What are you deploying as router solutions?

Discussion in 'Networking & Security' started by Tech249, Mar 17, 2013.

  1. Tech249

    Tech249 n00b

    Messages:
    46
    Joined:
    Sep 17, 2011
    For the past ten years, we have mostly done Sonicwall. We started to deploy Untangle about two years ago, along with a few Sonicwall's. Just curious what others are using.

    Edit 03.17 @ 9:14pm - fixed title, changed from router to firewall
     
    Last edited: Mar 17, 2013
  2. Nicklebon

    Nicklebon Gawd

    Messages:
    575
    Joined:
    May 22, 2006
    Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

    To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.
     
  3. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    You knew exactly what he meant... :rolleyes:
     
  4. marley1

    marley1 [H]ardness Supreme

    Messages:
    5,447
    Joined:
    Jul 18, 2000
  5. Nicklebon

    Nicklebon Gawd

    Messages:
    575
    Joined:
    May 22, 2006
    Whether I thought I knew what he really meant isn't the point. Words have meanings and using the correct words is important most especially in technical context People should not have to second guess whether or a person really means firewall when he asks for a router or vice versa. As I said, precision is your friend.
     
  6. RiDDLeRThC

    RiDDLeRThC 2[H]4U

    Messages:
    3,886
    Joined:
    Jun 13, 2002
    Recently Checkpoint and Palo Alto.

    I use Astaro @ home
     
  7. dave99

    dave99 2[H]4U

    Messages:
    2,129
    Joined:
    Jan 20, 2011
  8. jimh425

    jimh425 Gawd

    Messages:
    644
    Joined:
    Jan 7, 2012
    I recently switched to pfsense at home.
     
  9. green91

    green91 Limp Gawd

    Messages:
    398
    Joined:
    Sep 2, 2012
    Professionally: Fortigate, ASA
    Home: PFSense
     
  10. Tech249

    Tech249 n00b

    Messages:
    46
    Joined:
    Sep 17, 2011
    I apologize, you are correct. In the company of my peers I was lazy and did not specify.
     
  11. Tech249

    Tech249 n00b

    Messages:
    46
    Joined:
    Sep 17, 2011
    What is the approximate cost today on the Palo Alto PA-200 and PA-500 series devices?
     
  12. Ur_Mom

    Ur_Mom I'm Not Serious

    Messages:
    19,882
    Joined:
    May 15, 2006
    At work: Checkpoint and Cisco ASA (moving to the ASA's over Checkpoint).

    At home: pfSense.
     
  13. RiDDLeRThC

    RiDDLeRThC 2[H]4U

    Messages:
    3,886
    Joined:
    Jun 13, 2002
    1 PA-500 with threat-prevention, bright cloud url filtering, and premium support came $6,120.
     
  14. joblo37pam

    joblo37pam 2[H]4U

    Messages:
    2,048
    Joined:
    Jun 28, 2002
    I've been doing more of these lately as well. Not as intuitive or user-friendly as some, but lots of ability for the price.
     
  15. Tech249

    Tech249 n00b

    Messages:
    46
    Joined:
    Sep 17, 2011
    Thanks.
     
  16. schnell

    schnell Gawd

    Messages:
    763
    Joined:
    Jul 22, 2005
    There is a severe lack of proper terminology going on in this thread. Ether that or none of you know what a router is. You guys are all listing off firewalls not routers. Yes they have some router like features but they are not routers.

    We use a pair of Cisco 3800 series routers here at work.
     
  17. Wrench00

    Wrench00 2[H]4U

    Messages:
    3,423
    Joined:
    Sep 30, 2003
    Pro: Sonicwall
    Home: Sonicwall
     
  18. KILL____

    KILL____ n00b

    Messages:
    40
    Joined:
    Jan 23, 2013
    He had already fixed the title, please quit being rude. And I am in the process of setting up pfsense or Indian, just can't make up my mind yet.
     
  19. Innocence

    Innocence 2[H]4U

    Messages:
    2,604
    Joined:
    Mar 9, 2001
    pf ("pf-nonsense") on OpenBSD.
     
  20. jeffmoss26

    jeffmoss26 2[H]4U

    Messages:
    2,267
    Joined:
    Aug 1, 2002
    We have Cisco, Adtran, and Samsung routers here. Watchguard firewalls here and at our branch offices.
     
  21. RocketTech

    RocketTech 2[H]4U

    Messages:
    2,359
    Joined:
    Oct 7, 2009
    pfSense profesionally and at home, TP-Link running openWRT for Residential/Small Business.
     
  22. sun_bean

    sun_bean Limp Gawd

    Messages:
    344
    Joined:
    Jul 30, 2012
    pfSense, Sonic Wall
     
  23. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    OpenWRT on Atheros based hardware or FreeBSD running pf
    //Danne
     
  24. XOR != OR

    XOR != OR [H]ardForum Junkie

    Messages:
    11,549
    Joined:
    Jun 17, 2003
    While I prefer to stick with name brand stuff, I have a few small clients where I've been forced to use "old hardware". And I will say I really enjoy the capabilities offered by a raw linux install acting as a firewall/router.

    It's remarkable how many higher end functions you can mimic for, essentially, free.
     
  25. QHalo

    QHalo 2[H]4U

    Messages:
    3,432
    Joined:
    Sep 30, 2002
    Palo Alto's here.
     
