Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

We are researching replacing our existing (and frequently locking up)
Symantec Gateway 460 gateway (was a $650 device). Currently it has
the firewall and vpn built in (ipsec). This unit requires that end
users use proprietary vpn software, rather than just creating a
windows vpn connection.. this software doesnt work in x64 Vista (or
Vista period). We also have installed pptp vpn on a backend server
and use this as an alternate for now.

We have a 15 mbit Comcast cable connection (1mbit upload) and a 3mbit
verizon connection (1mbit upload max).. We have about 10 users at the
moment (out of 42) who use VPN, usually only about 3-4 at a time
though.

I'd really like an all in one solution that was VPN SSL capable (i'm
assuming this means the end user wouldnt need proprietary software,
just an SSL certificate and a connection in most cases?).. but it
seems most are breaking the two apart these days?

Here are my current choices.. any thoughts on these or perhaps others
out there i haven't thought of? (perhaps cheaper ones that are just as
good)? We need to have dual wan ability in either case though..

Gateways:

Sonicwall Pro 2040 Internet Security Appliance: (dual wan able) 01-
SSC-5700 $1339.88 (24x7 support option 01-SSC-5707 = $350.97)
**No SSL vpn ability need separate unit, see below (has standard 10
license, ipsec vpn ability); 200mbps on firewall and 50mps on vpn

Juniper SSG-140-SH $2569
** 350mbps on firewall; 100 mbps on vpn



Secondary vpn device:
SonicWall SSL-VPN 2000 01-SSC-5952 $1691 (unlimited users)
*Nice interface via the web, does require a small app installed via
the web to directly connect though.


Any thoughts?

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

"markm75" wrote in message
news:1192717201.542432.262400@i13g2000prf.googlegroups.com.. .
> We are researching replacing our existing (and frequently locking up)
> Symantec Gateway 460 gateway (was a $650 device). Currently it has
> the firewall and vpn built in (ipsec). This unit requires that end
> users use proprietary vpn software, rather than just creating a
> windows vpn connection.. this software doesnt work in x64 Vista (or
> Vista period). We also have installed pptp vpn on a backend server
> and use this as an alternate for now.

Why did the company get Vista 64 bit? A whole lot of things don't work with
Vista 64 bit at this time. What they should have gotten was Vista 32 bit.
Some vendors as of yet have not caught up with the requirements to run their
solution on or against the Vista platform. Vendors are working on this,
because they have no choice if they want to make money, but some are still
lagging behind.

>
>
> Any thoughts?
>

First, you have to find a solution that's Vista compliant *period*. The
solution that is Vista compliant will be designated as such. I understand
that 32bit Vista compliant solutions work on the 64 bit platform. You need
to start checking with vendors and check that their solutions are Vista
compliant.


I doubt you're going to find anything worthy of a VPN solution but it's a
shot.

http://www.bestvistadownloads.com/software-search.html?keywo rds_and=vpn+software&keywords_exact%5B%5D=&keywords_or=&keyw ords_not=&category_id=0&licence=0&price=&p=25&u=0&s=d

You find something that's Vista compliant, you dual boot Vista/Windows XP or
you might be able to use PC2007.

http://www.microsoft.com/windows/products/winfamily/virtualp c/default.mspx

Someone should have done their homework before he or she made the decision
to run off and use Vista, and most don't do it.

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

On Oct 18, 12:31 pm, "Mr. Arnold" wrote:
> "markm75" wrote in message
>
> news:1192717201.542432.262400@i13g2000prf.googlegroups.com.. .
>
> > We are researching replacing our existing (and frequently locking up)
> > SymantecGateway460gateway(was a $650 device). Currently it has
> > the firewall and vpn built in (ipsec). This unit requires that end
> > users use proprietary vpn software, rather than just creating a
> > windows vpn connection.. this software doesnt work in x64 Vista (or
> > Vista period). We also have installed pptp vpn on a backend server
> > and use this as an alternate for now.
>
> Why did the company get Vista 64 bit? A whole lot of things don't work with
> Vista 64 bit at this time. What they should have gotten was Vista 32 bit.
> Some vendors as of yet have not caught up with the requirements to run their
> solution on or against the Vista platform. Vendors are working on this,
> because they have no choice if they want to make money, but some are still
> lagging behind.
>


