Site-to-site VPN hardware recommendations
I have a client that is needing a site-to-site VPN setup. They don't want to spend a lot of money on this but since they are a financial company, I want to have a very secure device on both ends. You know the type of client. Any ideas?
I've looked at the Sonicwall 2040 and the Sonicwall TZ170 (in a spoke and hub type setup) and I've looked at using a Cisco 3005 type concentrator. They balked at the Cisco price but were ok with the Sonicwall. I am curious to see what other hardware devices people have used successfully without much cost.
Keep in mind I am looking at a hardware device by a supported company. I'm not looking to buy old hardware off Ebay or use a Linux based firewall. This needs to be a business class solution with real-world tech supoort. Thanks for any help you can offer.
Abaddon
Software/Hardware used:
Software/Hardware used:
ASKED:
May 3, 2006 11:17 AM
UPDATED:
May 4, 2006 12:32 PM
Answer Wiki:
I've been using SonicWall systems for several years, and I'm happy with them.
Bob
To see all answers submitted to the Answer Wiki: View Answer History.
I appreciate the response. As it turned out, my client wanted the hardware ordered today so we went with the Sonicwall. I have a friend that is the CIO of a bank and he also recommended the Sonicwall. So Sonicwall it is! Thanks for the help!
Abaddon
While I understand the corporate viewpoint, I would recommend at some time investigating Linux VPN solutions, if not in this particular instance, in some other when you have more time to look at what’s available. There are a great many “real world” Linux VPN installations out there, with as many highly knowledgeable users, many of them involved in the actual coding and readily available to help with problems in the community. Remember, the internet infrastructure is built primarily on UNIX/Linux, and although I am not certain with the Sonicwall products, I can tell you that the majority of VPN hardware manufacturers run Linux on their hardware, including LinkSys, Aventail, SecureEdge, SnapGear and RedCreek.
I have also used them for years with no major issues other than compatibility between generations (much older to newer). You will want to keep in mind that they tend to end software updates every 3 to 4 years for each generation unless critical. But do have upgrade programs in place. This is due to continual feature updates – you’ll want to get the support subscriptions as well. I also prefer to have the SonicOS Enhanced option on all my units unless the site is really small – the extra features remove a lot of headaches sometimes.
I have had pretty much bulletproof experiences with the Cisco PIX line. They have been replaced recently with the ASA, which offers additional functionality, but the SonicWall is also a very good product. If you are looking at multiple incoming datalines, or want load-balancing and/or fault tolerance, StoneGate is a good choice for this application.
Tell us more!