[Seattle-SAGE] VPN-in-a-box recommendations?

Atom Powers atom.powers at gmail.com
Thu Feb 23 13:37:21 PST 2006

On 2/23/06, Paul English <tallpaul at speakeasy.org> wrote:
> I'm wondering if anyone has any specific recommendations for an all-in-one
> VPN solution for roadwarriors.

I deployed these in a small-medium business, but just between office locations.
I used the SG560. They are Linux based systems using FreeSWAN, but
with an easy to use web-front end on them. You can also ssh directly
into the OS and tweak with it to make it do what you want.

Stay as far away from WatchGuard as you can. Although easy to install
they, are a serious pain if you want to do anything more than the most
basic brain-dead firewall/VPN.

SonicWall didn't impress me either, and the NetGear is even worse (but
not as bad as the WatchGuard). Frankly I wouldn't use NetGear for
anything but the lowest priority infrastructure, in my experience they
have some very serious overheating issues.

NetScreen has some pretty decent gear, although the little box I had
kept overheating and crashing. Not knowing more about your situation I
would probably reccoment a mid-range NetScreen product.

You may also want to look at the ServGate line; or the CyberGuard TSP
line if you have a large budget.

> In the immediate term I need:
> support for Windows and Mac soft clients
> firewall
> QoS (I'd like to run some VOIP lines through it)

QoS isn't going to do you much good on a VPN. Sure, you can give some
data priority on your endpoints (VPN server, VPN client) the whole
wide internet in between doesn't give a rat's @$$ about your data.

Perfection is just a word I use occasionally with mustard.
--Atom Powers--

More information about the Members mailing list