I've been running x64 at home now for well over a year.. no issues
whatsoever, minus the fact that symantec vpn client doesnt work on
anything vista (but i use pptp vpn to get in, not a huge deal, if i
throw on an ssl cert, it would be perfectly secure).. this only
affects 1 person, myself.. Btw.. i run a TON of apps on x64 and i
have a lot of hardware, all of which work and have drivers.

As far as the company side.. we do have two users, using x64
internally, without any issues as well.

We also run 4gb of memory on most of these power systems, so x64 uses
the full segment of 4gb, not just 3.5gb etc..

Its my opinion that if you have a beefy system, want it to be more
secure (as x64 is by default), run 4gb of memory or more, than at this
point in time, most of the time going with x64 isnt a bad choice..
heck even games run fine.

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

"markm75" wrote in message
news:1192728057.329324.75310@q5g2000prf.googlegroups.com...
> On Oct 18, 12:31 pm, "Mr. Arnold" wrote:
>> "markm75" wrote in message
>>
>> news:1192717201.542432.262400@i13g2000prf.googlegroups.com.. .
>>
>> > We are researching replacing our existing (and frequently locking up)
>> > SymantecGateway460gateway(was a $650 device). Currently it has
>> > the firewall and vpn built in (ipsec). This unit requires that end
>> > users use proprietary vpn software, rather than just creating a
>> > windows vpn connection.. this software doesnt work in x64 Vista (or
>> > Vista period). We also have installed pptp vpn on a backend server
>> > and use this as an alternate for now.
>>
>> Why did the company get Vista 64 bit? A whole lot of things don't work
>> with
>> Vista 64 bit at this time. What they should have gotten was Vista 32 bit.
>> Some vendors as of yet have not caught up with the requirements to run
>> their
>> solution on or against the Vista platform. Vendors are working on this,
>> because they have no choice if they want to make money, but some are
>> still
>> lagging behind.
>>
>
>
> I've been running x64 at home now for well over a year.. no issues
> whatsoever, minus the fact that symantec vpn client doesnt work on
> anything vista (but i use pptp vpn to get in, not a huge deal, if i
> throw on an ssl cert, it would be perfectly secure).. this only
> affects 1 person, myself.. Btw.. i run a TON of apps on x64 and i
> have a lot of hardware, all of which work and have drivers.
>
> As far as the company side.. we do have two users, using x64
> internally, without any issues as well.
>
> We also run 4gb of memory on most of these power systems, so x64 uses
> the full segment of 4gb, not just 3.5gb etc..
>
> Its my opinion that if you have a beefy system, want it to be more
> secure (as x64 is by default), run 4gb of memory or more, than at this
> point in time, most of the time going with x64 isnt a bad choice..
> heck even games run fine.
>
>

I got Vista 32bit Ultimate, and I have no problems with it. All you have to
do is step into a Vista NG to see the many problems users are having with
any version of Vista 32 and 64 bit at this time.

And all you have to do is ask a .NET developer about the woes of using Vista
64 bit anything.

But again, it all depends upon who is sitting behind the wheel and is doing
the driving.

