Index
2016-12-21 12:21Ken Dibble : [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-21 14:15Mike Copeland : Re: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-21 14:33Ken Dibble : Re: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-21 16:09Mike Copeland : Re: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-21 16:27Ted Roche : Re: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-21 16:31Mike Copeland : Re: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-22 01:03AndyHC : Re: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-22 02:34Dave Crozier : RE: [NF] Hardware vs Software Router/Firewall Recommendations
2016-12-22 03:09José Enrique Llopis : RE: [NF] Hardware vs Software Router/Firewall Recommendations
2017-01-10 13:35Ken Dibble : Re: [NF] Hardware vs Software Router/Firewall Recommendations
Back to top
[NF] Hardware vs Software Router/Firewall Recommendations

Author: Ken Dibble

Posted: 2016-12-21 12:21:58   Link

Hi folks,

Looks like our "ancient" (2008) CISCO router has died.

I would appreciate the benefit of your experience regarding hardware

vs software routers/firewalls to help me evaluate replacement options.

Our current network uses 1 GB switches and has about 150 machines,

and there can be at least that many people simultaneously using the

network and our 25 mbps synchronous internet connection (including

people hooking into our internet from smart phones and tablets). Most

servers, including the domain controller, are virtualized and we are

using a SAN for storage (two identical Synology Linux NAS devices).

We have a 10 GB switch for virtual server/storage connectivity.

We do not host external (internet) email or websites on our network.

We've had slow growth in the number of machines and users (+/- 5% per

year) over the past decade.

We've always used the NAT functionality of the CISCO to provide a

firewall and we only rarely allow anything to punch through it. The

main exception would be our RDP server, which is in frequent use by

between 5 and 10 simultaneous connections.

My understanding is that a software router/firewall running on an

ordinary PC is likely to be slower than a dedicated hardware device.

However, is the difference so significant for a network like mine as

to rule out a cheaper software solution?

Do you have preferences for specific devices or software packages?

What do you all think?

Many thanks.

Ken Dibble

www.stic-cil.org

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/18.4A.05528.648CA585@cdptpa-omsmta03

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Ken Dibble
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Mike Copeland

Posted: 2016-12-21 14:15:16   Link

Which software router are you looking at? Coyote? Most of the software

routers I have used are no longer being supported or developed.

The choices in hardware router/firewall devices are not that great. I've

been using a Zyxel 1000G for a few years and it has been, mostly,

reliable. I've had it get wonky and require a reboot twice in 6 years.

The interface is very very different...completely object-oriented.

Fortunately Zyxel provides excellent tech support, they'll even log in

to your router and configure it for you if needed.

I don't think you'll run into any throughput issues with your load on

any device, or software-based system.

Mike Copeland

Ken Dibble wrote:

> Hi folks,

>

> Looks like our "ancient" (2008) CISCO router has died.

>

> I would appreciate the benefit of your experience regarding hardware

> vs software routers/firewalls to help me evaluate replacement options.

>

> Our current network uses 1 GB switches and has about 150 machines, and

> there can be at least that many people simultaneously using the

> network and our 25 mbps synchronous internet connection (including

> people hooking into our internet from smart phones and tablets). Most

> servers, including the domain controller, are virtualized and we are

> using a SAN for storage (two identical Synology Linux NAS devices). We

> have a 10 GB switch for virtual server/storage connectivity.

>

> We do not host external (internet) email or websites on our network.

>

> We've had slow growth in the number of machines and users (+/- 5% per

> year) over the past decade.

>

> We've always used the NAT functionality of the CISCO to provide a

> firewall and we only rarely allow anything to punch through it. The

> main exception would be our RDP server, which is in frequent use by

> between 5 and 10 simultaneous connections.

>

> My understanding is that a software router/firewall running on an

> ordinary PC is likely to be slower than a dedicated hardware device.

> However, is the difference so significant for a network like mine as

> to rule out a cheaper software solution?

>

> Do you have preferences for specific devices or software packages?

>

> What do you all think?

>

> Many thanks.

>

> Ken Dibble

> www.stic-cil.org

>

>

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/5958db90-19e0-d853-182b-8e69459abd73@ggisoft.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Mike Copeland
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Ken Dibble

Posted: 2016-12-21 14:33:46   Link

>Which software router are you looking at? Coyote? Most of the

>software routers I have used are no longer being supported or developed.

Nothing has been recommended by our consultants yet. I'm trying to

prepare in advance.

>The choices in hardware router/firewall devices are not that great.

