Can I use my Draytek Vigor 2820 with a 10MB leased line?
- Thread starter la112651
- Start date
Soldato
- Joined
- 11 Oct 2008
- Posts
- 3,833
- Location
- London
The only concern you really need is whether it can achieve a full 10mbit throughput with all your configuration loaded.
It's not a case of being wasteful, it's about having the right gear to do the job. Equipment can always be redeployed.
It's not a case of being wasteful, it's about having the right gear to do the job. Equipment can always be redeployed.
Associate
- Joined
- 14 Apr 2008
- Posts
- 1,230
- Location
- Manchester
We're using one of these with our Be* pro line, it throughputs at around 17MB, i think the connection will do 18MB.
We've not got anything else on this router either - wireless and VoIP etc are all disabled.
I'd recommend you look at somthing more appropriate - i've had nothing but trouble with the draytek stuff and we'll be replacing it soon with a Cisco ASA (or possibly s/h PIX).
As above, just keep hold of the draytek, maybe you'll need it for a branch office or the boss wants a decent VPN router back to the office, you never know.
(Not that i've tried to do a draytek-cisco vpn, it's probably more trouble than it's worth)
We've not got anything else on this router either - wireless and VoIP etc are all disabled.
I'd recommend you look at somthing more appropriate - i've had nothing but trouble with the draytek stuff and we'll be replacing it soon with a Cisco ASA (or possibly s/h PIX).
As above, just keep hold of the draytek, maybe you'll need it for a branch office or the boss wants a decent VPN router back to the office, you never know.
(Not that i've tried to do a draytek-cisco vpn, it's probably more trouble than it's worth)
It should handle the throughput no problem, I used one for a while at home when I had VM 50mbit cable and it would easily cope and that was with an IPSEC tunnel active and a few other features turned on.
Bigger question is whether you want to use it, Juniper SRX series are my favorite little all in one boxes at the moment.
A little SRX100 would easily meet your needs and also supports a lot more advanced features not found on the DrayTek.
Bigger question is whether you want to use it, Juniper SRX series are my favorite little all in one boxes at the moment.
A little SRX100 would easily meet your needs and also supports a lot more advanced features not found on the DrayTek.
Thanks for the replies everyone. At least I know the option is there to use the draytek if required.
Wij - I had thought about purchasing the SRX100 after reading about it on another post here.
Hows the config on the Juniper firewalls? Easy enough?
Wij - I had thought about purchasing the SRX100 after reading about it on another post here.
Hows the config on the Juniper firewalls? Easy enough?
If you have experience of IOS then yes it's very quick to pick up, but it is enterprise grade kit as apposed to the SOHO style of DrayTek.
The JWeb interface is OK too, I generally prefer working via the CLI though but you can get it up and running very quickly using the web interface.
Well outright performance aside we can start with things like IPv6, Multicast support, MPLS and various other routing protocols that might be handy if you're hooking it up to a leased line or using it as part of a larger corporate network.
Then there is the matter of decent IDP features, anti-virus, though licenses for them can be somewhat costly.
You also have the fact that it is proper enterprise kit from a leading brand who are able to offer decent support contracts - something DrayTek don't even attempt.
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
Who uses the GUI? The SRX is JUNOS based and that's the best router operating system going, full stop.
I've always been a big fan of the Juniper gear, even the SSG series was top of it's class in most ways despite being slightly encumbered by the sometimes illogical screenOS operating system. The SRX fixes most of the flaws, puts JUNOS in place of screenOS (and as a result moves to a j-web style GUI - it's not bad, certainly better than most firewalls).
There's little not to like about the SRX is the bottom line and that they scale from the SRX100 which is next to no money up to the SRX5800 (fastest firewall in the world according to Juniper) with the same code and same interface is a credit to the platform. The IDP stuff is powerful...
The downside is with options the price starts to increase steadily. For all that though they trash the competition, there's not really anything to compete right now (outside fortigate, who have a promising product but it isn't production ready really yet)
To answer the OPs question though...the config can be a little obscure out of the blocks. If you're using the GUI I'd rate it better than Cisco/Checkpoint/Fortigate but not as simple as Watchguard/Sonicwall (that's because they bear a greater resemblance to SME kit though and simply aren't as good). None are as easy as routers like the Draytek so you'll have to learn a bit.
The only other obvious option is a Cisco ASA which are still irrationally popular with small business. Personally I don't think they're up to much, expensive and limited feature wise, they're the most painful security devices to get interoperating with other hardware and IOS/PIX OS was never a nice CLI for doing firewall stuff (the GUI has improved but is still fairly bad too).
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
I used to like PIX command line.For GUI i liked the Checkpoint Smart center stuff.
Each to their own but it's too unstructured in my opinion, adding firewall rules basically using an access list syntax was never ideal but when you've got thousands (or even 50+ really) of rules it's just a big block of text.
IOS style CLI isn't dead but it is dying. The structured hierarchy of JUNOS and similar is more powerful even for routing functions (though it requires a change of mindset to use) and I think particularly for firewalls.
Man of Honour
- Joined
- 30 Jun 2005
- Posts
- 9,515
- Location
- London Town!
Indeed, that they largely dumped it in favour of j-web surprised me slightly. To be fair j-web is probably as easy for most things and brings the advanced stuff out more but it's not as immediately intuitive for adding firewall rules maybe...(might be lingering familiarity with the ScreenOS GUI though)
Guys,
I'm closing in on the leased line being implemented. I've been looking around at the Juniper SRX100 but it looks like it might be just out of my budjet. Can anyone advise a simular firewall/gateway for a budget of £200-£300?
Thanks in advance.
I'm closing in on the leased line being implemented. I've been looking around at the Juniper SRX100 but it looks like it might be just out of my budjet. Can anyone advise a simular firewall/gateway for a budget of £200-£300?
Thanks in advance.
I await Mr BRS to rubbish them but I'd look at a SonicWall.
The TZ100 or TZ200 should squeak into your budget, depending on your need for built-in WiFi and UTM services (gateway AV, content filter etc).
TZ Series Model Comparison Chart
but I'd look at a SonicWall.The TZ100 or TZ200 should squeak into your budget, depending on your need for built-in WiFi and UTM services (gateway AV, content filter etc).
TZ Series Model Comparison Chart
ill exercise some restraint in bashing sonicwalls products, since they bought out aventail for their ssl vpn - that particular product has actually improved...but the last few instances where i've had to deal with their support (sonicwall directly), i have been absolutely apalled. for that reason alone, i wouldn't be in a hurry to recommend and/or buy their products again. i would honestly see if you can stretch your budget for the juniper, they really are lovely pieces of equipment and it honestly would be money well spent.