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

On Oct 18, 1:46 pm, "Mr. Arnold" wrote:
> "markm75" wrote in message
>
> news:1192728057.329324.75310@q5g2000prf.googlegroups.com...
>
>
>
>
>
> > On Oct 18, 12:31 pm, "Mr. Arnold" wrote:
> >> "markm75" wrote in message
>
> >>news:1192717201.542432.262400@i13g2000prf.googlegroups.com ...
>
> >> > We are researching replacing our existing (and frequently locking up)
> >> > SymantecGateway460gateway(was a $650 device). Currently it has
> >> > the firewall and vpn built in (ipsec). This unit requires that end
> >> > users use proprietary vpn software, rather than just creating a
> >> > windows vpn connection.. this software doesnt work in x64 Vista (or
> >> > Vista period). We also have installed pptp vpn on a backend server
> >> > and use this as an alternate for now.
>
> >> Why did the company get Vista 64 bit? A whole lot of things don't work
> >> with
> >> Vista 64 bit at this time. What they should have gotten was Vista 32 bit.
> >> Some vendors as of yet have not caught up with the requirements to run
> >> their
> >> solution on or against the Vista platform. Vendors are working on this,
> >> because they have no choice if they want to make money, but some are
> >> still
> >> lagging behind.
>
> > I've been running x64 at home now for well over a year.. no issues
> > whatsoever, minus the fact that symantec vpn client doesnt work on
> > anything vista (but i use pptp vpn to get in, not a huge deal, if i
> > throw on an ssl cert, it would be perfectly secure).. this only
> > affects 1 person, myself.. Btw.. i run a TON of apps on x64 and i
> > have a lot of hardware, all of which work and have drivers.
>
> > As far as the company side.. we do have two users, using x64
> > internally, without any issues as well.
>
> > We also run 4gb of memory on most of these power systems, so x64 uses
> > the full segment of 4gb, not just 3.5gb etc..
>
> > Its my opinion that if you have a beefy system, want it to be more
> > secure (as x64 is by default), run 4gb of memory or more, than at this
> > point in time, most of the time going with x64 isnt a bad choice..
> > heck even games run fine.
>
> I got Vista 32bit Ultimate, and I have no problems with it. All you have to
> do is step into a Vista NG to see the many problems users are having with
> any version of Vista 32 and 64 bit at this time.
>
> And all you have to do is ask a .NET developer about the woes of using Vista
> 64 bit anything.
>

Offtopic again, but i must confess:

Actually, where i work, we have 2 people running x64 Vista with .net
2005, inclusive of myself without any issues.

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

"markm75" wrote in message
news:1192759857.696499.154620@y27g2000pre.googlegroups.com.. .
> On Oct 18, 1:46 pm, "Mr. Arnold" wrote:
>> "markm75" wrote in message
>>
>> news:1192728057.329324.75310@q5g2000prf.googlegroups.com...
>>
>>
>>
>>
>>
>> > On Oct 18, 12:31 pm, "Mr. Arnold" wrote:
>> >> "markm75" wrote in message
>>
>> >>news:1192717201.542432.262400@i13g2000prf.googlegroups.com ...
>>
>> >> > We are researching replacing our existing (and frequently locking
>> >> > up)
>> >> > SymantecGateway460gateway(was a $650 device). Currently it has
>> >> > the firewall and vpn built in (ipsec). This unit requires that end
>> >> > users use proprietary vpn software, rather than just creating a
>> >> > windows vpn connection.. this software doesnt work in x64 Vista (or
>> >> > Vista period). We also have installed pptp vpn on a backend server
>> >> > and use this as an alternate for now.
>>
>> >> Why did the company get Vista 64 bit? A whole lot of things don't
>> >> work
>> >> with
>> >> Vista 64 bit at this time. What they should have gotten was Vista 32
>> >> bit.
>> >> Some vendors as of yet have not caught up with the requirements to run
>> >> their
>> >> solution on or against the Vista platform. Vendors are working on
>> >> this,
>> >> because they have no choice if they want to make money, but some are
>> >> still
>> >> lagging behind.
>>
>> > I've been running x64 at home now for well over a year.. no issues
>> > whatsoever, minus the fact that symantec vpn client doesnt work on
>> > anything vista (but i use pptp vpn to get in, not a huge deal, if i
>> > throw on an ssl cert, it would be perfectly secure).. this only
>> > affects 1 person, myself.. Btw.. i run a TON of apps on x64 and i
>> > have a lot of hardware, all of which work and have drivers.
>>
>> > As far as the company side.. we do have two users, using x64
>> > internally, without any issues as well.
>>
>> > We also run 4gb of memory on most of these power systems, so x64 uses
>> > the full segment of 4gb, not just 3.5gb etc..
>>
>> > Its my opinion that if you have a beefy system, want it to be more
>> > secure (as x64 is by default), run 4gb of memory or more, than at this
>> > point in time, most of the time going with x64 isnt a bad choice..
>> > heck even games run fine.
>>
>> I got Vista 32bit Ultimate, and I have no problems with it. All you have
>> to
>> do is step into a Vista NG to see the many problems users are having with
>> any version of Vista 32 and 64 bit at this time.
>>
>> And all you have to do is ask a .NET developer about the woes of using
>> Vista
>> 64 bit anything.
>>
>
> Offtopic again, but i must confess:
>
> Actually, where i work, we have 2 people running x64 Vista with .net
> 2005, inclusive of myself without any issues.
>

