VPN appliance recommendations
My branch solution has a lot parts so lots of opportunity for fail. I would like to get the 802.11 and 3G networks in one unit.
Current Solution:
HQ: PFSense on HA pair of Dell Servers - overkill for 50 remote endpoints, but it's what I had and I need to sleep.
Branch: Cisco (Linksys) RV082 + Cradlepoint CTR35 + really cheap 802.11n router (Belkin N300).
Network Nodes: six wired, 4-6 wireless.
Internet filtering provided by Dyndns Internet Guide @ $2/branch/YEAR really hard to beat on price and would likely remain.
Price: ~500
Wants/Needs:
Do it yourself:
DIY1: Alix2d13 + athwifi + switch + pfsense ~$325
Pros: PFsense, no maintenance costs for firmware, great support community.
Cons: 802.11 abg only, need a switch
DIY2: mini-itx intel atom + 2 * VIA quad port nics + athwifi + pfsense ~$800
Pros: all the pros of DIY1 with builtin switch
Cons: all the cons of DIY1, except builtin switch is ~$220 dollars, seems silly, will likely get scratched.
Cheap off the shelf:
COTS1: Cradlepoint ARC MBR1400 + Modem endcap + Switch ~$550 (MBR1400 only: $339)
Pros: Has almost all of the features I've been looking for
Cons: Plastic melts and bends pcbs and well need to buy a new one. I think I would have to tunnel dns to hq to categorize and split. if vpn tunnel drops, the internet effectively drops (at least reading manual suggests that).
COTS2: HP (H3C) MSR 920W $750
Pros: firmware for life, eight switchports builtin
Cons: 802.11bg only, limited support for North American 3G cell cards, no support for 4g cards.
COTS3: Fortiwifi 40C ~400 (no maintenance)
Pros: Does everything even 802.11n
Cons: It's a UTM device and I don't need UTM. Firmware only maintenance is ~100/year Ouch!
COTS4: Zywall USG 20W ~200
Pros: Seems right
Cons: wifi concerns
If the HP (H3C) units or PFSense did 802.11n those would be my leading contenders.
I have an innate aversion to UTM units where there is a software subscription tied to firmware updates, although they're not totally ruled out.
Are there other units I should be considering for an evaluation? If you had similar requirements what would you want to use and maybe a little blurb on the why?
My branch solution has a lot parts so lots of opportunity for fail. I would like to get the 802.11 and 3G networks in one unit.
Current Solution:
HQ: PFSense on HA pair of Dell Servers - overkill for 50 remote endpoints, but it's what I had and I need to sleep.
Branch: Cisco (Linksys) RV082 + Cradlepoint CTR35 + really cheap 802.11n router (Belkin N300).
Network Nodes: six wired, 4-6 wireless.
Internet filtering provided by Dyndns Internet Guide @ $2/branch/YEAR really hard to beat on price and would likely remain.
Price: ~500
Wants/Needs:
- 4g or 3G failover
- 802.11abgn
- approx eight switchports builtin
- ipsec site to site vpn
- 2 ssids virtual APs with definable acls
- a gui required (have to coach people over the phone to configure them)
- a telnet/ssh session (I would like this to apply a change to 50 units at a go)
- approx ten network nodes, six wired the rest wireless.
- peak ipsec traffic @ ~1Mbps (normally around 300kbps)
- All of these use external wall wart transforming power supplies. These tend to get lost as offices move about. Would really like a unit that had the transformer on the inside and thus used normal mains cables, however it looks like I'll have to concede the point.
Do it yourself:
DIY1: Alix2d13 + athwifi + switch + pfsense ~$325
Pros: PFsense, no maintenance costs for firmware, great support community.
Cons: 802.11 abg only, need a switch
DIY2: mini-itx intel atom + 2 * VIA quad port nics + athwifi + pfsense ~$800
Pros: all the pros of DIY1 with builtin switch
Cons: all the cons of DIY1, except builtin switch is ~$220 dollars, seems silly, will likely get scratched.
Cheap off the shelf:
COTS1: Cradlepoint ARC MBR1400 + Modem endcap + Switch ~$550 (MBR1400 only: $339)
Pros: Has almost all of the features I've been looking for
Cons: Plastic melts and bends pcbs and well need to buy a new one. I think I would have to tunnel dns to hq to categorize and split. if vpn tunnel drops, the internet effectively drops (at least reading manual suggests that).
COTS2: HP (H3C) MSR 920W $750
Pros: firmware for life, eight switchports builtin
Cons: 802.11bg only, limited support for North American 3G cell cards, no support for 4g cards.
COTS3: Fortiwifi 40C ~400 (no maintenance)
Pros: Does everything even 802.11n
Cons: It's a UTM device and I don't need UTM. Firmware only maintenance is ~100/year Ouch!
COTS4: Zywall USG 20W ~200
Pros: Seems right
Cons: wifi concerns
If the HP (H3C) units or PFSense did 802.11n those would be my leading contenders.
I have an innate aversion to UTM units where there is a software subscription tied to firmware updates, although they're not totally ruled out.
Are there other units I should be considering for an evaluation? If you had similar requirements what would you want to use and maybe a little blurb on the why?
