Michael Dur on 11 Aug 2014 13:47:29 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] plug Digest, Vol 117, Issue 6

Hello Greg, 

I've been using an alix box with three interfaces running pfsense for a few years now.
They cost around $200, are low hassle, and very reliable.
I've been using it for routing/dns forwarding (lan/wan/dmz), ipv6 tunneling, and openvpn.
The geode processor in the alix embedded systems are the same as those in the cisco 5505 firewalls to my knowledge.
For 20 users you may want to get a small celeron system.


Message: 1
Date: Mon, 11 Aug 2014 15:03:08 -0400
From: Greg Helledy <gregsonh@gra-inc.com>
To: plug@lists.phillylinux.org
Subject: [PLUG] Network gateway solution for small business?
Message-ID: <53E9136C.9070804@gra-inc.com" href="mailto:53E9136C.9070804@gra-inc.com">53E9136C.9070804@gra-inc.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

We have an office with about 20 employees.  We currently use a PC with a
Windows-based application to handle connecting our LAN to the internet.
  The hardware and software/OS install are both aging and reliability is
declining, which is proving to be a problem.

The solutions I see are:
1. buy a new PC and do a fresh install of the OS and application (both
of which we already have licenses for)
2. buy a new PC and install an OSS alternative (pfSense?)
3. buy a dedicated gateway/router/firewall appliance

We are leaning towards 3. for a few reasons:

a. the router will be easier to maintain, take up less space, produce
less noise and heat, and consume less electricity than a PC
b. it looks like we can get a small business-class router for around
(~$500) the price of a basic PC
c. we can get an appliance that does out-of-the-box the things we care
about, and don't need the additional flexibility that a PC would provide.

The things we need are:
*gateway with firewall that can be configured to do port forwarding of
incoming connections
*ability to handle 2 WANs simultaneously.  We have service from two
providers, for redundancy.  We don't need any complex traffic
shaping/load balancing, just need traffic to go to ISP B when ISP A is down.
*DHCP that can assign fixed IPs to networked machines by MAC
*antivirus scanning of traffic, to protect the Windows-based machines on
the LAN
*a built-in wireless access point would be nice, but is not necessary
(we can just plug something in).

I have started doing some research but surprisingly, flaky firmware
seems to be a frequent user complaint even in this class of device.  I
love my tomato router at home but we need to stick with factory firmware
for this application.  If anyone has a recommendation, please send it my
way.  Thanks in advance, and sorry for the interruption.

Greg Helledy
GRA, Incorporated
P:  +1 215-884-7500
F:  +1 215-884-1385

-- NOTICE - This communication may contain confidential and privileged
information that is for the sole use of the intended recipient. Any
viewing, copying of distribution of, or reliance on this message by
unintended recipients is strictly prohibited. If you have received this
message in error, please notify us immediately by replying to the
message and deleting it from your computer.

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug