[Seattle-SAGE] VPN-in-a-box recommendations summary

Paul English tallpaul at speakeasy.org
Mon Feb 27 16:38:12 PST 2006 

It looks like this thread has tapered off so I thought I would put 
together a summary for those interested. The original request was for 
recommendations for a product which was a little more affordable than 
Cisco with at a minimum support for:

  support for Windows and Mac soft clients
  SNMP
  firewall
  QoS (I'd like to run some VOIP lines through it)

linux & hardware clients a plus.

Recommendations from the list:

http://www.cyberguard.com/products/firewall/index.html specifically the SG560

 	Linux based, but with an easy to use front-end. Can be tweaked.

NetScreen

ServGate

CyberGard TSP (pricey)

Astaro Linux

Linux/OpenSWAN DIY (complicated setup)

Fortinet's FortiGate


Anti-recommendations:

WatchGuard products - easy to use but a PITA to tweak, Windows client only

SonicWall

Netgear - overheating issues


To answer some questions posed to me:

My budget is around $400 since I saw the Netgear and mentioned that number 
to my boss. :-} It is flexible though and I'm sure I can make the case for 
more money particularly since our CEO currently spends half his time in 
our South American office.

QoS should roughly do what I need or at least help. We have 6.0/768 ADSL 
which seems to be working for our 5 VOIP lines right now. I would say we 
rarely have more than 2 in use at any given time though. My main desire 
for QoS is to ensure that at least at my end of the pipe, the VPN does not 
kill phone calls. If it turns out that we are just using too much 
bandwidth between phone and VPN overall, we'll just get another ADSL 
line.. they are cheap! For our truly critical infrastructure (serving 
customers) we have 10Mbp/s ethernet over fiber from Internap. A 
secondary use for our DSL line is as an emergency backup to our 
Internap connection.. again QoS would be used to ensure than phones 
and VPN get only waste bandwidth when/if the Internap connection fails
and we failover to the DSL to serve our customers. Phones and VPN are 
relatively low priority for us. :-)

More information about the Members mailing list