SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > LAN & WAN > Routers

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 06-04-2010, 10:55 AM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default Standard Router vs UTM

Hi,

I have been doing alot of research for an upcoming project. We will have 6 sites connected together via some sort of VPN, the VPN will handle:

AD authentication
RDP to a terminal server (Primary client use)
Management (Symantec Endpoint Protection reporting, etc.)

We are also looking at site to stie sip trunking either within the VPN or outside of it.

We are currently using Untangle in a setup like this and it works OK (I have been having issues controling the VPN QoS).

We will be adding a DSL circuit to our T1 at the main office to split off main office staff internet needs and leave the T1 for voice and VPN traffic.

I have looked at Astaro (I really like the upcoming authenticated wireless lan option) and as stated before we are currently using Untangle.

Some of the things that I am struggeling with are:

Do we need to go to a UTM? We have client AV on the workstations, our email filtering/archiving/failover is provided by a 3rd party, and the higher ups have not been concerned about content filtering on the web traffic.

I would like VLAN capeability to split local guest traffic off of the main network (we have 3rd party people needing wireless internet access at most of the sites.)

I looked at the netgear UTM's but am nervous about the VPN performance based on the reviews here.

Site sizes are about:

HQ - 15 Users
BO's 2-8 Users

Any thoughts?

Thanks!
Reply With Quote
  #2  
Old 06-04-2010, 12:58 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,284
Thanks: 166
Thanked 656 Times in 552 Posts
thiggins is just starting out
Default

Quote:
Originally Posted by sdirge View Post
I looked at the netgear UTM's but am nervous about the VPN performance based on the reviews here.
What are you getting for VPN performance with your current setup and does it meet your needs?
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #3  
Old 06-04-2010, 09:12 PM
YeOldeStonecat YeOldeStonecat is offline
Very Senior Member
 
Join Date: May 2008
Posts: 518
Thanks: 0
Thanked 15 Times in 13 Posts
YeOldeStonecat is just starting out
Default

One thing I can say about UTMs....at my clients that I have on UTM appliances....I have far less malware issues. I do SMB networks for a living, and IMO the days of plain old NAT routers for businesses are over.

Regarding your Untangle rig...what are you using for NICs on it? Performance with Untangle is very...very...dependent on the quality of the NICs. What's the CPU and RAM in her too?
Reply With Quote
  #4  
Old 06-05-2010, 04:34 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,284
Thanks: 166
Thanked 656 Times in 552 Posts
thiggins is just starting out
Default

I was hoping you'd post, Stonecat. What are you using for UTM's anyway?
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #5  
Old 06-06-2010, 03:08 PM
YeOldeStonecat YeOldeStonecat is offline
Very Senior Member
 
Join Date: May 2008
Posts: 518
Thanks: 0
Thanked 15 Times in 13 Posts
YeOldeStonecat is just starting out
Default

I'm still using Untangle for the majority our business clients that have UTMs...we still have one client using Endian..they've been using it since before Untangle hit the market.

I'm currently looking into Astaro "Red"...which is a special WAN product for businesses with small branch offices. Astaro is another UTM product that has been around for quite some time, very solid and mature product. However, their UTM product is not "free" for businesses, although they have a free basic product for small businesses. Most of their products are "pay for".

http://www.astaro.com/products/astaro-red

What I like about Astaro "Red"...is the easy to deploy and manage satellite office routers. They basically tunnel all traffic to mothership..and internet traffic gets cleansed by the main UTM appliance at mothership. Centrally managed, and pretty much zero configuration to deploy the remote units.

Due to the size of the client I'm looking it deploying this at, with 1 and 2 PC branch offices in tiny rooms at courthouses and police stations...I really don't have the room for a larger UTM box like Untangle.
Reply With Quote
  #6  
Old 06-06-2010, 04:34 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,284
Thanks: 166
Thanked 656 Times in 552 Posts
thiggins is just starting out
Default

Thanks, Stonecat. You always provide good insights into the real world.
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #7  
Old 06-07-2010, 11:22 AM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default

The untangle boxes are IBM SFF PC's P4 3.0 HT with 1 Gig of ram and dual intel 10/100 PCI NIC' Card

Really, the performance problems with Untange are related specific to the VPN and QoS it does not seem to be honoring the QoS rules for VPN traffic, and I have been all over the forums there trying to fix it.

The performance concern regarding the netgear and VPN was just due to the review saying something like "When the UTM is enabled VPN performance suffers"

I have 3 units from Astaro now for eval and I do like them, the RED is a cool device but I dont want to re-direct all of the sites intenret traffic back through the T1.

My budget was cut on this project so I started to look at the Netgear UTM Vs the Astaro with Astaro we need to pay for a "networking" package at the branch sites to do the VPN where on the netgear we wont.
Reply With Quote
  #8  
Old 06-07-2010, 11:49 AM
YeOldeStonecat YeOldeStonecat is offline
Very Senior Member
 
Join Date: May 2008
Posts: 518
Thanks: 0
Thanked 15 Times in 13 Posts
YeOldeStonecat is just starting out
Default

I'm looking for your posts over there on UTs boards...
But if you're doing a WAN with several sites..and if your primary UT router is that 3.0 H/T rig with 1 gig of RAM....I would start by doing at least with a true dual core or better yet C2D, with at least 2 gigs of RAM.

I've had good success using economical older workstations at primary Untangle boxes for clients...they run well. But when you introduce VPN tunnels, and especially VoIP traffic.... you need to crank up the nut under the hood there.

I'll be honest..if I were to do a WAN with over 4 satellite offices connecting to mothership...I'd want a C2D or Xeon based UT box at mothership, with 4 gigs.
Reply With Quote
  #9  
Old 06-07-2010, 11:59 AM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default

Thanks Stonecat!

I didnt post over in the forums there, just searched, other people have had the same issue/question. The fixes posted did not seem to help in our situation.
Reply With Quote
  #10  
Old 07-10-2010, 05:03 PM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default Quick update

Just a quick update, we ended up going with Netgear UTM-25's so far so good.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 09:30 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  360
L&LD  122
john9527  119
htismaqe  93
azazel1024  92
stevech  86
huotg01  80
jegesq  77
watusi  58
ColinTaylor  56
RMerlin  6395
john9527  504
stevech  357
ryzhov_al  298
TeHashX  263
L&LD  255
RogerSC  205
sinshiva  149
sfx2000  137
joegreat  128
Most Viewed Threads* Hottest Threads*
Old New AC68...  9458
Old Why not...  8268
Old ASUS RT-N66U...  5732
Old RT-AC66U...  3453
Old Why ASUS?  2375
Old NAS...  1840
Old Help Plz:...  1601
Old Asus...  1496
Old OpenVPN...  1436
Old Remote...  1379
Old Why not...  81
Old Remote...  46
Old New AC68...  36
Old Whats going...  28
Old Extension...  26
Old RT-N66U...  26
Old The future...  26
Old ASUS RT-N66U...  25
Old What are the...  25
Old OpenVPN...  25


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.