Need router for security gates



  • We mostly service an area which used to be Bright House and is now Spectrum. Because of that, internet service has gone from mostly solid to mostly nightmarish. In the last month alone they have changed the static IPs at 3 of the locations we service with no history of what the old IPs were. They always claim it must be because we called in and had them change it and nobody notated it. I mean, static IPs aren't supposed to change but Spectrum doesn't seem to know that.

    Something else we've been doing for ages is security cameras at remote gates. We install a weatherproof box, stick a BBU in the bottom and Bright House brings in a modem. No problem. We get a static IP and the gate and cameras sit inside the network with ports forwarded. Sometimes we use a poe switch, sometimes just injectors depending on the number of devices that need power. With Spectrum that's all gone out the window. Now it requires 2 modems, 1 for data and 1 for voice, they no longer support port forwarding, and I can't use the static IP unless I have my own router in there. It's simple ridiculous. They are using the exact same modems as Bright House but disabled the features. What used be simply be done with 1 device now requires 3.

    This is leaving me scrambling looking for a router to fit my needs. It needs to be small because now the enclosures are crammed with 2 gigantic modems and needs to be able to handle high temps because they sit in the sun those 2 modems pump out a ton of heat. The enclosures have fans that are temperature controlled but that doesn't help if the outside air is hot as well. It really only needs to handle <10 devices at 100mbps. No Suricata or Squid or any of that stuff.

    I thought Netgate produced a tiny unit for $99 but I can't find it. I think I remember it being red and roughly the size of 2 network ports wide. Maybe it's been discontinued. I'm trying to keep costs low as it's already going to be an odd discussion to tell these clients what's worked for years is now going to cost an extra few hundred per gate for the new hardware and labor to reprogram everything.

    Any recommendations? Thanks!



  • @stewart It's all about timing - take a look at the newly released: sg-1100
    Sounds like it's right up your alley....


  • Netgate Administrator

    Yup, though it sounds like you don't actually need the throughput. The SG-1000 has been discontinued but would have been ideal, you might find some old stock.
    The MBT-2220 is a little larger but would also fit well here.

    Steve



  • @divsys

    I looked at it just before I posted and it does indeed look like it would work. There isn't any info on temps and I dislike being an early adopter but it does appear to be much faster than the SG-1000. It's certainly an option.


  • Netgate Administrator

    I know there was some pretty intensive temperature testing done on the SG-1100. The heatsink on the production device is quite large, the one I have does not run particularly hot.
    Do you have any temperature figures for your application?

    Steve



  • @stephenw10

    Yes, the SG-1000 was the one I was thinking of! Does the SG-1100 replace the SG-1000, the MBT-4220, and the MBT-2220? Man, I'd love for the SG-1100 to have options for 2GB or 4GB RAM to add more packages. Not for this situation but as an alternative to the APU2 line of boxes.

    The MBT-4220 was almost perfect at $249 with 2GB RAM, 32GB storage, and even more power than the SG-3100. We nearly switched except it only had 2 ports and we consistently use all 3 for either dual-wan or PCI compliance. (And now it isn't available anymore so I'm glad we didn't switch. They feel like short-lived products even if they are just boxed minnowboards.) The SG-1100 gives the ports and what looks like decent speeds but lacks the RAM to add packages. Maybe that's product differentiation but it leaves quite the gap between it and the SG-3100. Maybe there is an SG-2100 coming down the pike with more resources to fit in between the SG-1100 and the SG-3100? Historically, model names have been all over the place so it would be nice to have some consistency.

    @stephenw10

    I don't know the temps exactly but it sits in an enclosed plastic box with fans in direct sun with 2 modems. I'm guessing it gets up to 140-150 degrees Fahrenheit in there.


  • Netgate Administrator

    The rated operating temperatures should be up on the store page shortly.

    Steve



  • @stephenw10 Thank you. I'll keep an eye on it. Is there someplace that the performance statistics of the Netgate units are saved? Something like this would make them extremely easy to compare and understand the differences. When I need to get a SonicWall, that's the first thing I look at to make my determination. Primarily the physical hardware and performance on IMIX and Full DPI.


