What are you deploying as router solutions?

Tech249

n00b
Joined
Sep 17, 2011
Messages
46
For the past ten years, we have mostly done Sonicwall. We started to deploy Untangle about two years ago, along with a few Sonicwall's. Just curious what others are using.

Edit 03.17 @ 9:14pm - fixed title, changed from router to firewall
 
Last edited:
Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.
 
Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.

You knew exactly what he meant... :rolleyes:
 
You knew exactly what he meant... :rolleyes:

Whether I thought I knew what he really meant isn't the point. Words have meanings and using the correct words is important most especially in technical context People should not have to second guess whether or a person really means firewall when he asks for a router or vice versa. As I said, precision is your friend.
 
Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.

I apologize, you are correct. In the company of my peers I was lazy and did not specify.
 
What is the approximate cost today on the Palo Alto PA-200 and PA-500 series devices?
 
At work: Checkpoint and Cisco ASA (moving to the ASA's over Checkpoint).

At home: pfSense.
 
1 PA-500 with threat-prevention, bright cloud url filtering, and premium support came $6,120.
 
There is a severe lack of proper terminology going on in this thread. Ether that or none of you know what a router is. You guys are all listing off firewalls not routers. Yes they have some router like features but they are not routers.

We use a pair of Cisco 3800 series routers here at work.
 
He had already fixed the title, please quit being rude. And I am in the process of setting up pfsense or Indian, just can't make up my mind yet.
 
We have Cisco, Adtran, and Samsung routers here. Watchguard firewalls here and at our branch offices.
 
pfSense profesionally and at home, TP-Link running openWRT for Residential/Small Business.
 
While I prefer to stick with name brand stuff, I have a few small clients where I've been forced to use "old hardware". And I will say I really enjoy the capabilities offered by a raw linux install acting as a firewall/router.

It's remarkable how many higher end functions you can mimic for, essentially, free.
 
There is a severe lack of proper terminology going on in this thread. Ether that or none of you know what a router is. You guys are all listing off firewalls not routers. Yes they have some router like features but they are not routers.

We use a pair of Cisco 3800 series routers here at work.

He fixed the title before you threw in your two cents(fixed in OP, not actual thread title). Maybe that is your reading comprehension fail? :)
 
In my current gig, all pfSense (multi-location, 'medium'-sized business). I installed them when I was working for a consulting firm and I'm damn glad I did.

My previous consulting firm was installing Junipers that were a serious PITA to manage (especially with no staff specializing) and Netgears for home users. The guy (prior to me) who 'liked' the Junipers set every. freaking. one. up totally wrong. What he actually liked was the kickback he was getting from the sales guy is what I found later. The Netgears (N2000) literally ALL died over a few year period.

They started deploying Netgate boxes with pfSense and have zero issues. They can also offer 'upgrades' (UTM, VPNs, etc) at consulting cost only.

If you get stumped or have an irregular issue, bsdperimeter is awesome - you get a dev immediately helping you work through it.
 
@obrith

This makes me feel like I am doing to right thing. I constantly am looking at other solutions (Right now, I will be ordering a zyxel and I have ordered a Ubiquiti Edge Router). I have about 20 pfSense installs all on Netgate hardware and I have only had one physical failure. Everything else has been pretty solid. And occasional bug here and there, sometimes I can fix it due to it being open source, and sometimes I have to wait for the dev's, but so far, it has worked out very well.

The only major complaint I have is VPN traffic shaping. You can't traffic shape on a vpn interface unless you shape the whole pipe. Have you ever run into this issue? How did you handle it?
 
The only major complaint I have is VPN traffic shaping. You can't traffic shape on a vpn interface unless you shape the whole pipe. Have you ever run into this issue? How did you handle it?

I haven't had to deal with that (yet). We have dedicated circuits for our VPNs with fail over to our other lines via Quagga. VOIP is the primary use, but a lot of AD/minor filesharing/etc flows over the line and we've never had a complaint about VOIP, even when under moderate load.

Does it not work to assign an interface to the VPN and shape on it?
 
In the past it's been Sonicwalls, Cisco ASAs.

Recently we are taking a long hard look at replacing our 5510 with some Fortigates
 
I also haven't had a need to shape a VPN tunnel, as I use it for TS and AD stuff which is pretty low bandwidth. My understanding is you shape the underlying interface (Usually the WAN) which also shapes the VPN traffic.
 
Closed captioning of the following is brought to you by The Following lol sorry just wanted to say it..

Home: All Cisco
Work: Cisco, Juniper
 
I haven't had to deal with that (yet). We have dedicated circuits for our VPNs with fail over to our other lines via Quagga. VOIP is the primary use, but a lot of AD/minor filesharing/etc flows over the line and we've never had a complaint about VOIP, even when under moderate load.

Does it not work to assign an interface to the VPN and shape on it?

Unfortunately, it does not :-(. My current solution is splitting data into one vpn link, and VOIP into another link, and then shaping each pipe accordingly. I struggled long and hard with this and Ermal (the developer of the traffic shaper) stated you just can't shape stuff going into, in, or coming out of a VPN. For all other prioritization, I just use QOS on the switch. Cisco's do allow for QOS on VPN tunnels but they are also hugely expensive with mandatory support contracts to stay up-to-date. So the trade-off's I make with pfSense are well worth it for all the small/medium business stuff I do.

BTW Just tried out the edge router lite. It's a pretty sweet little device. I can see myself using this for small installs. Only complaint thus far is QOS is 100% cli configured. So it's a little time consuming to setup.
 
professionally, watchguard, pfsense sometimes if budgets are tight

personally, pfsense
 
Unfortunately, it does not :-(. My current solution is splitting data into one vpn link, and VOIP into another link, and then shaping each pipe accordingly. I struggled long and hard with this and Ermal (the developer of the traffic shaper) stated you just can't shape stuff going into, in, or coming out of a VPN. For all other prioritization, I just use QOS on the switch. Cisco's do allow for QOS on VPN tunnels but they are also hugely expensive with mandatory support contracts to stay up-to-date. So the trade-off's I make with pfSense are well worth it for all the small/medium business stuff I do.

BTW Just tried out the edge router lite. It's a pretty sweet little device. I can see myself using this for small installs. Only complaint thus far is QOS is 100% cli configured. So it's a little time consuming to setup.

What about RouterOS? They treat VPN links as interfaces.

I regularly visit the Ubiquiti forum, there's a few complaints of bricked units. Apparently you are supposed to shut them down before disconnecting power or it can mess up the file system.
 
Home: Mikrotik and Cisco ASA
Work: Cisco ASAs (Soon to be swapping to ISRs)
 
@ awesomo
I'm pretty sure the tun-interface supports ALTQ (it did a few years back at least) but it's rather an logical issue. There's no point in dropping traffic that already hit your interface/connection, it'll just generate more traffic/congestion. What you can do is to limit traffic on your internal interface going to the VPN-link at both ends. For this reason it's not possible to limit download speed on your external interface, you could in theory limit traffic going from WAN to LAN on the internal interface but dropping data that far down the line doesn't make any sense...
//Danne
 
Back
Top