What's new

Standard Router vs UTM

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sdirge

New Around Here
Hi,

I have been doing alot of research for an upcoming project. We will have 6 sites connected together via some sort of VPN, the VPN will handle:

AD authentication
RDP to a terminal server (Primary client use)
Management (Symantec Endpoint Protection reporting, etc.)

We are also looking at site to stie sip trunking either within the VPN or outside of it.

We are currently using Untangle in a setup like this and it works OK (I have been having issues controling the VPN QoS).

We will be adding a DSL circuit to our T1 at the main office to split off main office staff internet needs and leave the T1 for voice and VPN traffic.

I have looked at Astaro (I really like the upcoming authenticated wireless lan option) and as stated before we are currently using Untangle.

Some of the things that I am struggeling with are:

Do we need to go to a UTM? We have client AV on the workstations, our email filtering/archiving/failover is provided by a 3rd party, and the higher ups have not been concerned about content filtering on the web traffic.

I would like VLAN capeability to split local guest traffic off of the main network (we have 3rd party people needing wireless internet access at most of the sites.)

I looked at the netgear UTM's but am nervous about the VPN performance based on the reviews here.

Site sizes are about:

HQ - 15 Users
BO's 2-8 Users

Any thoughts?

Thanks!
 
I looked at the netgear UTM's but am nervous about the VPN performance based on the reviews here.
What are you getting for VPN performance with your current setup and does it meet your needs?
 
One thing I can say about UTMs....at my clients that I have on UTM appliances....I have far less malware issues. I do SMB networks for a living, and IMO the days of plain old NAT routers for businesses are over.

Regarding your Untangle rig...what are you using for NICs on it? Performance with Untangle is very...very...dependent on the quality of the NICs. What's the CPU and RAM in her too?
 
I was hoping you'd post, Stonecat. What are you using for UTM's anyway?
 
I'm still using Untangle for the majority our business clients that have UTMs...we still have one client using Endian..they've been using it since before Untangle hit the market.

I'm currently looking into Astaro "Red"...which is a special WAN product for businesses with small branch offices. Astaro is another UTM product that has been around for quite some time, very solid and mature product. However, their UTM product is not "free" for businesses, although they have a free basic product for small businesses. Most of their products are "pay for".

http://www.astaro.com/products/astaro-red

What I like about Astaro "Red"...is the easy to deploy and manage satellite office routers. They basically tunnel all traffic to mothership..and internet traffic gets cleansed by the main UTM appliance at mothership. Centrally managed, and pretty much zero configuration to deploy the remote units.

Due to the size of the client I'm looking it deploying this at, with 1 and 2 PC branch offices in tiny rooms at courthouses and police stations...I really don't have the room for a larger UTM box like Untangle.
 
Thanks, Stonecat. You always provide good insights into the real world. :)
 
The untangle boxes are IBM SFF PC's P4 3.0 HT with 1 Gig of ram and dual intel 10/100 PCI NIC' Card

Really, the performance problems with Untange are related specific to the VPN and QoS it does not seem to be honoring the QoS rules for VPN traffic, and I have been all over the forums there trying to fix it.

The performance concern regarding the netgear and VPN was just due to the review saying something like "When the UTM is enabled VPN performance suffers"

I have 3 units from Astaro now for eval and I do like them, the RED is a cool device but I dont want to re-direct all of the sites intenret traffic back through the T1.

My budget was cut on this project so I started to look at the Netgear UTM Vs the Astaro with Astaro we need to pay for a "networking" package at the branch sites to do the VPN where on the netgear we wont.
 
I'm looking for your posts over there on UTs boards...
But if you're doing a WAN with several sites..and if your primary UT router is that 3.0 H/T rig with 1 gig of RAM....I would start by doing at least with a true dual core or better yet C2D, with at least 2 gigs of RAM.

I've had good success using economical older workstations at primary Untangle boxes for clients...they run well. But when you introduce VPN tunnels, and especially VoIP traffic.... you need to crank up the nut under the hood there.

I'll be honest..if I were to do a WAN with over 4 satellite offices connecting to mothership...I'd want a C2D or Xeon based UT box at mothership, with 4 gigs.
 
Thanks Stonecat!

I didnt post over in the forums there, just searched, other people have had the same issue/question. The fixes posted did not seem to help in our situation.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Top