Router / Firewall for Office

Illkillya

I have an office of about 60 people that might expand to 100 or so. We have two broadband lines. I would like to get a router to do some of the following:

1. Load balancing between the two broadband lines (also ensuring that if one of the broadband lines go down, we still have internet)
2. Basic QOS on the network to prioritise VOIP traffic and also to make sure that one person cannot hog all the bandwidth if they start to download a big file
3. Basic content filtering (just to block a couple of sites like Youtube and Facebook)

I got a Sonicwall TZ210 in a previous office that did the trick, but I'm not sure if it's good for 1) or 2), and also I paid for a separate "Total secure" subscription that enabled the content filtering.

Looking to spend around $1k, do you think the Sonicwall is still a good fit for this one, or could you recommend some alternatives? I don't want to have to pay any subscriptions that have to be renewed. We use Linux on this network and we don't host our own mail server, so Antivirus / Anti spam is not a big issue. What do you think?

FusionNet

Hi there,

Ive asked my IT/security Guru to have a look at this and I will post you what we would use in installations where we have that volume of traffic etc. Sorry I dont have the info to hand as I am the certified structured cabling/CCTV/Telco side of the business but he shouldnt be long getting back to me. Ill post links to the manufacturers site and if you need more info you can PM me or repost. That ok?

Cheers,

Illkillya

Thanks Eoghan, it would be a great help.

roryq

I use a draytek vigor 2820VN it offers 3 BB connections DSL,Cable, and mobile. Offers load balancing with QOS and instant failover.

In relation to content filtering I use IPCOP an opensource solution that provides us with LDAP content filtering. I belive the draytek provides some sort of content filtering as well.

The draytek only costs about €300. I'm not a fan of sonicwall due to the issues they cause with VOIP services. Well that is just my experiences a lot of people swear by them.

FusionNet

Right so this is what one of the most qualified people in the business says: Bil has implemeted some of the largest Data Centres in the country so theres noone I trust more:

Load balancing two DSL is possible but not as a recommended solution. Two possibilities could theoretically work and one would definitely work but would require a project and site review:

1) Implement a load-balancing Proxy server. A PC installed with Linux that uses NAT & IP Masquerading could be configured to load balance two lines and act as an auto-failover should one line fail. I have not tried this but it should be possible. Very expensive to implement as it would take some effort to get right. With a PC I would guess anything up to €2k. However, I am fairly sure it would work and it would be a neat solution. Limitations, would only work with a network of computers not one computer on its own. Would not work for traffic that originates from the Internet (i.e. traffic that was not requested from the LAN but actually arrives unrequested from the Internet such as an SMTP connection from an external mail server delivering email to an in-house mail server )

2) Implement a Layer 3 load-balancing switch, not so sure of this one but it may work as the switch would achieve a very similar result as the Linux server. Layer 3 switch costs > €1,500. Labour Unknown but at least another €500. Limitations Limitations, would only work with a network of computers not one computer on its own. Would not work for traffic that originates from the Internet (i.e. traffic that was not requested from the LAN but actually arrives unrequested from the Internet such as an SMTP connection from an external mail server delivering email to an in-house mail

3) Use a Layer 3 switch, split local area network into two and use layer 3 switch to route at wire speed between the two networks. Have a default route that points one network at one dsl line and the other network at the other dsl line. Crude but would work. Cost Layer 3 Switch > €1,500, labour: would have to review the site as many potential problems could arise when splitting a flat LAN into two.

Otherwise, try increasing the capacity of the link or traffic shape the data streams when they pass the edge router.

roryq

There is also one of these which might suit your requirements bit more than the 1k but they are meant to be the market leaders at the high end..

http://www.elfiq.com/lb550b