PDA

View Full Version : Wireless Router w/ VPN Firewall



henryz
02-29-2012, 07:26 PM
I'm looking to upgrade my router for small office, but I need it to have VPN Firewall security, but I would like a small and simple, plug and play. I'm not to familiar with this stuff any help or recommendations will help, i was looking at a 4 or 8 port either cisco or netgear...

Thanks

vangogh
03-01-2012, 12:02 AM
I don't have a specific model to recommend, but it shouldn't be hard to find what you're looking for. At this point I think all routers will come with a firewall and most should have at least 4 ports. I think most probably have VPN built in as well.

Here's a Cisco router (http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=2643993&CatId=2668) I found with a quick search. I currently use a product from Apple that functions as a modem, but in the past I used to use Linksys routers (http://reviews.cnet.com/routers/linksys-wrv54g-wireless-vpn/4505-3319_7-30587433.html) and never had a problem with them, however the one I just linked to doesn't seem be getting good reviews. I think Cisco owns Linksys now too.

Odds are if you walk into your local Best Buy or office supply store they'll have a variety of routers with pretty much the same features. They should have a few with the features you need. Either Cisco or Netgear will likely be fine as well.

billbenson
03-01-2012, 12:43 AM
Cisco does own Linksys. To my knowledge Cisco is a commercial product, not a small office product.

There are others here that are far more knowledgeable on security than I am, but I use MAC address for security. Every hardware device including the wifi card in a laptop has a MAC number. This is a unique number sort of like a serial number. I set the number in my router so it will only talk to my laptop. I do this primarily because encryption has a lot of overhead and will slow wifi laptops down. I have also heard that you really shouldn't just use MAC address filtering, but I really don't have trade secrets going over my wifi network. In fact, its only for my wife's laptop and the worst case scenerio is putting credit card info and address sort of stuff on the network.

Additionally, on the security note, my wife is from Central America where I met her. She has one credit card, is on a vehicle lease, and our home mortgage and taxes. Absolutely nothing else. For 30 dollars you can get her credit report, work history, estimated income etc for $30.

I use a name online that isn't my real name for security reasons. I put my real name on Linkin and Classmates to find some old friends, but I put no valid personal info there. If I type my name into G, I can buy my information including personal info, criminal history, birth certificate, estimated income etc. It's almost kind of like 'whats the point'?

I have a facebook page under a aka name. I'm thinking about making one under my real name. I'd use my aka name for stuff I wouldn't want my mother, business competitors, job recruiters etc to read. But beyond that, what difference does it make! If someone wants to find out my SS number they can buy it on the web...

MyITGuy
03-01-2012, 01:09 PM
I'd recommend skipping the consumer models as they will do nothing but cause problems for you down the road with their lack of "Business" features.

I'd recommend a SonicWall TZ100 Wireless-N device. It includes capabilities for 5 site to site VPN Tunnels, and allows you to to connect via a VPN Client that uses IPSEC or the more recent SSL Connection method. It should be noted that only 1 SSL VPN License is included out of the box, if you need more or prefer the IPSEC connectivity then you will need to purchase additional licenses at approximately $35 each.

If Wireless Coverage is a concern (I.E. If you need more than 100+ feet of coverage), then I would recommend the SonicWall TZ100 device without wireless, but picking up a few Ubiquiti UniFi access points.

MyITGuy
03-01-2012, 01:17 PM
Cisco does own Linksys. To my knowledge Cisco is a commercial product, not a small office product.


Cisco has re-branding some of their Linksys equipment as Cisco SMB (I.E. The Cisco RV Series Routers and 100/SXX Series switches)...but they strip out a bunch of features to force consumers to buy their higher end models.

I.E. Several years ago I purchased a Cisco RV Series Router with Wireless/VPN Capabilities. The wireless connectivity was absolute crap as the connections dropped every 10 minutes and the site to site VPN tunnels only supported a single subnet, which caused a significant issue as several of my clients have several subnets that I needed to connect to.

I ended up returning the Cisco router and purchasing a SonicWALL and haven't looked back (Unless a client specifically asks for Cisco hardware...)

henryz
03-01-2012, 04:32 PM
Thank you all for all that information, MyITGUY if I'm looking at the right model, I'm looking at around $500 correct and do you think I'll need an IT tech to hook it up.

Thanks

MyITGuy
03-01-2012, 10:21 PM
Thank you all for all that information, MyITGUY if I'm looking at the right model, I'm looking at around $500 correct and do you think I'll need an IT tech to hook it up.