>I've been using a Zyxel 1000G for a few years and it has been,

>mostly, reliable. I've had it get wonky and require a reboot twice

>in 6 years. The interface is very very different...completely

>object-oriented. Fortunately Zyxel provides excellent tech support,

>they'll even log in to your router and configure it for you if needed.

The CISCO was rock solid for quite a while. However, a couple years

ago its memory failed and was replaced with a used substitute. Since

then we've had to cycle the power on it about once every 2-3 months

to restore connectivity.

Its web interface is horrendously byzantine in terms of its

"security" features, which did not behave well in IE, and even worse

in Firefox. It could take 10-15 minutes of going through various

windows and resubmitting credentials before it would give up the

goods and show me something.

>I don't think you'll run into any throughput issues with your load

>on any device, or software-based system.

That's good to know.

Thanks very much, Mike.

Ken

>Ken Dibble wrote:

>>Hi folks,

>>

>>Looks like our "ancient" (2008) CISCO router has died.

>>

>>I would appreciate the benefit of your experience regarding

>>hardware vs software routers/firewalls to help me evaluate replacement options.

>>

>>Our current network uses 1 GB switches and has about 150 machines,

>>and there can be at least that many people simultaneously using the

>>network and our 25 mbps synchronous internet connection (including

>>people hooking into our internet from smart phones and tablets).

>>Most servers, including the domain controller, are virtualized and

>>we are using a SAN for storage (two identical Synology Linux NAS

>>devices). We have a 10 GB switch for virtual server/storage connectivity.

>>

>>We do not host external (internet) email or websites on our network.

>>

>>We've had slow growth in the number of machines and users (+/- 5%

>>per year) over the past decade.

>>

>>We've always used the NAT functionality of the CISCO to provide a

>>firewall and we only rarely allow anything to punch through it. The

>>main exception would be our RDP server, which is in frequent use by

>>between 5 and 10 simultaneous connections.

>>

>>My understanding is that a software router/firewall running on an

>>ordinary PC is likely to be slower than a dedicated hardware

>>device. However, is the difference so significant for a network

>>like mine as to rule out a cheaper software solution?

>>

>>Do you have preferences for specific devices or software packages?

>>

>>What do you all think?

>>

>>Many thanks.

>>

>>Ken Dibble

>>www.stic-cil.org

>>

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/24.D1.28949.A27EA585@cdptpa-omsmta02

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Ken Dibble
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Mike Copeland

Posted: 2016-12-21 16:09:38   Link

I've had good luck with the RV042G router/firewall, part of the Cisco

Small Business line of routers. I have one location with 60 systems

routed through a single RV042G without any hiccups or complaints. The

RV042G is getting long in the tooth though, and I would love to find a

sub-$200 router/firewall that would handle the work. Maybe the Cisco

RV320K9?

I've also used one of the TPLink boxes and had issues getting a box that

worked. The other problem is that it seems like every router/firewall

has WIFI built in whether you want it or not, you pay for it. I've

already got WIFI taken care of, thanks very much!

I've purchased and attempted to configure a Ubiquiti EdgeRouter, which

gets rave reviews, is exceptionally low priced, but WOW what a pain to

configure! But from what I can tell, the Ubiquiti product line is worth

some effort and I do hope they'll improve their UI for the

configuration. If anyone else has experience with a Ubiquiti router, I'd

love to chat!

Mike Copeland

Ken Dibble wrote:

>

>> Which software router are you looking at? Coyote? Most of the

>> software routers I have used are no longer being supported or developed.

>

> Nothing has been recommended by our consultants yet. I'm trying to

> prepare in advance.

>

>> The choices in hardware router/firewall devices are not that great.

>> I've been using a Zyxel 1000G for a few years and it has been,

>> mostly, reliable. I've had it get wonky and require a reboot twice in

>> 6 years. The interface is very very different...completely

>> object-oriented. Fortunately Zyxel provides excellent tech support,

>> they'll even log in to your router and configure it for you if needed.

>

> The CISCO was rock solid for quite a while. However, a couple years

> ago its memory failed and was replaced with a used substitute. Since

> then we've had to cycle the power on it about once every 2-3 months to

> restore connectivity.

>

> Its web interface is horrendously byzantine in terms of its "security"

> features, which did not behave well in IE, and even worse in Firefox.

> It could take 10-15 minutes of going through various windows and

> resubmitting credentials before it would give up the goods and show me

> something.

>

>> I don't think you'll run into any throughput issues with your load on

>> any device, or software-based system.

>

> That's good to know.

>

> Thanks very much, Mike.

>

> Ken

>

>

>> Ken Dibble wrote:

>>> Hi folks,

>>>

>>> Looks like our "ancient" (2008) CISCO router has died.