They can consider themselves lucky according to some contractors I know.

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)?Current choices ...

markm75 wrote:

> Gateways:
>
> Sonicwall Pro 2040 Internet Security Appliance: (dual wan able) 01-
> SSC-5700 $1339.88 (24x7 support option 01-SSC-5707 = $350.97)

check the specs for the 2040, besides the builtin switch it doesn't have much more
performance than a TZ180/190 - which is a big enough firewall for 42 users, - of course depending on traffic and which
security services (AV, IPS, Anti Spyware) you are planning to run on it.

if you have the budget and want to plan ahead, go for the 3060.


> **No SSL vpn ability need separate unit, see below (has standard 10
> license, ipsec vpn ability); 200mbps on firewall and 50mps on vpn
>
> Juniper SSG-140-SH $2569
> ** 350mbps on firewall; 100 mbps on vpn
>
>
>
> Secondary vpn device:
> SonicWall SSL-VPN 2000 01-SSC-5952 $1691 (unlimited users)

in case you haven't seen this:
http://www.sonicwall.com/downloads/SSL-VPN_200_2000_4000_FAQ .pdf

I would recommend it for your size office.

M

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

On Oct 22, 4:11 am, mak wrote:
> markm75 wrote:
> > Gateways:
>
> > Sonicwall Pro 2040 Internet Security Appliance: (dual wan able) 01-
> > SSC-5700 $1339.88 (24x7 support option 01-SSC-5707 = $350.97)
>
> check the specs for the 2040, besides the builtin switch it doesn't have much more
> performance than a TZ180/190 - which is a big enough firewall for 42 users, - of course depending on traffic and which
> security services (AV, IPS, Anti Spyware) you are planning to run on it.
>
> if you have the budget and want to plan ahead, go for the 3060.
>
> > **No SSL vpn ability need separate unit, see below (has standard 10
> > license, ipsec vpn ability); 200mbps on firewall and 50mps on vpn
>
> > Juniper SSG-140-SH $2569
> > ** 350mbps on firewall; 100 mbps on vpn
>
> > Secondary vpn device:
> > SonicWall SSL-VPN 2000 01-SSC-5952 $1691 (unlimited users)
>
> in case you haven't seen this:http://www.sonicwall.com/downloads/SSL-VPN_200_2000_400 0_FAQ.pdf
>
> I would recommend it for your size office.
>
> M

So the 200 lacks the java RDP ability via the main web page? It also
mentions client side certs arent included.. i'm not sure where that
comes into play/works? IE: ive seen a demo of the 2000.. where you
log into the web page and can do RDP, or shared drives etc.. or
install the netclient locally.. are these not included in the 200
version?

Re: Good mid size company router/gateway ideas? VPN solutions (Ssl)? Current choices ...

On Oct 18, 4:20 pm, markm75 wrote:

> I'd really like an all in one solution that was VPN SSL capable (i'm
> assuming this means the end user wouldnt need proprietary software,
> just an SSL certificate and a connection in most cases?).. but it
> seems most are breaking the two apart these days?

Cisco ASA supports this in one box. (FW + ipsec vpn + ssl vpn + ids
+ ...)
With the right license of course :-)