Thanks

Wireless-N Hardware only would be around $325 (Newegg.com - SONICWALL 01-SSC-8735 TZ 100 Wireless-N Appliance (Hardware only) 6000 Simultaneous Sessions 100 Mbps (http://www.newegg.com/Product/Product.aspx?Item=N82E16833339100)) - $375 (01-SSC-8735 SonicWALL SonicWALL TZ 100 Wireless-N - Firewalls.com (http://www.firewalls.com/sonicwall/sonicwall-firewall/sonicwall-tz-firewalls/sonicwall-tz-100/sonicwall-sonicwall-tz-100-wireless-n.html))

Wireless-N Hardware with 1 year of TotalSecure which includes the items listed below would be $405 (Newegg.com - SONICWALL 01-SSC-8723 TZ 100 Wireless-N TotalSecure 1 Year 6000 Simultaneous Sessions 100 Mbps (http://www.newegg.com/Product/Product.aspx?Item=N82E16833339102)) - $445 (404 Not Found 1 - Firewalls.com (http://www.firewalls.com/sonicwall/sonicwall-firewall/sonicwall-tz-firewalls/sonicwall-tz-100/sonicwall-sonicwall-tz-100-wireless-n-total-secure-1-year.html):)
1 Year of Support & Firmware Upgrades, Gateway Spyware Protection, Gateway Antivirus Protection, Intrusion Protection and Premium Content Filtering

In regards to needing an IT tech, I don't think this would be the case to get the basics up and running as the wizards/interface are pretty intuitive.
You can view the interface demo here: SonicWALL - Administration for LD_TZ100 (http://tz100.demo.sonicwall.com/main.html)

Harold Mansfield
06-24-2013, 10:08 AM
I'm looking to upgrade my router for small office, but I need it to have VPN Firewall security, but I would like a small and simple, plug and play. I'm not to familiar with this stuff any help or recommendations will help, i was looking at a 4 or 8 port either cisco or netgear...

Thanks

This conversations is out of my area of expertise, but, from my small office experience I've had at least 3 Linksys routers and they all fizzled out on me anywhere from 6 to 18 months. Could have just been the timing since it was during a time where speeds were increasing quickly...I'm not sure.

But I recently purchased this model ASUS router after reading a crap load of reviews and I'm pretty happy with it. Actually, I LOVE this router:
https://www.asus.com/Networking/RTN66U

This model is 4 port, has support for USB storage, is VPN network enabled, and it really was pretty plug and play. Took me maybe 5 minutes for a basic secure set up. I went back later and set up a guest network and a few other things.

It's also lightening fast, signal is consistently strong, range is very good, and I haven't had to make any adjustments to it since I plugged it in. This is compared to any other router I've ever had...but again...speeds have also increased.

And no, I didn't know ASUS made routers either, but like I said, the reviews on Amazon are impressive and it looks like the price dropped a little.
Amazon.com: ASUS RT-N66U Dual-Band Wireless-N900 Gigabit Router: Computers & Accessories (http://www.amazon.com/RT-N66U-Dual-Band-Wireless-N900-Gigabit-Router/dp/B006QB1RPY)

billbenson
06-24-2013, 11:09 AM
Directional antennas will work well for both security and signal strength as well.

Freelancier
06-24-2013, 12:30 PM
Didn't know ASUS had routers either... but the best part of that link was finding out about smartnetbuilder.com, which reviews routers and posts performance tests and enough details to get to a decent buying decision. I have a 5-year-old router that's in need of a refresh, just because I'm locked at 30 Mbps WAN throughput and I'm sure I can get better performance with my cable provider. But I do a bunch of VPNs with clients and also want to do VPN from the road to my network without needing to load flaky client software.

Harold Mansfield
06-24-2013, 12:42 PM
The more I find out about ASUS, the more I realize that they are the component makers for a lot of other well known company products.
I first noticed it with monitors, and then again when I was shopping for tablets.

vangogh
06-24-2013, 06:22 PM
ASUS probably started out making components, but after making so many of the different parts of different devices they probably just went ahead and started assembling the parts.

Weird about your Linksys routers. I've bought 2 of their wireless routers. The first I used for about 6 or 7 years and it worked right up until the day I stopped using it. I only stopped because I purchased something better. I'm pretty sure it would still work if I plugged it in now. The other is a portable wireless router that I keep in my travel pack. I haven't needed to use it in a couple of years, but again it was working fine the last time I used it and I'm sure it would still work now. I think I used it on and off when traveling for about 3 or 4 years.