  26. Ur_Mom

    Ur_Mom I'm Not Serious

    Messages:
    19,882
    Joined:
    May 15, 2006
    He fixed the title before you threw in your two cents(fixed in OP, not actual thread title). Maybe that is your reading comprehension fail? :)
     
  27. obrith

    obrith Limp Gawd

    Messages:
    267
    Joined:
    Jun 11, 2004
    In my current gig, all pfSense (multi-location, 'medium'-sized business). I installed them when I was working for a consulting firm and I'm damn glad I did.

    My previous consulting firm was installing Junipers that were a serious PITA to manage (especially with no staff specializing) and Netgears for home users. The guy (prior to me) who 'liked' the Junipers set every. freaking. one. up totally wrong. What he actually liked was the kickback he was getting from the sales guy is what I found later. The Netgears (N2000) literally ALL died over a few year period.

    They started deploying Netgate boxes with pfSense and have zero issues. They can also offer 'upgrades' (UTM, VPNs, etc) at consulting cost only.

    If you get stumped or have an irregular issue, bsdperimeter is awesome - you get a dev immediately helping you work through it.
     
  28. awesomo

    awesomo Gawd

    Messages:
    528
    Joined:
    Mar 20, 2010
    @obrith

    This makes me feel like I am doing to right thing. I constantly am looking at other solutions (Right now, I will be ordering a zyxel and I have ordered a Ubiquiti Edge Router). I have about 20 pfSense installs all on Netgate hardware and I have only had one physical failure. Everything else has been pretty solid. And occasional bug here and there, sometimes I can fix it due to it being open source, and sometimes I have to wait for the dev's, but so far, it has worked out very well.

    The only major complaint I have is VPN traffic shaping. You can't traffic shape on a vpn interface unless you shape the whole pipe. Have you ever run into this issue? How did you handle it?
     
  29. obrith

    obrith Limp Gawd

    Messages:
    267
    Joined:
    Jun 11, 2004
    I haven't had to deal with that (yet). We have dedicated circuits for our VPNs with fail over to our other lines via Quagga. VOIP is the primary use, but a lot of AD/minor filesharing/etc flows over the line and we've never had a complaint about VOIP, even when under moderate load.

    Does it not work to assign an interface to the VPN and shape on it?
     
  30. Tech249

    Tech249 n00b

    Messages:
    46
    Joined:
    Sep 17, 2011
    Good convo guys, I made this thread for this exact purpose. :)
     
  31. calvinj

    calvinj [H]ard|Gawd

    Messages:
    1,738
    Joined:
    Mar 2, 2009
    In the past it's been Sonicwalls, Cisco ASAs.

    Recently we are taking a long hard look at replacing our 5510 with some Fortigates
     
  32. RocketTech

    RocketTech 2[H]4U

    Messages:
    2,359
    Joined:
    Oct 7, 2009
    I also haven't had a need to shape a VPN tunnel, as I use it for TS and AD stuff which is pretty low bandwidth. My understanding is you shape the underlying interface (Usually the WAN) which also shapes the VPN traffic.
     
  33. NTAuthourity

    NTAuthourity Limp Gawd

    Messages:
    147
    Joined:
    Jun 9, 2010
    Closed captioning of the following is brought to you by The Following lol sorry just wanted to say it..

    Home: All Cisco
    Work: Cisco, Juniper
     
  34. awesomo

    awesomo Gawd

    Messages:
    528
    Joined:
    Mar 20, 2010
    Unfortunately, it does not :-(. My current solution is splitting data into one vpn link, and VOIP into another link, and then shaping each pipe accordingly. I struggled long and hard with this and Ermal (the developer of the traffic shaper) stated you just can't shape stuff going into, in, or coming out of a VPN. For all other prioritization, I just use QOS on the switch. Cisco's do allow for QOS on VPN tunnels but they are also hugely expensive with mandatory support contracts to stay up-to-date. So the trade-off's I make with pfSense are well worth it for all the small/medium business stuff I do.

    BTW Just tried out the edge router lite. It's a pretty sweet little device. I can see myself using this for small installs. Only complaint thus far is QOS is 100% cli configured. So it's a little time consuming to setup.
     
  35. FLECOM

    FLECOM Modder(ator) & [H]ardest Folder Evar Staff Member

    Messages:
    15,599
    Joined:
    Jun 27, 2001
    professionally, watchguard, pfsense sometimes if budgets are tight

    personally, pfsense
     
  36. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    What about RouterOS? They treat VPN links as interfaces.

    I regularly visit the Ubiquiti forum, there's a few complaints of bricked units. Apparently you are supposed to shut them down before disconnecting power or it can mess up the file system.
     
  37. nitrobass24

    nitrobass24 [H]ard|DCer of the Month - December 2009

    Messages:
    10,462
    Joined:
    Apr 7, 2006
    Work: ASA
    Home: Astaro/Sophos
     
  38. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,164
    Joined:
    Mar 18, 2008
    Home: Mikrotik and Cisco ASA
    Work: Cisco ASAs (Soon to be swapping to ISRs)
     
  39. boss99

    boss99 2[H]4U

    Messages:
    2,601
    Joined:
    Dec 29, 2006
    Work: Cisco ASA and Juniper

    Home: Untangle
     
  40. diizzy

    diizzy 2[H]4U

    Messages:
    2,602
    Joined:
    Nov 6, 2008
    @ awesomo
    I'm pretty sure the tun-interface supports ALTQ (it did a few years back at least) but it's rather an logical issue. There's no point in dropping traffic that already hit your interface/connection, it'll just generate more traffic/congestion. What you can do is to limit traffic on your internal interface going to the VPN-link at both ends. For this reason it's not possible to limit download speed on your external interface, you could in theory limit traffic going from WAN to LAN on the internal interface but dropping data that far down the line doesn't make any sense...
    //Danne