>>>

>>> I would appreciate the benefit of your experience regarding hardware

>>> vs software routers/firewalls to help me evaluate replacement options.

>>>

>>> Our current network uses 1 GB switches and has about 150 machines,

>>> and there can be at least that many people simultaneously using the

>>> network and our 25 mbps synchronous internet connection (including

>>> people hooking into our internet from smart phones and tablets).

>>> Most servers, including the domain controller, are virtualized and

>>> we are using a SAN for storage (two identical Synology Linux NAS

>>> devices). We have a 10 GB switch for virtual server/storage

>>> connectivity.

>>>

>>> We do not host external (internet) email or websites on our network.

>>>

>>> We've had slow growth in the number of machines and users (+/- 5%

>>> per year) over the past decade.

>>>

>>> We've always used the NAT functionality of the CISCO to provide a

>>> firewall and we only rarely allow anything to punch through it. The

>>> main exception would be our RDP server, which is in frequent use by

>>> between 5 and 10 simultaneous connections.

>>>

>>> My understanding is that a software router/firewall running on an

>>> ordinary PC is likely to be slower than a dedicated hardware device.

>>> However, is the difference so significant for a network like mine as

>>> to rule out a cheaper software solution?

>>>

>>> Do you have preferences for specific devices or software packages?

>>>

>>> What do you all think?

>>>

>>> Many thanks.

>>>

>>> Ken Dibble

>>> www.stic-cil.org

>>>

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/0206b2d2-ce8e-b6a3-0c54-cc354948ba39@ggisoft.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Mike Copeland
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Ted Roche

Posted: 2016-12-21 16:27:47   Link

On Wed, Dec 21, 2016 at 5:09 PM, Mike Copeland <mike@ggisoft.com> wrote:

>

> I've purchased and attempted to configure a Ubiquiti EdgeRouter, which gets

> rave reviews, is exceptionally low priced, but WOW what a pain to configure!

> But from what I can tell, the Ubiquiti product line is worth some effort and

> I do hope they'll improve their UI for the configuration. If anyone else has

> experience with a Ubiquiti router, I'd love to chat!

>

A couple of the local LUGs have had some discussions about Ubiquiti.

The hardware specs sound good, but there were some concerns about GPL

violations, and specifically, some changes Ubi made that introduced

security flaws and were not released as source code. This was a while

ago, so you might want to check for updates to these issues.

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/CACW6n4v-cd7zTtYRwrVqT2GanvHAsz8Q+THm4ypo0Xn5BcaOhA@mail.gmail.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Ted Roche
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Mike Copeland

Posted: 2016-12-21 16:31:58   Link

Thank you, Ted!

Mike

Ted Roche wrote:

> On Wed, Dec 21, 2016 at 5:09 PM, Mike Copeland <mike@ggisoft.com> wrote:

>> I've purchased and attempted to configure a Ubiquiti EdgeRouter, which gets

>> rave reviews, is exceptionally low priced, but WOW what a pain to configure!

>> But from what I can tell, the Ubiquiti product line is worth some effort and

>> I do hope they'll improve their UI for the configuration. If anyone else has

>> experience with a Ubiquiti router, I'd love to chat!

>>

> A couple of the local LUGs have had some discussions about Ubiquiti.

> The hardware specs sound good, but there were some concerns about GPL

> violations, and specifically, some changes Ubi made that introduced

> security flaws and were not released as source code. This was a while

> ago, so you might want to check for updates to these issues.

>

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/3b9ca9f3-2748-a08e-8035-b5aaedd4ee9a@ggisoft.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Mike Copeland
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: AndyHC

Posted: 2016-12-22 01:03:12   Link

At the risk of stating the obvious, all routers are software running on

hardware, just that some you get to choose the hardware, others come

with their own compact two/three nic computer pre-loaded with a cut-down

OS (usually BusyBox) and proprietary routing software. I was reading

some months ago an article (El Reg?) which claimed that many of the

proprietary offerings have known unpatched flaws (try Google for info).

Anecdotally, +1 for Zyxel - I have had no problems over many years,

also Asus. I suspect that no-one ever got fired for buying Cisco, I

also suspect you pay for the name.

On 21-Dec-2016 11:51 PM, Ken Dibble wrote:

> Hi folks,

>

> Looks like our "ancient" (2008) CISCO router has died.

>

> I would appreciate the benefit of your experience regarding hardware

> vs software routers/firewalls to help me evaluate replacement options.

>

> Our current network uses 1 GB switches and has about 150 machines, and

> there can be at least that many people simultaneously using the

> network and our 25 mbps synchronous internet connection (including

> people hooking into our internet from smart phones and tablets). Most

> servers, including the domain controller, are virtualized and we are

> using a SAN for storage (two identical Synology Linux NAS devices). We

> have a 10 GB switch for virtual server/storage connectivity.