Maybe it's when I purchased them. I think I purchases both when Linksys was still its own company. Definitely on the first one and maybe on the second one.

billbenson
06-24-2013, 06:44 PM
It would really surprise me if Cisco's purchase of Linksys would lower the quality.

While on the subject, I have a router question. I use Vonage for my phone and have a D Link wireless router that supports Vonage. The router is failing and I'm going to get a new one. Given where I live (Tampa claims to be the lightning capitol of the world), it probably is a lightning issue. The Linksys router I had before the D Link was better from a hardware standpoint. It just has a coronary a couple times a week and I need to reboot it. Vonage no longer supports wireless routers. When I replace it I need wireless. How should I set up wireless? My ideas are as follows:

Modem -> Vonage router -> wireless router

or


Modem -> Vonage router -> access point

Effectively I'm daisy chaining them, is that the way to do it and does it matter if I use a router or access point for the wireless?

Harold Mansfield
06-24-2013, 07:16 PM
It would really surprise me if Cisco's purchase of Linksys would lower the quality.

While on the subject, I have a router question. I use Vonage for my phone and have a D Link wireless router that supports Vonage. The router is failing and I'm going to get a new one. Given where I live (Tampa claims to be the lightning capitol of the world), it probably is a lightning issue. The Linksys router I had before the D Link was better from a hardware standpoint. It just has a coronary a couple times a week and I need to reboot it. Vonage no longer supports wireless routers. When I replace it I need wireless. How should I set up wireless? My ideas are as follows:

Modem -> Vonage router -> wireless router

or


Modem -> Vonage router -> access point

Effectively I'm daisy chaining them, is that the way to do it and does it matter if I use a router or access point for the wireless?

Got a D-Link sitting in the corner as we speak. It was what I replaced with the ASUS.

I have a phone line through my cable company, and the techs set it up with a signal splitter.

So it goes one side of the splitter to phone modem. That's it. End.
The other side is Modem->Router<-Desktop as normal. Everything else is wireless.

Probably would be even better with a signal booster:
Amazon.com: Motorola Signal Booster 4-Port BDA-S4 Cable Modem TV HDTV Amplifier: Electronics (http://www.amazon.com/gp/product/B000WPGRKK/ref=ox_sc_sfl_title_1?ie=UTF8&psc=1&smid=A1SRR0B7QVPEN)

Actually my signal is split 3 times. It splits from the wall into the TV and to my office. Then splits in the office to the modem and the phone.
And I'm still able to get 150mbps on my desktop and 50mbps on my tablet via wifi.

MyITGuy
06-24-2013, 08:17 PM
It would really surprise me if Cisco's purchase of Linksys would lower the quality.
Unfortunately, that seems to be the case. Every Linksys/Cisco SMB Device I've seen/used/touched lately has been crippled in terms of functionality or just poor design.



While on the subject, I have a router question. I use Vonage for my phone and have a D Link wireless router that supports Vonage. The router is failing and I'm going to get a new one. Given where I live (Tampa claims to be the lightning capitol of the world), it probably is a lightning issue. The Linksys router I had before the D Link was better from a hardware standpoint. It just has a coronary a couple times a week and I need to reboot it. Vonage no longer supports wireless routers. When I replace it I need wireless. How should I set up wireless? My ideas are as follows:

Modem -> Vonage router -> wireless router

or


Modem -> Vonage router -> access point

Effectively I'm daisy chaining them, is that the way to do it and does it matter if I use a router or access point for the wireless?

Avoid getting two routers, while it may work, you will have a double-NAT configuration which can cause issues/slowness and etc..
I would personally get a router that supports QoS, then just get a Vonage ATA (or better yet, get an Obi device and go with a SIP Provider like voip.ms, vitelity or etc).

I personally just picked up a Mikrotik (RouterBoard.com : RB2011UAS-2HnD-IN (http://routerboard.com/RB2011UAS-2HnD-IN)) wireless router a few months ago and love it. Although I would only recommend this for users who have some good technical experience as the interface/gui isn't geared towards your average home user...but it does give you the feature set of an enterprise class device.

MyITGuy
06-24-2013, 08:21 PM
ASUS probably started out making components, but after making so many of the different parts of different devices they probably just went ahead and started assembling the parts.

ASUS was definitely known for their motherboards when they first started, and still are...but they did expand into laptops, desktops, monitors, tablets and etc as the opportunities presented themselves.

Unfortunately, their other product lines don't necessarily have the same quality/performance that one would expect from their motherboard line(s) so they aren't getting a big of a market share as they could've gotten.

