What's new
  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Small biz router recommendation needed

Dmeglio

New Around Here
Hi I need some help. I know a bit about networking but I'm no expert. Let my start my explaining my setup and my needs. I have about 20-25 PCs on my LAN. I also have 5ish VPN connections (I manage VPN through an MS VPN server, I don't want it done through the router). S
I also have two public facing servers each with their own public ips.

Here is what I know I need. I need one-to-one NAT so I can setup my servers with public IPs. A DMZ would be nice as well. I'm also interested in dual WAN.

I looked at the Netgear FVX538, but not super impressed. I then looked at the Linksys rv042. It stinks that WAN2 is shared with the DMZ but I guess ICANN deal with that if I have one-to-one NAT to setup my public servers, but I'd prefer servers to be in a DMZ. Even the rv082 has this limitation, only the rv016 doesn't.

My budget is ideally around $200 but I can go up to $300 if I have to.

It must have a web interface (I'm not ready to deal with cli even though I know it's more powerful) though I wouldn't complain if it had web and cli.

Really I'm just looking for input. There are tons of routers out there and I've only dealt with home use stuff (netgear, linksys, dlink). Other than cisco, I know nothing about the biz stuff. Any help would be greatly appreciated and I'd be glad to give more info if you need it.
 
In that price range, I do like the RV0 series, for that sized network...I'd suggest at least the rv082. I have well over 60 ..eh, probably over 80, of the RV0 series in production at various clients, they're quite rock solid. The only thing I'm not fond of with them, is the QuickVPN IPSec software client for road warriors....however to be fair, I've not tried it in the past year or more with more recent versions of the software. However..the built in PPTP VPN server of the RV0 is quite rock solid, I use that a lot.

Curious..why you're against using the built in VPN server of some routers, and exposing it on your Windows Server instead? That's not a service on a DC I like exposed on the public side. Yikes!

I also recommend..highly recommend, looking a bit more at a deeper budget and considering a UTM appliance as your gateway. Unified Threat Management..basically a router that does scanning of traffic for threats such as virus, spam, phishing, spyware, etc. It's an added layer of defense, in addition to the antivirus on your servers and workstations. I'm bringing this feature to more and more of my small business network clients, and I tell ya, at the clients where I've replaced their plain old NAT routers with UTM appliances, I have far less issues, less malware problems (rogues/fake alerts). They really do help.
 
Last edited:
I also recommend..highly recommend, looking a bit more at a deeper budget and considering a UTM appliance as your gateway.
Thanks for the info, StoneCat. I was hoping you'd comment.

Do you have a favorite UTM?
 
Thanks for the info, StoneCat. I was hoping you'd comment.

Do you have a favorite UTM?

We're using Untangle at an increasing amount of our clients. Sound familiar? :D The product has been maturing nicely, my experience has been very positive so far. Even just using the basic open source package.

I hesitate in coming right out and recommending it because it's a linux based distro that you install on your own hardware, and some care has to be taken in selecting this hardware. It's not an "off the shelf" product.

Linksys/Cisco has been pushing their "Protect Link" add-on to some of their router models.

You have reviewed the Netgear ProSecure UTM10 product here on your site.

DLink has their NetDefend lineup.

And then of course we step into brands up in the 4 digit pricetag....the brands used more in larger SMB and crossing into enterprise. Watchguard, Sonicwall, Juniper, Cisco, etc.

IMO and experience, UTM is the way to go for business networks these days. The plain old NAT routers just aren't cutting it anymore. You have to layer up in security. And a benefit of having a UTM appliance, since it's an added layer of scanning (your workstations local antivirus behind the other)...which is done in hardware on the UTM appliance itself, there's no performance hit to the workstations.
 
Thanks for the replies. Let me give a little more info. First, the reason I don't use the firewall VPN is, I can't require my remote users to install VPN software - it has to be built in to windows. This is a limitation at some of my remote sites I just have to deal with. I'm also hoping to move VPN off of the DC and on to a dedicated machine later this year.

As for a UTM, I'm not quite ready to spend 1k+ on this. Perhaps next year, plus, I know little about UTMs, are they easy to configure? Like I said, I'm not ready to learn to be a firewall guy, I need something that makes it easy. Installing Linux on a box to do it, likely won't fly for this network. I'd need a COTS solution and I dont have the budget for it right now.

A couple more questions. Other than ports, what's the difference between therv016 and rv082? I saw the 016 allows 2 wan while using a dmz and the 082 doesn't. Is there anything else? I already have 2 gigabit switches, so I don't really care about the extra ports...

If you really believe though that I'm a fool if I don't get a UTM, does anyone have a cheap suggestion that is easy to setup?

Thanks again.
 
Have you looked at the UTM10?

I'll take a look, but it's not dual WAN and it says it's designed for up to 15 users. I have 25-30 Which would put me atthr upper end of what the UTM25 is designed for. Are those user counts enforced by licenses? Or just rexommendations?
 
I believe its based on performance recommendations, not licensing.

Sorry for missing the dual-WAN requirement.
 
I'll take a look, but it's not dual WAN and it says it's designed for up to 15 users. I have 25-30 Which would put me at the upper end of what the UTM25 is designed for. Are those user counts enforced by licenses? Or just recommendations?


If you need Dual Wan there is a the UTM25 that is currently available.


inside Sales Rep's at Netgear have made references at a UTM 50 becoming available in Q3/Q4 this year.

Also the There is no NODE licensing. the Licenses are only for the subscriptions and support if you want them.

each one is available independently in one or three year terms. (support/email Defs/Virus Defs/etc)
 
Last edited:
My vote here is for the Draytek 2950 (no surprise) as in our dual WAN setup it's been working very well. You'll find my reviews of it here in the forum.

Perhaps the best feature of this router is the ability to provide very, very detailed network monitoring, which allows you to filter pretty much anything, view bandwidth usage from each workstation, email, FTP, P2P etc. etc. At under $500 I've never seen anything as good. If you're seeing network issues, the simple bandwidth graph (from the router admin interface) as well as an IP based traffic monitor allow you to block, monitor or even balance your WAN ports based on what's happening in real time. Everything can be scheduled, including all the application/web blocking filters. The SmartMonitor software optionally allows logins from any LAN workstation so users can potentially monitor their own bandwidth use.

QOS works both upstream and downstream...on both WAN ports.

In terms of VPN, you can use windows built in clients to VPN the router, or use the SSL (32 bit only) which is as easy as clicking on a URL to initiate a VPN connection. It even works with my iPhone which I use to establish a VPN session...which allows me log in remotely (RDP) to workstations to manage things when I'm on the road. So this router replaces your current VPN server, and adds the ability to use java based SSL VPN which is super simple for anyone to use. I also use the router with SHREW VPN software for 64 bit clients which works very well, and is free to use. Just a click on the desktop and you're in. SHREW profiles can be exported/imported which makes client setup even simpler than typical Windows setups.

For small biz at this price point I've never seen a better router...and I've worked with a lot of them over the last 15 years or so.

Cheers,
Dennis
 
DrayTek Vigor 2920 could meet your requirements with its Dual WAN, comprensive VPN protocols, Multi-Open ports profiles setting. I'm satisfied with this model I bought, also impressed in their firewall/csm/wcf features.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Back
Top