>

> We do not host external (internet) email or websites on our network.

>

> We've had slow growth in the number of machines and users (+/- 5% per

> year) over the past decade.

>

> We've always used the NAT functionality of the CISCO to provide a

> firewall and we only rarely allow anything to punch through it. The

> main exception would be our RDP server, which is in frequent use by

> between 5 and 10 simultaneous connections.

>

> My understanding is that a software router/firewall running on an

> ordinary PC is likely to be slower than a dedicated hardware device.

> However, is the difference so significant for a network like mine as

> to rule out a cheaper software solution?

>

> Do you have preferences for specific devices or software packages?

>

> What do you all think?

>

> Many thanks.

>

> Ken Dibble

> www.stic-cil.org

>

>

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/b4b0e27b-83d1-0ba1-fb93-70e37d489fd8@hawthorncottage.com

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 AndyHC
Back to top
RE: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Dave Crozier

Posted: 2016-12-22 02:34:16   Link

Ken,

We use a pair of Sonicwall Network Security Appliances which are due for renewal and we are upgrading to the latest ones. They are completely seamless, fit in with active directory no problem and are very configurable. Recommended but not cheap!

Dave

-----Original Message-----

From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of Ken Dibble

Sent: 21 December 2016 18:22

To: profox@leafe.com

Subject: [NF] Hardware vs Software Router/Firewall Recommendations

Hi folks,

Looks like our "ancient" (2008) CISCO router has died.

I would appreciate the benefit of your experience regarding hardware vs software routers/firewalls to help me evaluate replacement options.

Our current network uses 1 GB switches and has about 150 machines, and there can be at least that many people simultaneously using the network and our 25 mbps synchronous internet connection (including people hooking into our internet from smart phones and tablets). Most servers, including the domain controller, are virtualized and we are using a SAN for storage (two identical Synology Linux NAS devices).

We have a 10 GB switch for virtual server/storage connectivity.

We do not host external (internet) email or websites on our network.

We've had slow growth in the number of machines and users (+/- 5% per

year) over the past decade.

We've always used the NAT functionality of the CISCO to provide a firewall and we only rarely allow anything to punch through it. The main exception would be our RDP server, which is in frequent use by between 5 and 10 simultaneous connections.

My understanding is that a software router/firewall running on an ordinary PC is likely to be slower than a dedicated hardware device.

However, is the difference so significant for a network like mine as to rule out a cheaper software solution?

Do you have preferences for specific devices or software packages?

What do you all think?

Many thanks.

Ken Dibble

www.stic-cil.org

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/18725B8CD2D5D247873A2BAF401D4AB2A43FA32A@EX2010-A-FPL.FPL.LOCAL

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 Dave Crozier
Back to top
RE: [NF] Hardware vs Software Router/Firewall Recommendations

Author: José Enrique Llopis

Posted: 2016-12-22 03:09:06   Link

+1

-----Mensaje original-----

De: ProFox [mailto:profox-bounces@leafe.com] En nombre de Dave Crozier

Enviado el: jueves, 22 de diciembre de 2016 9:34

Para: ProFox Email List

Asunto: RE: [NF] Hardware vs Software Router/Firewall Recommendations

Ken,

We use a pair of Sonicwall Network Security Appliances which are due for

renewal and we are upgrading to the latest ones. They are completely

seamless, fit in with active directory no problem and are very configurable.

Recommended but not cheap!

Dave

-----Original Message-----

From: ProFox [mailto:profox-bounces@leafe.com] On Behalf Of Ken Dibble

Sent: 21 December 2016 18:22

To: profox@leafe.com

Subject: [NF] Hardware vs Software Router/Firewall Recommendations

Hi folks,

Looks like our "ancient" (2008) CISCO router has died.

I would appreciate the benefit of your experience regarding hardware vs

software routers/firewalls to help me evaluate replacement options.

Our current network uses 1 GB switches and has about 150 machines, and there

can be at least that many people simultaneously using the network and our 25

mbps synchronous internet connection (including people hooking into our

internet from smart phones and tablets). Most servers, including the domain

controller, are virtualized and we are using a SAN for storage (two

identical Synology Linux NAS devices).

We have a 10 GB switch for virtual server/storage connectivity.

We do not host external (internet) email or websites on our network.

We've had slow growth in the number of machines and users (+/- 5% per

year) over the past decade.

