Router assistance

[Rtleach60]

I would like some advice rebuilding unique network. My client manages a building which support up to 30 companies. There is currently DSL internet which is available to all companies. They are looking at adding a cable internet connection for dual wan purposes. currently there are netgear FSM7328S and FS 526T switches installed. Each company may hook thier computers staight into the network or may opt to have thier own router nad internal network. Internet connection have static IP. Several compnies want to access thier own internal networks. Current router is crashing regularly and looking to replace. Thinking about a Sonic wall TZ 190- any suggestions or comments.

 

[YeOldeStonecat]

I'm reading more and more good things about Peplink
http://www.peplink.com/

30 companies..wow..that's a big professional center. What's the average size of each company...or rather...how many computers, on average, does each company have?

In my experience, that's pretty large, and the typical needs of each company inside of a professional center will exceed what a single internet connection setup can provide.

A couple of main points.
*Behind the router, you'll want a large managed switch which will isolate each of the 30 companies into a VLAN. So that one company cannot get to computers of other companies.
...Yes a company can say..put their own router in between which isolates them from others....but then you end up with a double NAT setup which is less than desirable...some online apps can get wonky with that. Plus they can still see others on the main network.
*You will want a router that excels in traffic shaping/QoS. 30 companies sharing a broadband connection..1 or 2 users pounding the network connection with online radio (lotsa secretaries do that), someone doing P2P junk, huge downloads...that'll affect all other users.
*Having many users share a single IP address...those users that desire some needs like remote access, or having their own e-mail server onsite...you start to get limited with what you can provide for them. Those tenants with higher needs may be better off getting their own direct broadband connection.

 

[Rtleach60]

More information

The companies may range from one or two computers up to 10-15. None of the comapnies currently run thier own email servers. I am recommending adding a second internet connection for load balancing and butt aback up since several of the tenants us VoIP services like skype or vonage. The re is a netgear FSM7328S switch for managing but it has not been optimized yet. I will look at Peplink, on of my concerns is firewalls and protecting the network since many of the users internally are not computer savy.

 

[claykin]

Also look at the Zyxel USG series. www.zyxel.com. They also provide dual WAN with load balancing options, full UTM, and IPSec/SSL VPN endpoint support.

BTW, YeOldeStonecat is spot on with his assessment! Make sure all 30 companies are on different VLANs to prevent users from seeing other networks. Also make certain all 30 companies sign a network acceptable use Agreement and indicate in that document that the network may be shared and insecure..... Cover your butt!

Where I see you having problems is if some of these companies decide to run their own servers.....i.e. one bad apple abusing SMTP can create problems for all companies trying to send their own mail if the WAN IP is placed on a blacklist. Unless these are 30 companies all made up or mom and pop with a webmail account....

I would consider looking into getting multiple WAN IP's from your cable/DSL provider and assign a different WAN IP to each VLAN. AT&T will usually provide up to 6 WAN IP's for business class DSL. More may be available for an extra fee. Cable is anyone's guess. I have found cases where Comcast will give a single static WAN IP and others where they insist on dynamic IP.

Good luck!

 

[claykin]

The companies may range from one or two computers up to 10-15. None of the comapnies currently run thier own email servers. I am recommending adding a second internet connection for load balancing and butt aback up since several of the tenants us VoIP services like skype or vonage. The re is a netgear FSM7328S switch for managing but it has not been optimized yet. I will look at Peplink, on of my concerns is firewalls and protecting the network since many of the users internally are not computer savy.

I don't know how you can manage 30 companies of up to 10-15 computers each with a DSL and cable connection. Most DSL and cable providers will limit your bandwidth utilization in a given month. I.E. Comcast is now at 250GB of transfer before they cut you off. Also load balancing with the routers discussed above does not bond your pipes together. These routers use clever algorithms to try to keep the load evenly distributed ("try" is the important word in that sentence).

Personally, I think you should be looking at a MetroE type connection (10Mb/s up to 100Mb/s) from a business class data provider.

I understand now that no one is running their own email server, but how will you address that if someone decides to start? What if someone wants to remote into their network? What if someone starts running their own onsite FTP/Web server? Are you ready to deal with all of that?? You are a brave person!

 

[Rtleach60]

All are good thoughts. The nature of the facility is to assist small start-up business so the management of the facility is very involved in the day to day operatons of each company. Should any need intensive bandwidth then they would need to get thier own internet circuit. Most of the companies use internet and email and don't have dedicated intense bandwidth requirements. The issue of open network is covered in the lease/services agreement. Currently there are 4 IP addresses available if companies need an IP address. Hence my question about routers.