Bought a Cisco RV340 router

[coxhaus]

Well I finally got around to buying a Cisco RV340 router. We will see how it compares to my old RV320 router.

Provantage has a good price on them for $151.39. Maybe the ER-4 has driven the price down.

 

[umarmung]

Looks like a Ubiquiti Edgerouter ERLite3/USG in performance (I don't believe its 600Mbit/s IPSEC numbers at all though), except much nicer interface and doesn't support OpenVPN.

Its real and dramatic advantage in non-CTF performance, if the Cisco RV345P is anything to go by - how on Earth do they achieve that? - appears to be completely negated for a consumer by massive paywalls for the very features that put the routing in that mode, e.g. Web Filtering.

So, without the non-CTF performance advantage, you end up with a device that is easily outperformed by and less configurable than a $50 Mikrotik hEX (RB750Gr3) or the new $70 Mikrotik hAP ac2, which have nicer interfaces with RouterOS than any Edgerouter and are likely far more reliable.

Also, there is no real comparison to the routing of an Edgerouter ER-4 at the same price point. The ER-4 does bidirectional Gigabit Ethernet routing all the way down to almost 64 byte packets! It can, and probably is used at ISPs.

 

[coxhaus]

The problem with CTF in small routers is I would do things to break it. I want a router rated for what it can do in any way I want to use it. I do not want a predetermined way I have to use the router to get speed out of it. I have my own way of doing things. I think it is funny that some small routers rate themselves as gig routers and then you add a couple of rules which breaks the router to maybe 200 meg. A small % of what it is rated for.

I would think the RV340 would have OpenVPN as my current RV320 has OpenVPN. The clock is too slow on the RV320 router. I don't use VPN any way any more as I am retired. I might setup iPhone access with Anyconnect just to do it.

If I could get a gig internet connection, I might of choose the ER-4 but since I can't, the RV340 will do what I want and much easier to setup. All my local routing is handled by my layer 3 switch so the router has an easy job. DHCP is done by my layer 3 switch also. So my router only controls traffic coming in and going out on the internet.

The ER-4 was my only other choice that I considered. I would not use a Mikrotik to easy to have bugs and hacks. Plus their code seems to work one way and if you use it a different way it has problems. I would not trust it.

If I want layer 7 filtering I would go back to Untangle. I just don't want to pay the response penalty.

 

[umarmung]

The ER-4 was my only other choice that I considered. I would not use a Mikrotik to easy to have bugs and hacks. Plus their code seems to work one way and if you use it a different way it has problems. I would not trust it.

That's very ironic. Cisco has quite literally a magnitude more bugs and vulnerabilities than any Mikrotik device, some much more serious, including very recent ones. This is especially the case for their Small Business lines. Unlike Cisco, Mikrotik devices are externally secure by default. Customers have to intentionally weaken their configuration to have been exposed to any external vulnerability in the past decade, e.g. running remote management directly on the WAN. Even many consumer routers do not allow such unsecured configurations by default ...

No idea what you mean about the code. You cannot customize Cisco code and you cannot use any other code. You do it their way or no way. You cannot even use the command line in some Cisco Small Business routers, and for many other Cisco devices its command line or nothing. By contrast, Mikrotik RouterOS is 1:1 between GUI and command line in almost everything and both are always available, making it incredibly convenient as a power user or professional, across their entire portfolio. If you can use one RouterOS device, you can use any other, including running it as an OS on your PC.

If you really wanted to, you can load up open source on all non-Tile Mikrotik devices, afaik. They even formally support doing so with virtual machines called Metarouter on many of their devices, i.e. creating virtual routers in one physical device as if you had a PC running VMware. Try doing any of the above in Cisco Small Business routers, or any of their routers for Metarouter equivalent with an open source operating system.

Trust whoever you like, especially since you used to be a Cisco professional. Ask Snowden if he trusts Cisco devices! However, Mikrotik didn't become a top WISP provider for so long without being trusted.

 

[coxhaus]

Lets see the post for the hack on the small business devices that you put in your thread above was dated 2014. I think is pretty good if it has been 4 years since the last hack for the small business line.

Lets see when was the last hack on the Mikrotik? Oh a couple of weeks ago...….

I am glad Cisco is a closed system. I would never add code to a front door internet router. You are asking for trouble.

Yes. I have used Cisco for a long time, over 35 years. I have seen the network market grow up. I have been retired over 10 years.

 

[umarmung]

Lets see the post for the hack on the small business devices that you put in your thread above was dated 2014. I think is pretty good if it has been 4 years since the last hack for the small business line.

Lets see when was the last hack on the Mikrotik? Oh a couple of weeks ago...….

I am glad Cisco is a closed system. I would never add code to a front door internet router. You are asking for trouble.

Yes. I have used Cisco for a long time, over 35 years. I have seen the network market grow up. I have been retired over 10 years.

I like how you ignored the other link from February 2018, let alone all other trivial to Google evidence. Cisco has security vulnerabilities every other day, including three and four days ago at High and Critical CVE severity.

The facts speak for themselves. And you are still making zero sense with references to "code".

 

[coxhaus]

I read the first link. It is active but no breakins. Just because they are hacking and there is a threat it does not mean they have accomplished the hack. The first link is just an active threat not a real hack yet. This happens all the time. Cisco publishes threats all the time. There is not a day that goes by that someone is not hacking at Cisco gear.

PS
There are probably a lot more threats for Cisco pro networking gear. Cisco publishes them and work arounds if there are any. This is also true for bugs found in Cisco code. It is all part of the job.