1

Calculon-scene.png
Calculon-scene.png765×392 70.8 KB

I have a client whom I love dearly, but they resist spending money on any serious small business equipment. This client regularly does deals with their clients that range into the millions of dollars. They work with some very well known celebrities and sports figures. Their clientele accept only the best in terms of quality which is why it is so damned puzzling and frustrating that they don’t seem to see the value in doing their business network and PCs the same way.

This client has had me try and try to make consumer grade routers work in their small business - and they do work, for a while… Then they start acting up, requiring reboots to access the login screen or allow people to connect to WiFi or they require me to re-add people to VPN so they can continue to connect.

I am just tired of it and I know the end users are tired of it as well. I am going to buy him a business class router and WiFi solution and just be done with it.

They have 7 full time employees and 10 PCs connected to their network. From time to time, they may have an additional 10 laptops connected, and they all have smartphones and laptops/tablets which connect as well. The LAN is supplied currently by a Comcast modem that is in pass-through mode (at 300Mbps), which allows their current consumer grade router to handle DHCP and VPN services.

These are the simple requirements :

  • The router must have DHCP/VPN capabilities and support a 1Gbps LAN.
  • End users (10 of them) need to be able to connect to the VPN simultaneously, using the Windows 10 Pro built-in VPN client, without significant loss of speed.
  • It would be nice to have WiFi built in, but we can add a WAP if needed.
  • They need 1Gbps WiFi with guest mode and the ability to support at least 30 devices.
  • I really don’t think they want to have to pay yearly for some web UI to be able to control their own router. I still haven’t figured out why this ever became a thing…
  • I’d like something that is going to be supported for 3 to 5 years.

I’d like to keep the equipment all from the same vendor if possible. I don’t care if it’s TP-Link or Ubiquiti or Cisco…it just needs to be a quality solution.

What router/WAP solutions do you guys recommend?

14 Spice ups
2

I would go with USG Pro and pair with some Unifi AC.

9 Spice ups
(adrian_ych) 3

WAP or Wireless AP ? They do mean different things especially you mention stuff about security.

You may need to look at low-end Enterprise products or prosumer range…30 devices @ 1Gbps each is hard to reach for most wireless APs…imagine if it is full duplex at 1Gbps, each device will be sharing at 30mbps…thats like at most 5MBps.

Why not have a proper networking vendor take a look at it and have a few proposals ?

1 Spice up
4

Possibly a Draytek 2862n they are lower end but I think would do the job.

5

Look at this

This model is gonna give you:

  1. Affordable price
  2. Hardware encryption (important for business)
  3. VPN, dhcp and dns servers
  4. Ability to configure ports by your needs
  5. Linux based os called RouterOS
  6. Unique view for all devices
  7. Ability to connect using ssh, web-interface, dedicated app (Winbox)
  8. WiFi 2.4/5Ghz
  9. 1Gbit/s
    etc.

Generally speaking for £60 you can take almost enterprise level router.
And of course you can use ap like MikroTik Routers and Wireless - Products: cAP ac or ubiquity

1 Spice up
6

Companies that do this do my t*ts in! If they require a solid network and such and they are doing deals to the tune of £££,£££’s+ then they should fork out for a decent router. Can you show them a pen test of the current router and or point them to https://www.exploit-db.com/ and scare them into saving them time and money? If it were me i’d equate the whole thing to £’s (your time in fixing/correcting/rebooting). The cost if it goes down etc.

On a recommendation note, i’d go for a SonicWall TZ300. Christ, pick one up off eBay cheap and just license it for whatever you need. They need to be aware that even the basics cost money. Failing that, if they want cheap cheap then just go for a draytek 2860. Does everything and won’t need licensing. Their VPN software is awesome. Again, go eBay if you really need to but make sure that anything you get is patched.

God speed my frustrated friend.

FYI, I did once turn off a cr@ppy router on purpose to prove a point. I don’t recommend that though lol

1 Spice up
7

Draytek is ok but the web interface it’s just horrible especially in 2019 when web ui it’s so important.

1 Spice up
8

Ubiquiti USG has the best value for the price. Would need an AP or two though as Wireless capabilities are not built in. Unsure what its VPN capabilities look like. Generally though, the UniFi line falls right into the niche you’re talking about and is often labeled “Prosumer.”

Hope that helps!

2 Spice ups
9

Another vote for Ubiquiti here.

