What are you deploying as router solutions?

Tech249

n00b
Joined
Sep 17, 2011
Messages
46
For the past ten years, we have mostly done Sonicwall. We started to deploy Untangle about two years ago, along with a few Sonicwall's. Just curious what others are using.

Edit 03.17 @ 9:14pm - fixed title, changed from router to firewall
 
Last edited:

Nicklebon

Gawd
Joined
May 22, 2006
Messages
729
Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.
 

/usr/home

Supreme [H]ardness
Joined
Mar 18, 2008
Messages
6,160
Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.

You knew exactly what he meant... :rolleyes:
 

Nicklebon

Gawd
Joined
May 22, 2006
Messages
729
You knew exactly what he meant... :rolleyes:

Whether I thought I knew what he really meant isn't the point. Words have meanings and using the correct words is important most especially in technical context People should not have to second guess whether or a person really means firewall when he asks for a router or vice versa. As I said, precision is your friend.
 

Tech249

n00b
Joined
Sep 17, 2011
Messages
46
Considering both of neither of these are routers your question is misleading at best and confusing at worst. Words do have meaning and we should use them correctly to ensure our request are understood. Even in today's marketplace where there is considerable overlap in function even a layman should understand that even though firewalls can route they are not routers. The converse also applies. Precision is your friend.

To answer the question as posed we use Cisco routers. If there is need we then deploy firewalls from: Checkpoint, Cisco, Fortinet, Juniper, or Palo Alto according to customer needs or preference.

I apologize, you are correct. In the company of my peers I was lazy and did not specify.
 

Tech249

n00b
Joined
Sep 17, 2011
Messages
46
What is the approximate cost today on the Palo Alto PA-200 and PA-500 series devices?
 

Ur_Mom

Fully [H]
Joined
May 15, 2006
Messages
20,549
At work: Checkpoint and Cisco ASA (moving to the ASA's over Checkpoint).

At home: pfSense.
 

RiDDLeRThC

2[H]4U
Joined
Jun 13, 2002
Messages
3,942
1 PA-500 with threat-prevention, bright cloud url filtering, and premium support came $6,120.
 

schnell

Gawd
Joined
Jul 22, 2005
Messages
763
There is a severe lack of proper terminology going on in this thread. Ether that or none of you know what a router is. You guys are all listing off firewalls not routers. Yes they have some router like features but they are not routers.

We use a pair of Cisco 3800 series routers here at work.
 

KILL____

n00b
Joined
Jan 23, 2013
Messages
40
He had already fixed the title, please quit being rude. And I am in the process of setting up pfsense or Indian, just can't make up my mind yet.
 

jeffmoss26

2[H]4U
Joined
Aug 1, 2002
Messages
2,267
We have Cisco, Adtran, and Samsung routers here. Watchguard firewalls here and at our branch offices.
 

RocketTech

2[H]4U
Joined
Oct 7, 2009
Messages
2,359
pfSense profesionally and at home, TP-Link running openWRT for Residential/Small Business.
 

XOR != OR

[H]F Junkie
Joined
Jun 17, 2003
Messages
11,549
While I prefer to stick with name brand stuff, I have a few small clients where I've been forced to use "old hardware". And I will say I really enjoy the capabilities offered by a raw linux install acting as a firewall/router.

It's remarkable how many higher end functions you can mimic for, essentially, free.
 

Ur_Mom

Fully [H]
Joined
May 15, 2006
Messages
20,549
There is a severe lack of proper terminology going on in this thread. Ether that or none of you know what a router is. You guys are all listing off firewalls not routers. Yes they have some router like features but they are not routers.

We use a pair of Cisco 3800 series routers here at work.

He fixed the title before you threw in your two cents(fixed in OP, not actual thread title). Maybe that is your reading comprehension fail? :)
 

obrith

Limp Gawd
Joined
Jun 11, 2004
Messages
267
In my current gig, all pfSense (multi-location, 'medium'-sized business). I installed them when I was working for a consulting firm and I'm damn glad I did.

My previous consulting firm was installing Junipers that were a serious PITA to manage (especially with no staff specializing) and Netgears for home users. The guy (prior to me) who 'liked' the Junipers set every. freaking. one. up totally wrong. What he actually liked was the kickback he was getting from the sales guy is what I found later. The Netgears (N2000) literally ALL died over a few year period.

They started deploying Netgate boxes with pfSense and have zero issues. They can also offer 'upgrades' (UTM, VPNs, etc) at consulting cost only.

If you get stumped or have an irregular issue, bsdperimeter is awesome - you get a dev immediately helping you work through it.
 

awesomo

Gawd
Joined
Mar 20, 2010
Messages
528
@obrith

This makes me feel like I am doing to right thing. I constantly am looking at other solutions (Right now, I will be ordering a zyxel and I have ordered a Ubiquiti Edge Router). I have about 20 pfSense installs all on Netgate hardware and I have only had one physical failure. Everything else has been pretty solid. And occasional bug here and there, sometimes I can fix it due to it being open source, and sometimes I have to wait for the dev's, but so far, it has worked out very well.

