On Mon, Mar 18, 2013 at 1:49 PM, Morgan Blackthorne <[email protected]>wrote:
> We have around 40 or so users (looking to expand to more but not above 100 > any time soon). Right now we've got a Netgear UCS device which we got > because we wanted something with integrated IPSec VPN. Except that > Netgear's implementation isn't exactly standard and you can't use it with > the native OSX/Windows clients, you have to use Netgear's client (or the > company they bought it from), which bypasses the original goal of being > able to set it up natively. > > At this point, I'd be fine with something that ran OpenVPN, which is what > we have running on a Linux box. Being able to nail the connections up onto > the router directly would be preferable and one more back office machine > that I can shut down. Barring that, I'd prefer something that works > natively with OSX and Windows and works with Ubuntu in some fashion (not > concerned about our Ubuntu users needing to install something, as long as > the client is reliable). > > We have an Apple wireless network setup so it doesn't need to do anything > like that. Support for two+ WAN links is preferable in case we ever expand > again or add a failover link back into the picture (one thing the Netgear > line has spoiled us with). Solid DHCP is a must as well, something that has > not been the case with the Netgear (sigh). Only needs to have one LAN link > as we have an array of switches. > > Not in any urgent rush to pick this up, I just figured I'd ask around and > see if folks had recommendations, and if it could simplify my workflow and > stabilize things a bit, then I can pitch it upwards. The last Netgear was > picked by the former director of engineering and really was no better than > what we had before, and actually less stable. However, he's moved on so I > doubt I'll get any static about replacing it at this point. > > > You'll pay more, but the PaloAlto gear is great. You get VPN support for Linux, Mac, and Windows, as well as Android 4+ and IOS devices, you get builtin switching and routing capability, you get anti-virus control with updates (yearly maintenance subscription), and you get some pretty advanced filtering and inspection capabilities. (It knows the protocols on the ports regardless of the port that its using). Also, you can use it for limiting what people can access on the Internet if you are interested, and you get advanced botnet detection and flood/dos protection capabilities. It's a really great edge device, and it sounds kind of like that's what you need. They aren't inexpensive, but they are a very good product. We have a few of them. The Admin UI is sluggish, but the product is solid. There's a bit of a learning curve with figuring out the relationship between NAT and policy interactions. The SNMP trap to management interface is solid and plentifully populated.
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