We've always used the NAT functionality of the CISCO to provide a firewall

and we only rarely allow anything to punch through it. The main exception

would be our RDP server, which is in frequent use by between 5 and 10

simultaneous connections.

My understanding is that a software router/firewall running on an ordinary

PC is likely to be slower than a dedicated hardware device.

However, is the difference so significant for a network like mine as to rule

out a cheaper software solution?

Do you have preferences for specific devices or software packages?

What do you all think?

Many thanks.

Ken Dibble

www.stic-cil.org

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/8DF3875959DA4042B49A6581C1F9DA86@LENOVO1

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2016 José Enrique Llopis
Back to top
Re: [NF] Hardware vs Software Router/Firewall Recommendations

Author: Ken Dibble

Posted: 2017-01-10 13:35:12   Link

My consultant is proposing some species of Sophos UTM, which I can

purchase as hardware only, without an ongoing subscription service,

if all I want is ordinary router/firewall capability. (Subscriptions

are required for various add-on functions such as anti-malware

protection, a built-in VPN, and/or URL blocking, among other things.)

Does anyone have experience with Sophos devices?

Also, what would you recommend for a free (as in beer) VPN

application, so I can avoid paying a subscription for that? This

would only be used occasionally, to provide remote access to our

VMWare management software in the event of an emergency that prevents

me from physically reaching our building. (The consultant recommends

against installing the vSphere client on our RDP server as

dangerously insecure.) I know there are several out there. What have

you used and why have you used it?

Thanks very much for all of your responses so far. They've all been

useful in helping me to understand the "modern" state of routers and firewalls.

Ken Dibble

www.stic-cil.org

>>Which software router are you looking at? Coyote? Most of the

>>software routers I have used are no longer being supported or developed.

>

>Nothing has been recommended by our consultants yet. I'm trying to

>prepare in advance.

>

>>The choices in hardware router/firewall devices are not that great.

>>I've been using a Zyxel 1000G for a few years and it has been,

>>mostly, reliable. I've had it get wonky and require a reboot twice

>>in 6 years. The interface is very very different...completely

>>object-oriented. Fortunately Zyxel provides excellent tech support,

>>they'll even log in to your router and configure it for you if needed.

>

>The CISCO was rock solid for quite a while. However, a couple years

>ago its memory failed and was replaced with a used substitute. Since

>then we've had to cycle the power on it about once every 2-3 months

>to restore connectivity.

>

>Its web interface is horrendously byzantine in terms of its

>"security" features, which did not behave well in IE, and even worse

>in Firefox. It could take 10-15 minutes of going through various

>windows and resubmitting credentials before it would give up the

>goods and show me something.

>

>>I don't think you'll run into any throughput issues with your load

>>on any device, or software-based system.

>

>That's good to know.

>

>Thanks very much, Mike.

>

>Ken

>

>

>>Ken Dibble wrote:

>>>Hi folks,

>>>

>>>Looks like our "ancient" (2008) CISCO router has died.

>>>

>>>I would appreciate the benefit of your experience regarding

>>>hardware vs software routers/firewalls to help me evaluate replacement options.

>>>

>>>Our current network uses 1 GB switches and has about 150 machines,

>>>and there can be at least that many people simultaneously using

>>>the network and our 25 mbps synchronous internet connection

>>>(including people hooking into our internet from smart phones and

>>>tablets). Most servers, including the domain controller, are

>>>virtualized and we are using a SAN for storage (two identical

>>>Synology Linux NAS devices). We have a 10 GB switch for virtual

>>>server/storage connectivity.

>>>

>>>We do not host external (internet) email or websites on our network.

>>>

>>>We've had slow growth in the number of machines and users (+/- 5%

>>>per year) over the past decade.

>>>

>>>We've always used the NAT functionality of the CISCO to provide a

>>>firewall and we only rarely allow anything to punch through it.

>>>The main exception would be our RDP server, which is in frequent

>>>use by between 5 and 10 simultaneous connections.

>>>

>>>My understanding is that a software router/firewall running on an

>>>ordinary PC is likely to be slower than a dedicated hardware

>>>device. However, is the difference so significant for a network

>>>like mine as to rule out a cheaper software solution?

>>>

>>>Do you have preferences for specific devices or software packages?

>>>

>>>What do you all think?

>>>

>>>Many thanks.

>>>

>>>Ken Dibble

>>>www.stic-cil.org

[excessive quoting removed by server]

_______________________________________________

Post Messages to: ProFox@leafe.com

Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox

OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech

Searchable Archive: http://leafe.com/archives/search/profox

This message: http://leafe.com/archives/byMID/profox/34.AF.05528.17735785@cdptpa-omsmta03

** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.

©2017 Ken Dibble