  • Netgate Administrator

    The closest equivalent is probably this: https://www.pfsense.org/products/ but it doesn't list performance details there.

    Probably best to ping sales direct, they may well have something like that.

    Steve



  • @Stewart

    Interesting needs. I think if this were mine to work I would use the MBT-4220 and a Comtrol ROCKETLINX ES8510-XT Ethernet switch. Let the MBT-220 open a VPN back to a host / proxy for your services and route your Voice (VoIP), data and video back through there.

    Eliminates the second Cable Modem, Eliminates the need for the Static IP and streamlines the whole thing from a support point of view.

    Good Luck -



  • The MBT-4220 is no longer in production. The second modem is just an analog line for the call box at the gate. It's not an actual extension tied into the system. We've had good success with the NetGear GS110TPv2 switches. They run hot but the temps don't seem to bother them even though they are rated at only up to 104 degrees. Only times they have gone down are because of lightning and it looks to be a few hundred dollars less than that Comtrol. I've had some people recommend BV-Tech as they have a $70 switch that would fit the bill, but I don't know them and don't know their reliability. It's worked for them but I don't know. Netgears have traditionally been great switches for me.

    How would it eliminate the static IP with the VPN? Both sides need to know the IP of the other to establish the link. Otherwise they can't communicate. How do you do that with DHCP?


  • LAYER 8 Netgate

    Both sides need to know the IP of the other to establish the link. Otherwise they can't communicate. How do you do that with DHCP?

    Dynamic DNS usually.

    The dynamic side updates dynamic DNS when the address changes and the other side connects to that hostname.



  • @Stewart

    As @Derelict stated you have one side with a static IP the servers / proxy and the other side with a dynamic address updating a service like dyndns or myip.    Sorry, maybe the MBT-2220 then.  The Comtrols are may for your environment the NetGear units are not.    Never heard of the BV-Tech switch either.   The Call Box can be IP as well as Analog, there are a number of people who make then such as Algo and Viking.  Or just use an ATA, but keeping a duplicate modem and service for one extension / phone line seems like trouble.   
    

    As the saying goes, Good / Reliable / Cheap... Pick any two.



  • @derelict
    I've never tried DynDNS with with VPNs inside of pfSense. I've always used hard-coded IPs with statics. I can look at that.

    @Phonebuff
    I never really expected the NetGear switches to work but other than losing them to lightning strikes they've lasted years. I've got one that's at least 4 years strong at the moment. Initially it's just what we had on hand so we went with it. It's got a lifetime warranty so if it died we weren't out much but a shipping cost. We don't do the gates and call boxes (or the phone system at this particular client). So just giving them an analog line to call out on to ring back to the guard phone is cheap and simple. It's not an extension on a system. It's an outside line that calls in. Up until now it's all been good, reliable, and cheap. Spectrum is just changing that.

    @stephenw10
    Looks like it's only up to 113 degrees. Not sure if that would work.


  • Netgate Administrator

    Mmm, might be tight for an enclosed space with minimal airflow.

    You could just use OpenVPN which doesn't require a remote IP to be set. The client end can connect from any IP if allowed.

    Steve



  • By the way, while the MBT-4220 is no longer in stock from Netgate, it is still available from some other sources..

    Given your space and environmental issues, you might want to find a box with the Internal switch like the 3100 and combine the firewall router and switch to one frame.




  • @phonebuff There are currently 3 devices that connect, 2 cameras (POE) and the gate. We are building out to add LPR cameras so we will need 4 poe, 1 non-poe, and 1 to link to the modem. Any boxes provide 4 poe ports? If not I'd need to make room for 4 additional poe injectors.


  • LAYER 8 Netgate

    None of the Netgate devices supply PoE.



  • You really need an "industrial" switch router for this -- Something like below..

    You can also get an Industrial Embedded Computer Systems in this category that could run pfSense but you will need to do some research to find one --

    https://www.trendnet.com/products/industrial-switches/TI-PG541



  • One more link --- Not sure this is POE --

    http://www.electronicnetwork.com/en/onrisc-baltos-ir5221.html