What's new

Buying Advice with specific requirements

g3xer

New Around Here
I would really appreciate the communities advice. I have been a BT customer for about a decade, and I am currently on BT Superfast Broadband (FTTC) and found the Smart Hub (and previously the Home Hub) to be unreliable so have been using my trusted Cisco 887 workhorse for many years, however it is getting on a bit, and I want to upgrade to something more feature rich.

I am looking for buying advice for an all in one router that can do the most if not all of the following (in order of priority):

  1. Stability
  2. Supports Site-to-Site VPN (in both directions) so I can extend my lab to the public cloud
  3. Minimum 4 x Gigabit Ethernet ports
  4. DMZ with port forwarding
  5. Multiple SSID
  6. VLANs
  7. 2.4 and 5Ghz Wifi 802.11a/b/g/n/ac
  8. SSL or OpenVPN (VPN Server and Client)
  9. Malware and spam protection
  10. 4G Backup (USB or Sim)
  11. Guest Wifi
  12. DDNS
  13. Smart Phone App

Thanks in advance
 

coxhaus

Part of the Furniture
No consumer gear is going to run as well as a Cisco router with IOS not even the Cisco small business routers.
 

g3xer

New Around Here
No consumer gear is going to run as well as a Cisco router with IOS not even the Cisco small business routers.
I agree, my Cisco was 100% reliable until recently. I agree consumer gear is not going to be as rock solid, and I am willing to take the a small hit on that, I just want to avoid the unreliable kit, and also identify kit that will meet as many items on my wish list as possible, as I dnot know the router market well.

I liked the look of the AVM FRITZ!Box 7590, but it doesn't do Site-to-Site VPN in both directions, only on one direction. I also like the look of the BiPAC 8900AX-2400, but I don't know if that is very reliable or not.
 

Trip

Very Senior Member
As @coxhaus said, nothing is going to touch an enterprise-class distro for stability, be that a services router or a UTM/NGFW.

If you'd rather stay with Cisco, I'd look at the ISR 1000/1100 series. They'll run you $1000+ minimum, but absolutely rock solid. Umbrella or application awareness and filtering may cost extra per year. Here's a shot of the 1100 front and C1111-4PLTE back, then both ends of a C1009-4PLTE2P (internal + pluggable LTE):
ISR1100_front.jpg C1111-4PLTE_back.jpgC1109-4PLTE2P_front.jpg C1109-4PLTE2P_back.jpg

If that's too spendy, you might look at Fortinet, specifically a FortiWifi 50E or 51E. Build quality isn't quite Cisco, but close. They'll be $350 to $1500, depending on how many services and/or how much support you want to put on it. I like Corporate Armor for my firewall purchases.
FW-50E_front.jpg

Beyond that, there's also the other firewall vendors (Sophos, Watchguard, Zyxel, etc.), or you might look at Mikrotik, although they are way less supported and can be buggy.
 

Val D.

Very Senior Member
I am looking for buying advice for an all in one router that can do the most if not all of the following (in order of priority):
From consumer products, or “toys” as @Trip likes to say, ASUS RT-AX88U with available Asuswrt-Merlin firmware can meet all the requirements except VLANs, and everything is actually configurable in the WebUI. For a home router it’s OK, good value for the price. It can do up to 275Mbps on OpenVPN, run more than one VPN Client/Server, custom scripts for enhances security and ad-blocking are available, etc. If you set it up properly (info here on SNB), it can work well for you. And it offers WIFI 6 support and 8 x LAN ports as a bonus.
 

g3xer

New Around Here
Thanks for the insights. I am a semi-home based cloud techie, so my primary use is for connecting to AWS or Azure over a VPN to link it to my home lab for creating demos, proof of concepts, etc.... My secondary use is to the same as most house holds, xbox, tablets, netflix, etc... From a budget perspective I am hoping for something under $500\£400. The other thing I should have mentioned, is that the device needs to have a VDSL\ADSL built-in modem.
 

Trip

Very Senior Member
The Cisco stuff has the option for models with all of the above built-in, even DSL, but they're going to be well above $500. Is there anything keeping you from just running a standalone DSL modem? On that note, any particular reason the wireless needs to be built-in, as opposed to a separate AP(s)? Breaking things out to discrete pieces would open up options on certain wired gateways/firewalls, which don't have a wireless variant.
 

g3xer

New Around Here
That's an excellent point, I could drop the wireless requirement and use some of the older kit I've got in a cupboard. I have never used an external modem before
 

Val D.

Very Senior Member
That's an excellent point,
Yes, don’t go AIO way. The more features on a single device, the bigger chances to find something broken. And that broken feature may render the whole device unusable.
 

g3xer

New Around Here
in that case lets refine the list down to:

  1. Supports Site-to-Site VPN (in both directions) so I can extend my lab to both AWS and Azure clouds
  2. Minimum 4 x Gigabit Ethernet ports
  3. VLANs
 

Trip

Very Senior Member
Tons more options under $500 USD with things paired down to just 802.1Q, IPSEC and 4 Gb interfaces.

If you want something Cisco-like, Juniper has the SRX300 (~$275, plus a SRX300-JSB license at ~$225). It runs a bit warm but is built like a tank and is super, rock-solid reliable. For an NGFW approach, Fortinet is probably the best bang for the buck right now. A FortiGate 50E with no security or support licenses (yes, you can them that way) is $388 at Corporate Armor. FortiOS, on the right firmware sub-version, is basically as solid as JunOS or IOS.

That said, I'm not entirely sure you need to go with that level of device for your home connection. There is plenty of stuff in the SMB/faux-enterprise space that I think may be reliable enough. pfSense, for starters, is very reliable (based on BSD) and extensible, with a package ecosystem. You can white-box your own build, or buy a turn-key model direct from Netgate, with or without support, like the SG-3100 for $399. Ubiquiti's EdgeRouter series (not UniFi gateways) are also just about as reliable. OS is a fork of Vyatta. There's a decent GUI, but also full CLI. And you can install Debian packages if you want (I've been using WireGuard in my lab with much success). As I said, there's also Mikrotik and RouterOS, which is insanely fully featured and can be rock-solid in its own right, but takes some patience, and like Ubiquti, it not as fully supported direct from the OEM as the kind of support you can get from Cisco, or even Netgate. Cisco also has their small-biz RV series routers, although they seem to release them a bit buggier than they should be, and it often takes them about 1 to 2 years to stabilize, so if buying an RV___, get something that's been out for about that long (not to worry on support; they support them for 5-7+ years at a time).

So there are a ton of options to look at. Beyond the (much more reasonable) feature list you paired down to, it really just comes down to desired level of "rock-solid"-ness and feature set for your $500 (or less).
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top