Topic: Hardware router or SME for enterprise?

[cydonia]

I have been asked to setup a network at my work and after some advice regarding network planning.

I have used SME Server at home/soho for about 1 year now, and have always run it in gateway mode without a problem (except for those caused by me).  However, I'm not sure whether to just use vendor hardware for the gateway at work, and keep SME behind this in Server only mode.

Just after some thoughts and advice from those who have set SME up in enterprise scenarios.


Cheers.
Tristan

[CharlieBrady]

I have used SME Server at home/soho for about 1 year now, and have always run it in gateway mode without a problem (except for those caused by me).  However, I'm not sure whether to just use vendor hardware for the gateway at work, and keep SME behind this in Server only mode.

There are many more problem reports from people trying to set up behind a soho router than from those configuring server-gateway mode.

[cydonia]

There are many more problem reports from people trying to set up behind a soho router than from those configuring server-gateway mode.

As i'm finding sitting behind a D-Link 504G .

I guess my main concern was security, but since most of these routers are probably running some form of linux anyway, I guess it makes no difference...

Guess I could just run the server-gateway for firewall/routing/pppoe, and keep critical apps hidden behind this.

Actually, another reason was VPN if which I was considering setting up.  But I guess this is probably no harder with SME as with a hardware solution?

[electroman00]

Cydonia

I might suggest taking a look at Smoothwall or IPCop as
a firewall solution.

Excellent support on both forums.

www.smoothwall.org
www.ipcop.org

I might add that IPCop is a fork of the Smoothwall project.

2 or more network cards, the iso, a old pc, 30 mins. and your good to go.

A typical setup looks like this
http://awphuch2000.dyndns.org:1079/smoothwall/images/network.diagrams/red-green-orange.jpg

and other setups

http://community.smoothwall.org/forum/viewtopic.php?t=10709&highlight=network+diagrams

[duncan]

I am behind one of these
I generally put my customers behind these. Never have any problems.

[arthurhanlon]

Hi there,

I am using a SafeCom router (Origo router rebranded I believe) and as I'm 100% confident about SME's security, have opened the first 2000 ports to it and kept the rest closed. Works like a charm including VPN. I like having the added security for the rest of my LAN so if SME is comprimised in any way at all the LAN is still protected by the router.

I have used Smoothwall and let me just say that it's a great peice of kit for firewalling and was very secure for me. The move from this to SME came when I was needing some server capabilities.

Either with or without dedicated hardware firewalling should work fine but for neurotic people like me I would suggest the added security measure.

Hope this helps,

Arthur

[cydonia]

Well, I think my minds made up.  This one by Draytek seems to offer minimal comprimise on all fronts:

http://www.draytek.com.au/products/Vigor2800.php?page=Highlights#Highlights


EDIT:  Also, I remember another reason I began to lean towards hardware routers.  I can work on the SME server, and reboot etc, without internet access being affected.

[turnip]

One option would be to use an SME box as a router, and if you find the security's not strong enough (getting DOS'd etc), install a Juniper firewall in transparent bridged mode. That way you'd get the security benefits, but you wouldn't have to reconfigure anything, and you'd get SME's squid cache etc.

As cydonia said, most SOHO routers run linux or similar, and aren't hardware routers. Juniper/Cisco etc have firewall/routers that can route as fast as a switch, and provide a higher level of security. They're quite expensive though.