Harold Mansfield
06-24-2013, 08:27 PM
ASUS makes the Google Nexus 7, as well as a few other pretty nice tablets.
I have 3 ASUS monitors and I'm pretty happy with them for the price.

They also make the NVIDIA line of Graphics Cards.

It was actually started by 3 guys that were engineers at ACER.

I've actually been pretty happy with the products that I have from them.

vangogh
06-25-2013, 01:54 AM
Unfortunately, that seems to be the case. Every Linksys/Cisco SMB Device I've seen/used/touched lately has been crippled in terms of functionality or just poor design.

Yeah I thought I remembered hearing that. Plus I think they recently sold Linksys to D-Link so maybe they just weren't that interested in the Linksys product line. Possibly one of those deals that sounded good to them until after they purchased it.

Freelancier
06-25-2013, 08:18 AM
Effectively I'm daisy chaining them, is that the way to do it and does it matter if I use a router or access point for the wireless?

I use a wired router and wireless access point (this one (http://www.amazon.com/Ubiquiti-Networks-UniFi-Enterprise-System/dp/B004XXMUCQ/ref=sr_1_sc_1?ie=UTF8&qid=1372162499&sr=8-1-spell&keywords=ubiquiti+uniti)) along with a second older AP in another location. I needed them separated because the AP needed to be in a more central location in our home than the router.


Plus I think they recently sold Linksys to D-Link so maybe they just weren't that interested in the Linksys product line.

They were interested in the consumer market... then they discovered that they couldn't make the margins any better than they were (which are normally pretty bad on the consumer side) and the support headaches were affecting their branding. So they are getting out of the consumer space entirely.

CD2Solutions
01-07-2014, 08:11 AM
Cisco does own Linksys. To my knowledge Cisco is a commercial product, not a small office product.

There are others here that are far more knowledgeable on security than I am, but I use MAC address for security. Every hardware device including the wifi card in a laptop has a MAC number. This is a unique number sort of like a serial number. I set the number in my router so it will only talk to my laptop. I do this primarily because encryption has a lot of overhead and will slow wifi laptops down. I have also heard that you really shouldn't just use MAC address filtering, but I really don't have trade secrets going over my wifi network. In fact, its only for my wife's laptop and the worst case scenerio is putting credit card info and address sort of stuff on the network.

you really should reconsider. if somebody notices, they only need to sniff packets from the air (really not hard) and mask their mac address, then either add their own to the network, or spoof another from the network, then they could inspect all of your data packets across the network including credit card info, not really something you want in the open. when i say all data across the network, i mean ALL data. they can then keep the data, and decrypt a nything that has encryption for as long as they like.

wpa2 has less overhead and is capable of significant speeds. i have wpa2 encryption enabled on my laptop and can max my 120Mbit/s internet connection easily.

GarethS
01-20-2014, 12:25 PM
I find Netgear to be the easiest to manage and give good value for money. Most small networks are ok with a high end consumer router if costs are an issue however you might find it hard to find the VPN feature in a consumer router.

vangogh
01-22-2014, 02:28 PM
I find Netgear to be the easiest to manage and give good value for money.

For some reason I don't think I've used a lot of Netgear equipment. I have absolutely nothing against the company, but I've usually gone with Linksys routers. It's probably because my first router was Linksys and I just kept buying the same.

FlyPizzaGuy
01-31-2014, 04:45 PM
I'd recommend skipping the consumer models as they will do nothing but cause problems for you down the road with their lack of "Business" features.

I'd recommend a SonicWall TZ100 Wireless-N device. It includes capabilities for 5 site to site VPN Tunnels, and allows you to to connect via a VPN Client that uses IPSEC or the more recent SSL Connection method. It should be noted that only 1 SSL VPN License is included out of the box, if you need more or prefer the IPSEC connectivity then you will need to purchase additional licenses at approximately $35 each.

If Wireless Coverage is a concern (I.E. If you need more than 100+ feet of coverage), then I would recommend the SonicWall TZ100 device without wireless, but picking up a few Ubiquiti UniFi access points.

Couldn't have said it any better myself.

FlyPizzaGuy
01-31-2014, 04:47 PM
For some reason I don't think I've used a lot of Netgear equipment. I have absolutely nothing against the company, but I've usually gone with Linksys routers. It's probably because my first router was Linksys and I just kept buying the same.

There are quite a bit of a difference between to the system configurations and ranges also. So depending on what your serving the signals for, depends also.

vangogh
02-04-2014, 12:08 AM
That makes sense. Like I said I have nothing against Netgear. I generally hear good things about them. I can't say I've had to buy a lot of routers and the few times I did I kept sticking with a company that had worked for me.