Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35

Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35

am 15.06.2007 16:27:36 von Robert Stokes

Hello,

Our current setup uses a ZyXEL ZyWALL 35 with two Netgear DG834G ADSL
routers connected to the two WAN ports on the ZyWALL. Our office is in a
fairly remote location so ADSL is our only viable method of providing an
internet connection. This setup has worked quite well for the last couple of
years but recently we have had the following concerns with continuing to use
the ZyWALL:

- We are getting more remote users using Windows Vista and the ZyXEL VPN
client doesn't work under Vista. ZyXEL won't give an ETA on when a
Vista-compatible version will be out, but suggest it could be next year.

- The VPN has also not been the most reliable with Windows XP users - often
it works but there have been random connection problems - sometimes it just
doesn't work, despite ZyXEL confirming that our setup is correct.

- We would like to have more than two ADSL links in the near future
(possibly up to four) and then use one for servers (Exchange server, etc.)
and the other three to be load-balanced to provide web access to our users'
workstations. Our current ZyWALL 35 only has 2 WAN ports.


We have now had more problems with our ZyWALL 35 unit and are looking to
replace it immediately. Can anyone recommend a replacement unit that ticks
the following boxes:

- is a hardware firewall
- has full IPsec VPN
- VPN client is Windows-Vista compatible - a must!
- has up to 4 WAN ports and allows load-balancing across some of the WAN
ports (but not forced to load-balance ALL of the ports - want to use one for
servers only, so some kind of static routing required) so we can connect
multiple ADSL connections.
- will provide NAT so we can forward ports (eg. 21 to our FTP server, 25 to
our Exchange server, etc.)

Cost is less of a concern over having a reliable unit that comes from an
established manufacturer and ease of use (easy VPN client installation/use,
good GUI interface to router, etc.). We are now a company with over 150
users, so are more than happy to invest heavily in a unit if it gives us
what we want.

So, can anyone point me in the right direction?

Many thanks,
Robert Stokes

Re: Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35

am 15.06.2007 17:12:47 von Leythos

In article <4672a1d9$0$30318$fa0fcedb@news.zen.co.uk>,
robert.stokes@audleytravel.com says...
> So, can anyone point me in the right direction?

www.watchguard.com - call their sales line, explain your situation and
goals, their devices are top of the line.

You may be able to build a solution that does not require any VPN
software installed anywhere - you might be able to use a SSL based
solution.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

Re: Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35

am 15.06.2007 18:13:57 von Robert Stokes

Thanks Leythos ... I was just looking at the WatchGuard products actually!
So a recommendation that they are good products is fantastic. I will
definitely call them and explain the situation, but the Firebox X Core
X1250e (upgraded to the Firebox Pro OS) looks like the unit for us. The
price is also around what I was budgeting for.

http://www.watchguard.com/products/x1250e.asp

I also found an article on TechRepublic that suggested that a
Vista-compatible upgrade to WatchGuard's VPN client software will be
released in late 3rd quarter 2007, so not too long to wait if we go that
route.

http://techrepublic.com.com/5208-6230-0.html?forumID=101&thr eadID=215124&messageID=2220187

Thanks again for the recommendation!



"Leythos" wrote in message
news:MPG.20dc7677abb5a3fe989721@adfree.Usenet.com...
> In article <4672a1d9$0$30318$fa0fcedb@news.zen.co.uk>,
> robert.stokes@audleytravel.com says...
>> So, can anyone point me in the right direction?
>
> www.watchguard.com - call their sales line, explain your situation and
> goals, their devices are top of the line.
>
> You may be able to build a solution that does not require any VPN
> software installed anywhere - you might be able to use a SSL based
> solution.
>
> --
>
> Leythos
> - Igitur qui desiderat pacem, praeparet bellum.
> - Calling an illegal alien an "undocumented worker" is like calling a
> drug dealer an "unlicensed pharmacist"
> spam999free@rrohio.com (remove 999 for proper email address)

Re: Please recommend a firewall/VPN router to replace a ZyXEL ZyWALL 35

am 15.06.2007 18:27:55 von Leythos

In article <4672bacd$0$27855$db0fefd9@news.zen.co.uk>,
robert.stokes@audleytravel.com says...
> Thanks Leythos ... I was just looking at the WatchGuard products actually!
> So a recommendation that they are good products is fantastic. I will
> definitely call them and explain the situation, but the Firebox X Core
> X1250e (upgraded to the Firebox Pro OS) looks like the unit for us. The
> price is also around what I was budgeting for.
>
> http://www.watchguard.com/products/x1250e.asp

I have a x1250e and a Firebox III/1000 and a Firebox II sitting here in
my home, they are great units. I've installed about 80 of them in the
last few years and always found they were easy to make work with about
any other device and their own.

> I also found an article on TechRepublic that suggested that a
> Vista-compatible upgrade to WatchGuard's VPN client software will be
> released in late 3rd quarter 2007, so not too long to wait if we go that
> route.
>
> http://techrepublic.com.com/5208-6230-0.html?forumID=101&thr eadID=215124&messageID=2220187
>
> Thanks again for the recommendation!

We don't implement their VPN client software, we use a number of
methods, even the old PPTP and then we setup restrictions on what the
VPN user can access (IP and Ports) - so it's not an open all access VPN
connection. In most cases we limit a VPN connectio to the IP of the
terminal server by port 3389 - this eliminates most issues that others
experience with a VPN.

--

Leythos
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)