Small business with 40 clients, so far IPCop
-
For us speed is important. The system has to connect three LANS in our office (no www) and it needs to be fast.
Are these three separate subnets or just three areas?
Do you have a diagram of your current network complete with IP addresses of your subnets and firewall interfaces?
-
Sorry for my English.
Let me try it again :-)I need two new systems.
First:
We have to install a ftp server, so one customer can connect to it.
The customer uses a checkpoint firewall. I need now a device to establish the VPN connection.
So far I tried it with the German FritzBox but Checkpoint cannot connect to it since it doesn't use username/password authentification.
As far as I read pfsense is able to do the job.Here I thought a Board from PC Engines will do the job.
Second:
Here I really need some advice.
In our building we have three LANs. In each LAN I have a Qnap Server with two Gigabit connections to a LAN.
So far I have an IPCop installation on an old but performant Desctop PC running which needs to be replaced.
I do not want to use a Desctop PC anymore but I don't know which Hardware is doping the job.Is the APU1D4 from PC Engines performant enough?
It uses the Realtek chipset, so far I always use Intel.
Is it better to go with another board?
We have 40 persons working in our office, and the files can get pretty large (200 MB).I need to be able to configure my own routes and on one LAN Port I have to configure a second IP.
Thank you for your help
Markus -
This is one instance where size doesn't matter. What matters is how fast the transfers need to go.
I'm sorry to harp on a diagram but I don't like to work without one. See my sig for the type of information necessary. It doesn't have to be pretty, just informative. Pen and paper is fine.
-
Hello,
I did now a lot of research and found those two vendors:http://www.landitec.com/Network-Appliance-Hardware/Rackmount-Appliance:::58_9.html
and
https://www.applianceshop.eu/security-appliances/19-rack-appliances/pfsense-based-5.html
Does somebody have any experience with them?
Markus
-
Why not buy directly from pfsense and get support included for the prize?
https://www.pfsense.org/hardware/pfsense-store.html#c2758 -
Do you need full 1Gbps routing between each LAN?
Why do you need to use two boxes for this? You could easily use one box to be both a firewall and a VPN server.Steve
-
@mir:
if I have this right the hardware ships from the US.
I will have to pay customs and tax on it here in Germany.
If I have a problem it will take too lonh to replace the unit.ä@Steve:
I need two systems.One needs to manage gigabit routing between the LANs.
Also it has to do some logging and URL filtering for 40 clients.The other one needs to manage vpn connection with 12 Mbits/s upload and 100 Mbit/s download for about 15 clients.
Markus
-
I see. You can get exactly the same hardware in Germany here: http://www.axiomtek.de/products/ViewProduct.asp?view=1118
Axiomtek Deutschland GmbH, Hans-Böckler-Str 10. 40764 Langenfeld -
Hello,
I did now a lot of research and found those two vendors:https://www.applianceshop.eu/security-appliances/19-rack-appliances/pfsense-based-5.html
Does somebody have any experience with them?
Markus
I had. In presales when I started my journey in pfSense. Expect to be bullied and be told to f* off when you want to bring their extremely meager warranty on the table (conflicting with EU laws when it comes to consumers - which I am. They copy cat 'apple', it seems: ignore the mandatory law, 'so sue me').
'Nother member in this fine forum posted that a battery in his hardware had gone, he applied for warranty, but they never responded after multiple reminders so he bought a battery himself and fixed that in his machine.
The shop also runs a spin off of pfSense, called opnsense. There's a thread about it.
Personally I would not, for the life of it, come near them. But that's me ;D
-
-
I need two systems.
One needs to manage gigabit routing between the LANs.
Also it has to do some logging and URL filtering for 40 clients.The other one needs to manage vpn connection with 12 Mbits/s upload and 100 Mbit/s download for about 15 clients.
Right, but is there some reason that both those services can't be on the same pfSense box? They are in different physical locations perhaps?
Steve
-
I have no experience with Axiomtek. It was also just an example. Try google and see if there is not a reseller near you.
-
buy a premade unit or build one
i suggest
8 core atom supermicro board with quad lan: http://www.supermicro.com/products/motherboard/Atom/X10/A1SAM-2750F.cfm
16gb corsair ecc ra (8gbx2)
pick a ssd, sata-dom, or small hd
300w seasonic psu
pick a case a case
overkill, but futureproof. you can run some vms on same for the future if you choose.
4x onboard gigbit nic via intel 3540 t4
extra pcie slots for future use
can be remotely managed with ipmi, which is a nice feature.
-
Hello,
if not realized until now there where other options for you!
At Q4-2015 Soekris brings out the net6801 and there fore a 19"
rack case will be available and also soekris LAN1841 Quad GB LAN Port cards
so you are able to have an appliance with 12 GB LAN Ports in total, if needed.If it is urgent for you I would be looking for the following,
- SG2440
- RCC-VE-4860
- Cisco SG300-52
So you are able to set up VLANs for all companies.
-
I built a router from parts I listed here that would also do all of what you are wanting in one box. I suppose you could build two of them if you really need two physical boxes. Although the VPN box could probably use the C2558 version of the board to save some money.
-
for the price difference, I would go for the 8 core vs 4 core atom. better to have too much than not enough.
the new xeon d is a monster that should be out soon if you need more power. a couple hundred dollars more. not much for a business.
