting an App from their office.
This is a start up so money is tight, ensuring I put in a business grade router/firewall what is my best option for speed and security.
Thanks
Gareth
If budget allows, go for TP-Link, if more money is available, then Draytek, if not, Zyxel, then up to Cisco.
ASKER
hi Kimputer,
do you have a model in mind. Speed and security are the highest priority.
ty
g
do you have a model in mind. Speed and security are the highest priority.
ty
g
Part of deciding on a product selection is understanding the client's needs.
So, they are hosting a web server. Let's assume that would be in a DMZ. How critical is the data? Do you need to front-end the server with reverse-proxy, IDS/IPS solution or anything else for added security? How busy do they expect this server to be? Sessions counts are a factor in selecting any product to make sure it can handle the load.
How many other normal users do they have that will be using Internet?
How much bandwidth are they getting? Some good small business firewalls a limited in throughput, especially if features such as IDS/IPS are enabled. Will bandwidth need to be reserved for the web server by limiting all other traffic, or will there be enough for all?
A startup business has to start somewhere, but with enough horsepower to get off the ground running in order to be successful, not bogged down with under performing hardware.
Also, what is the level of technical expertise on staff? Will you be their security consultant for the effort? If so, what is your experience level with different products. Some firewalls are much more complex to configure than others.
You can look at Sonicwall, PaloAlto, Fortinet, Meraki MX, pFSense, Sophos, Cisco, all are good business grade products, each with their own pros/cons.
So, they are hosting a web server. Let's assume that would be in a DMZ. How critical is the data? Do you need to front-end the server with reverse-proxy, IDS/IPS solution or anything else for added security? How busy do they expect this server to be? Sessions counts are a factor in selecting any product to make sure it can handle the load.
How many other normal users do they have that will be using Internet?
How much bandwidth are they getting? Some good small business firewalls a limited in throughput, especially if features such as IDS/IPS are enabled. Will bandwidth need to be reserved for the web server by limiting all other traffic, or will there be enough for all?
A startup business has to start somewhere, but with enough horsepower to get off the ground running in order to be successful, not bogged down with under performing hardware.
Also, what is the level of technical expertise on staff? Will you be their security consultant for the effort? If so, what is your experience level with different products. Some firewalls are much more complex to configure than others.
You can look at Sonicwall, PaloAlto, Fortinet, Meraki MX, pFSense, Sophos, Cisco, all are good business grade products, each with their own pros/cons.
https://www.draytek.com/products/vigor2952/
ftp://ftp2.zyxel.com/USG60/datasheet/USG60_15.pdf
Only the more expensive brands dare to specify their specs to the most smallest detail.
ftp://ftp2.zyxel.com/USG60/datasheet/USG60_15.pdf
Only the more expensive brands dare to specify their specs to the most smallest detail.
Zywall USG's are good... and can handle up to 1Gbps connections. (I doubt if if you get that fast a link on premisses).
For IPSEC/SSL tunnels the forwarding rate is a little less.
Zywalls can also work in tandems if you need failover recoverable options.
For IPSEC/SSL tunnels the forwarding rate is a little less.
Zywalls can also work in tandems if you need failover recoverable options.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi all,
thanks for input.
we will be their IT Dept, but not been asked for this specific need before.
10 inside users.
I do not know their expected growth exactly but as they are building a whole new business around a new App I believe the incoming connections are hopefully going to grow quickly.
DMZ - good point.
Draytek is hit and miss in Saskatchewan, works in one office and not in the next door office. SaskTel quirks.
thanks for input.
we will be their IT Dept, but not been asked for this specific need before.
10 inside users.
I do not know their expected growth exactly but as they are building a whole new business around a new App I believe the incoming connections are hopefully going to grow quickly.
DMZ - good point.
Draytek is hit and miss in Saskatchewan, works in one office and not in the next door office. SaskTel quirks.
You may be better off with a smaller setup on the office and rent rackspace / VM in a datacenter or deploy on amazon or behind cloudflare etc.
Handling a DDOS is no fun esp. on home connections.
(compare prices & facilities though) besides that you will need some DNS service you can setup to your needs and optionally change on short notice.
Handling a DDOS is no fun esp. on home connections.
(compare prices & facilities though) besides that you will need some DNS service you can setup to your needs and optionally change on short notice.
Agree with noci. Having the app hosted elsewhere. Wherever you option to host it, pay for WAF, CDN, and DDoS protection. Lots of options in this field like Cloudflare (noci mentioned already), Imperva, Akamai, and F5. You'll be able to secure it without potentially having the corporate network at risk. Plus the hosting providing will have the resources available for helping your client with scaling as their service grows.
Your router options will be pretty flexible with that off the network. I'd probably point you towards a Sonicwall TZ350.
Your router options will be pretty flexible with that off the network. I'd probably point you towards a Sonicwall TZ350.
ASKER
Hi All,
I agree that a data centre would be better, they do not want to do this, I am not privy to their reasons why.
Thanks for your input.
Gareth
I agree that a data centre would be better, they do not want to do this, I am not privy to their reasons why.
Thanks for your input.
Gareth