Recommendations for a small business

ThreeDee

[H]F Junkie
Joined
Sep 5, 2001
Messages
11,414
I'm a network noob and just fix laptops and desktops (hardware) on the side. I repaired an individuals laptop for him and then he asked me to look at his office and the office that he shares his internet connection with (DSL).

Internet connection kept dropping with the shared office so he would unhook all his stuff and fiddle around with his D-Link switches and what not until he got the shared office back up .. anyhoo .. I just cleaned up his cabling and rearranged how they had their wireless routers setup and their settings so 2/3 dhcp servers weren't running on the same network .. removed a couple switches ...etc ...

I told him that it would be in his best interest to separate the 2 offices (businesses). And with a small business grade firewall appliance he could do that and take some of the work load off of his little DSL modem (if that matters at all). He asked me if I could find him one. I told him that I am out of my element with networking stuff but because I cleaned up his network and got everybody running .. and still running a week later .. he feels I'd do a better job finding the right hardware for his setup than he would .. so here I am ..

He uses wireless in his office, but not needed .. the other office uses an Asus wireless N router for a couple tablets and what not and it's separate from the "work" computers. Both offices use VOIP phones of which the computers are "piggy backed" onto.. cable into the phone, and then another port on phone with a cable going to a computer ..

Shared Office: 3 voip phones, 4 computers (2 of the computers piggy backed onto 2 of the phones), Asus wireless router.

Main Office: (it's pretty messy so was hard to tell what exactly was hooked up) 2 or 3 voip phones, 2 or 3 laptops wired, Has a Netgear wireless router that isn't currently hooked up.

This individual does not like Cisco as a company so does not want to use their products :(

I was poking around on Newegg and looking at
SONICWALL 01-SSC-0217

and ZyXEL ZyWALL ZWUSG20

..something around $200 or under that is useable without a subscription to that companies services .. I've setup Smoothwall boxes, and messed with IPCop eons ago and currently use Untangle .. throw in another nic if you want a separate network .. never messed with VLAN's. I'm in over my head, but this will be a learning experience while hopefully helping somebody else out.

What would you guys recommend?
 
So the brief version is two business offices somehow connected together (common wall, etc.) that use the same DSL internet connection and you want them on separate IP networks? If so, I would just have them get another DSL connection and call it good. If the new routing appliance/hardware dies or the DSL connection is down it takes both companies down. It also simplifies the network architecture greatly. You don't have to do it that way, but in my experience small businesses just want it done inexpensively and done right. I always tried to keep it simple so in case they had another vendor take over the account I can just had them the "keys" so to speak and move on.
 
So the brief version is two business offices somehow connected together (common wall, etc.) that use the same DSL internet connection and you want them on separate IP networks? If so, I would just have them get another DSL connection and call it good. If the new routing appliance/hardware dies or the DSL connection is down it takes both companies down. It also simplifies the network architecture greatly. You don't have to do it that way, but in my experience small businesses just want it done inexpensively and done right. I always tried to keep it simple so in case they had another vendor take over the account I can just had them the "keys" so to speak and move on.
I agree ... the DSL costs him $90 a month and he splits it with the other business .. I don't know if he owns the building or what .. but for the $45 they are paying, they could easily go with cable with Charter and be on their own faster service .. but I digress ..

..but yeah, in a nutshell .. looking for recommendations for a firewall appliance for a small business(es) to split internet connection into 2 separate networks.

He had an old computer sitting on the floor and I told him I could install a firewall distro on it that's free to use for businesses .. (ie Smoothwall express or the like) .. but he wants something that he could possibly deploy with his voip phones that he sells.. with his setup being the testing/learning grounds ..
 
This will help explain some of it.
http://www.smallnetbuilder.com/lanwan/lanwan-howto/24428-howtotwoprivlan?showall=&start=1

Try and sell him/her on another provider is the other provider is better. Two businesses on one Internet connection = can never have enough bandwidth. All it takes is someone to start streaming videos (including the owner). I would use something like a Zyxel USG50/60. Plug each WAP into the LAN ports (one is defaulted to 192.168.1.X and another port is defaulted to 192.168.2.X.), configure firewall, test and move on. It also comes with their tech support. Last thing you want to be going is getting a call due to their cheapness causing you excess stress. Firewall cost is ~$250 BNIB or less used.
 
Granted they aren't the easiest things to configure (but aren't terribly hard for simple setups), but an EdgeRouter Lite might not be a bad choice. Cheap, good performance and can easily be used to split a single DSL connection between two different IP segments with firewalls between them. If you need UTM-like features, look elsewhere however.
 
The Zyxel unit is decent for an entry level unit. I have used them as well as their bigger brothers in quite a few client installs. Quite a few features for the price. Learning curve is maybe a little steeper than some, but that's mostly because of how much it is capable of doing. Zyxel support is pretty helpful in getting your feet wet and will help you configure it remotely if necessary.
 
Coming from the MSP side of things, I'd suggest running cabling to hard wire as much as possible. Yes, add some new Ubiquiti UAP access points for wireless, but have hard lines ran to a single spot as much as possible. Put up a small 6U-10U rack with a patch panel for the cabling. Run a cheap but decent switch, like a D-Link DGS-1210-28 so you have web management and VLAN capabilities for $170. If they don't need UTM features then the Ubiquiti EdgeRouter Lite would work great for them, add the 1U rackmount bracket to help clean up things. If they do want UTM, I would suggest either a Fortigate 60D or Watchguard XTM330. Oh, don't forget a 1U UPS for stability.
 
Back
Top