Good solid equipment at a realistic price and no licensing BS.

2 Spice ups
10

I would look into Fortigate, mainly the FortiWiFI 60E, that would be more than enough. You can create internal and guest wifis, the FortiWiFi can do DHCP for any network. It has the capability to do VPN. Also if there is a dead or weak spot in the building you can add a FortAP into the mix and it will broadcast the same wifi network. It can also all be managed by the FortiWiFi.

1 Spice up
11

Cisco has certified refurbished products with warranties just like their new gear. This could be a way to save money but still get reliable, business class gear.

1 Spice up
12

Have you checked out the router options from ubiquiti?

2 Spice ups
13

+1 for Ubiquiti. I just bought myself an EdgeRouter Lite for ~$100 and it does all that minus the WAP.

What are the differences? I always thought WAP was a (Wireless Access Point) and Wireless AP would be the same.

1 Spice up
14

I believe it is Wireless Access Protocol others do confused it with Wireless Access Point.

1 Spice up
15

If you want an excellent firewall with UTM capabilities for filtering and actually protecting the network, I highly recommend WatchGuard firewalls.

I had a client like yours who balked for years about buying a good firewall/UTM, then FINALLY did so. Within two months, it stopped two ransomware infections from happening by stripping the macro and then blocking an EXE file download. Once I explained how it just saved his company TWICE, he hasn’t mentioned the cost since then.

I have sold a couple clients just by doing a demo of how it can block drive-by downloads, by using these links:

http://download.brother.com/welcome/dlf004709/DCP-330C-inst-win7-A2.EXE

http://download.brother.com/welcome/dlf004709/DCP-330C-inst-win7-A2.EXE

https://download.brother.com/welcome/dlf004709/DCP-330C-inst-win7-A2.EXE

Even without a UTM subscription, those downloads can be blocked.

Gregg

3 Spice ups
16

I recommend Ubiquiti’s UniFi Security Gateway (USG) and a couple of Unifi AP LR access points.

Works for me and all of my clients, from 10 users to 100.

All works under a Software called SDN Controller that must be installed on a server or a computer in the network. It enables a very nice Web UI and you can also access it with an App from your phone.

DHCP, VPN and other essentials services can be configured from there.

Pretty easy. Lot of documentation on Internet if you need it.

Doesn’t like Microtik. It’s more complex.

2 Spice ups
17

If one is referring to “a” WAP, then I have always heard “WAP” as an acronym for Wireless Access Point.

There is the “WAP” Wireless Application Protocol: Wireless Application Protocol - Wikipedia . The protocol references MOBILE wireless technologies for phones, not the “WiFi” for computers we are discussing here.

Gregg

1 Spice up
18

Regarding your “It would be nice to have WiFi built in, but we can add a WAP if needed” comment, I highly recommend AGAINST wireless access points built into routers/firewalls. I emphasized the “a” in your comment because others have confused your “a WAP” comment with something else, when you clearly were talking about “WiFi” wireless and not a protocol or other security product.

Anyway, the reasons I recommend against built-in WiFi on routers/firewalls are multiple:

  1. The wireless router/firewall rarely is centrally located where it can feed an office with decent coverage.

  2. When technologies change for either the firewall or the WAPs, either one can be upgraded or replaced without the cost of replacing one whole unit. For example, I can upgrade my installations from 802.3ac to 802.3ax for the cost of a WAP without touching my expensive firewalls.

  3. Cost: the built-in wireless sometimes is WAY more expensive than a separate WAP. For example, a WatchGuard T35 with 3-yr Total Security Suite lists at $2,660, but the T35-W version with a wireless access point built into it lists at $3,195, a whopping $535 difference. I’d rather have the non-wireless T35, and then add up to three UAP-AC-PRO WAPs, for that same price, as an example. Most of my clients only need one WAP, so it saves a lot of money.

  4. I have clients who won’t buy a good firewall, but still want good wireless, so I use the UniFi line of WAPs, and I can manage ALL of my clients’ wireless from one spot.

Gregg

3 Spice ups
19

Thanks for the WatchGuard shout-out, Gregg!

OP, for your requirements, I’d reccommend looking into the WatchGuard Firebox T70 and comparing the specs against your needs with some of the other similar models. Please feel free to message me directly with any questions or if you’d like more information on WatchGuard firewalls!

Best of luck!

20

Because the client is cheap as hell when it comes to anything to do with their network.

1 Spice up