SmallNetBuilder Forums
Go Back   SmallNetBuilder Forums > LAN & WAN > Routers

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 06-04-2010, 10:55 AM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default Standard Router vs UTM

Hi,

I have been doing alot of research for an upcoming project. We will have 6 sites connected together via some sort of VPN, the VPN will handle:

AD authentication
RDP to a terminal server (Primary client use)
Management (Symantec Endpoint Protection reporting, etc.)

We are also looking at site to stie sip trunking either within the VPN or outside of it.

We are currently using Untangle in a setup like this and it works OK (I have been having issues controling the VPN QoS).

We will be adding a DSL circuit to our T1 at the main office to split off main office staff internet needs and leave the T1 for voice and VPN traffic.

I have looked at Astaro (I really like the upcoming authenticated wireless lan option) and as stated before we are currently using Untangle.

Some of the things that I am struggeling with are:

Do we need to go to a UTM? We have client AV on the workstations, our email filtering/archiving/failover is provided by a 3rd party, and the higher ups have not been concerned about content filtering on the web traffic.

I would like VLAN capeability to split local guest traffic off of the main network (we have 3rd party people needing wireless internet access at most of the sites.)

I looked at the netgear UTM's but am nervous about the VPN performance based on the reviews here.

Site sizes are about:

HQ - 15 Users
BO's 2-8 Users

Any thoughts?

Thanks!
Reply With Quote
  #2  
Old 06-04-2010, 12:58 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,008
Thanks: 151
Thanked 590 Times in 500 Posts
thiggins is just starting out
Default

Quote:
Originally Posted by sdirge View Post
I looked at the netgear UTM's but am nervous about the VPN performance based on the reviews here.
What are you getting for VPN performance with your current setup and does it meet your needs?
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #3  
Old 06-04-2010, 09:12 PM
YeOldeStonecat YeOldeStonecat is offline
Very Senior Member
 
Join Date: May 2008
Posts: 517
Thanks: 0
Thanked 15 Times in 13 Posts
YeOldeStonecat is just starting out
Default

One thing I can say about UTMs....at my clients that I have on UTM appliances....I have far less malware issues. I do SMB networks for a living, and IMO the days of plain old NAT routers for businesses are over.

Regarding your Untangle rig...what are you using for NICs on it? Performance with Untangle is very...very...dependent on the quality of the NICs. What's the CPU and RAM in her too?
Reply With Quote
  #4  
Old 06-05-2010, 04:34 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,008
Thanks: 151
Thanked 590 Times in 500 Posts
thiggins is just starting out
Default

I was hoping you'd post, Stonecat. What are you using for UTM's anyway?
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #5  
Old 06-06-2010, 03:08 PM
YeOldeStonecat YeOldeStonecat is offline
Very Senior Member
 
Join Date: May 2008
Posts: 517
Thanks: 0
Thanked 15 Times in 13 Posts
YeOldeStonecat is just starting out
Default

I'm still using Untangle for the majority our business clients that have UTMs...we still have one client using Endian..they've been using it since before Untangle hit the market.

I'm currently looking into Astaro "Red"...which is a special WAN product for businesses with small branch offices. Astaro is another UTM product that has been around for quite some time, very solid and mature product. However, their UTM product is not "free" for businesses, although they have a free basic product for small businesses. Most of their products are "pay for".

http://www.astaro.com/products/astaro-red

What I like about Astaro "Red"...is the easy to deploy and manage satellite office routers. They basically tunnel all traffic to mothership..and internet traffic gets cleansed by the main UTM appliance at mothership. Centrally managed, and pretty much zero configuration to deploy the remote units.

Due to the size of the client I'm looking it deploying this at, with 1 and 2 PC branch offices in tiny rooms at courthouses and police stations...I really don't have the room for a larger UTM box like Untangle.
Reply With Quote
  #6  
Old 06-06-2010, 04:34 PM
thiggins's Avatar
thiggins thiggins is offline
Mr. Easy
 
Join Date: May 2008
Posts: 9,008
Thanks: 151
Thanked 590 Times in 500 Posts
thiggins is just starting out
Default

Thanks, Stonecat. You always provide good insights into the real world.
__________________
Tim Higgins
Managing Editor,SmallNetBuilder.com
Reply With Quote
  #7  
Old 06-07-2010, 11:22 AM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default

The untangle boxes are IBM SFF PC's P4 3.0 HT with 1 Gig of ram and dual intel 10/100 PCI NIC' Card

Really, the performance problems with Untange are related specific to the VPN and QoS it does not seem to be honoring the QoS rules for VPN traffic, and I have been all over the forums there trying to fix it.

The performance concern regarding the netgear and VPN was just due to the review saying something like "When the UTM is enabled VPN performance suffers"

I have 3 units from Astaro now for eval and I do like them, the RED is a cool device but I dont want to re-direct all of the sites intenret traffic back through the T1.

My budget was cut on this project so I started to look at the Netgear UTM Vs the Astaro with Astaro we need to pay for a "networking" package at the branch sites to do the VPN where on the netgear we wont.
Reply With Quote
  #8  
Old 06-07-2010, 11:49 AM
YeOldeStonecat YeOldeStonecat is offline
Very Senior Member
 
Join Date: May 2008
Posts: 517
Thanks: 0
Thanked 15 Times in 13 Posts
YeOldeStonecat is just starting out
Default

I'm looking for your posts over there on UTs boards...
But if you're doing a WAN with several sites..and if your primary UT router is that 3.0 H/T rig with 1 gig of RAM....I would start by doing at least with a true dual core or better yet C2D, with at least 2 gigs of RAM.

I've had good success using economical older workstations at primary Untangle boxes for clients...they run well. But when you introduce VPN tunnels, and especially VoIP traffic.... you need to crank up the nut under the hood there.

I'll be honest..if I were to do a WAN with over 4 satellite offices connecting to mothership...I'd want a C2D or Xeon based UT box at mothership, with 4 gigs.
Reply With Quote
  #9  
Old 06-07-2010, 11:59 AM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default

Thanks Stonecat!

I didnt post over in the forums there, just searched, other people have had the same issue/question. The fixes posted did not seem to help in our situation.
Reply With Quote
  #10  
Old 07-10-2010, 05:03 PM
sdirge sdirge is offline
New Member
 
Join Date: Jun 2010
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
sdirge is just starting out
Default Quick update

Just a quick update, we ended up going with Netgear UTM-25's so far so good.
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT -4. The time now is 06:15 PM.


Top 10 Stats
Top Posters* Top Thanked
RMerlin  378
stevech  149
KGB7  124
sfx2000  104
azazel1024  102
sinshiva  96
Kel-L  95
hggomes  74
john9527  73
fistv  73
RMerlin  5591
stevech  329
ryzhov_al  265
TeHashX  217
RogerSC  189
L&LD  189
sinshiva  143
joegreat  127
jlake  122
sfx2000  121
Most Viewed Threads* Hottest Threads*
Old Asuswrt-Merli...  77261
Old Asuswrt-Merli...  42133
Old [Fork]...  17635
Old Asus locking...  10034
Old ASUS...  8034
Old Incoming...  7855
Old Share What...  3694
Old Asuswrt-Merli...  2946
Old Asuswrt-Merli...  2780
Old Ac68u Latest...  2210
Old Asuswrt-Merli...  393
Old Asuswrt-Merli...  193
Old [Fork]...  128
Old Asus locking...  125
Old Connection...  51
Old [HOW TO]...  50
Old ASUS...  49
Old Incoming...  44
Old 376.44 -...  40
Old Use the same...  35


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
© 2006-2014 Pudai LLC All Rights Reserved.