The only major complaint I have is VPN traffic shaping. You can't traffic shape on a vpn interface unless you shape the whole pipe. Have you ever run into this issue? How did you handle it?
 

obrith

Limp Gawd
Joined
Jun 11, 2004
Messages
267
The only major complaint I have is VPN traffic shaping. You can't traffic shape on a vpn interface unless you shape the whole pipe. Have you ever run into this issue? How did you handle it?

I haven't had to deal with that (yet). We have dedicated circuits for our VPNs with fail over to our other lines via Quagga. VOIP is the primary use, but a lot of AD/minor filesharing/etc flows over the line and we've never had a complaint about VOIP, even when under moderate load.

Does it not work to assign an interface to the VPN and shape on it?
 

calvinj

[H]ard|Gawd
Joined
Mar 2, 2009
Messages
1,738
In the past it's been Sonicwalls, Cisco ASAs.

Recently we are taking a long hard look at replacing our 5510 with some Fortigates
 

RocketTech

2[H]4U
Joined
Oct 7, 2009
Messages
2,359
I also haven't had a need to shape a VPN tunnel, as I use it for TS and AD stuff which is pretty low bandwidth. My understanding is you shape the underlying interface (Usually the WAN) which also shapes the VPN traffic.
 

NTAuthourity

Limp Gawd
Joined
Jun 9, 2010
Messages
147
Closed captioning of the following is brought to you by The Following lol sorry just wanted to say it..

Home: All Cisco
Work: Cisco, Juniper
 

awesomo

Gawd
Joined
Mar 20, 2010
Messages
528
I haven't had to deal with that (yet). We have dedicated circuits for our VPNs with fail over to our other lines via Quagga. VOIP is the primary use, but a lot of AD/minor filesharing/etc flows over the line and we've never had a complaint about VOIP, even when under moderate load.

Does it not work to assign an interface to the VPN and shape on it?

Unfortunately, it does not :-(. My current solution is splitting data into one vpn link, and VOIP into another link, and then shaping each pipe accordingly. I struggled long and hard with this and Ermal (the developer of the traffic shaper) stated you just can't shape stuff going into, in, or coming out of a VPN. For all other prioritization, I just use QOS on the switch. Cisco's do allow for QOS on VPN tunnels but they are also hugely expensive with mandatory support contracts to stay up-to-date. So the trade-off's I make with pfSense are well worth it for all the small/medium business stuff I do.

BTW Just tried out the edge router lite. It's a pretty sweet little device. I can see myself using this for small installs. Only complaint thus far is QOS is 100% cli configured. So it's a little time consuming to setup.
 

FLECOM

Modder(ator) & [H]ardest Folder Evar
Staff member
Joined
Jun 27, 2001
Messages
15,739
professionally, watchguard, pfsense sometimes if budgets are tight

personally, pfsense
 

/usr/home

Supreme [H]ardness
Joined
Mar 18, 2008
Messages
6,160
Unfortunately, it does not :-(. My current solution is splitting data into one vpn link, and VOIP into another link, and then shaping each pipe accordingly. I struggled long and hard with this and Ermal (the developer of the traffic shaper) stated you just can't shape stuff going into, in, or coming out of a VPN. For all other prioritization, I just use QOS on the switch. Cisco's do allow for QOS on VPN tunnels but they are also hugely expensive with mandatory support contracts to stay up-to-date. So the trade-off's I make with pfSense are well worth it for all the small/medium business stuff I do.

BTW Just tried out the edge router lite. It's a pretty sweet little device. I can see myself using this for small installs. Only complaint thus far is QOS is 100% cli configured. So it's a little time consuming to setup.

What about RouterOS? They treat VPN links as interfaces.

I regularly visit the Ubiquiti forum, there's a few complaints of bricked units. Apparently you are supposed to shut them down before disconnecting power or it can mess up the file system.
 

/usr/home

Supreme [H]ardness
Joined
Mar 18, 2008
Messages
6,160
Home: Mikrotik and Cisco ASA
Work: Cisco ASAs (Soon to be swapping to ISRs)
 

diizzy

2[H]4U
Joined
Nov 6, 2008
Messages
2,602
@ awesomo
I'm pretty sure the tun-interface supports ALTQ (it did a few years back at least) but it's rather an logical issue. There's no point in dropping traffic that already hit your interface/connection, it'll just generate more traffic/congestion. What you can do is to limit traffic on your internal interface going to the VPN-link at both ends. For this reason it's not possible to limit download speed on your external interface, you could in theory limit traffic going from WAN to LAN on the internal interface but dropping data that far down the line doesn't make any sense...
//Danne
 
Top