Hello all!
I’m currently using Windows Server VPN to allow 10 remote Windows users to connect to our LAN. I’d like to transition to an appliance for added security and because I wish to eventually set up a Site-to-Site VPN/BOVPN with another of our locations.
Since we have so few remote users, I thought I might be able to get by with the VPN functionality on my SonicWALL Firewall, but it was ridiculously slow, even with only a single user connected. Any recommendations or endorsements on appliances for a small office like mine?
Thanks!
7 Spice ups
jonahzona
(jonahzona)
2
Have used Watchguard for a few years, their stuff is rock solid and great support. VPN is a snap.
@WatchGuard_Technologies_Inc
2 Spice ups
Check point or Sonicwall for simplicity, performance and support
What is your WAN connection?
keithbull
(Keith Bull)
5
We use a Juniper SA2500 which is an SSL VPN which is a pretty solid solution. We like the SSL VPN because we have found some ISP’s (Comcast) block standard VPN connections but the SSL VPN’s don’t seem to be affected. It is also nice because you can setup various VPN URL’s for specific types of users / devices (PC, Mac, Mobile, etc). We use the Host Checker application that comes with the VPN which you can set rules like not allowing a device to connect to the VPN is it does not have update to date anti-virus and has not run a complete scan in x amount of days. It can be a fairly complicated device though.
1 Spice up
Cisco ASA for offices over 20 people. 20 or less look at Cisco RV320 or 325.
1 Spice up
bos
(BoS)
7
SonicWALL should work fine for you. It does for some of my clients with similar number of VPN users.
What exactly is slow?
+1 for watchguard
We deploy the XTM25 model and they are fantastic
1 Spice up
I doubt the slowness is caused by the Sonicwall. I have half a dozen or so installed, SSL as well as site-to-site. Are you using the SSL client? What model Sonicwall?
We’re on 10 Mbps synchronous fiber, which is quite an upgrade from our old T1 (and yes, I tested the Sonicwall VPN AFTER the fiber went in).
When connecting to the Sonicwall, accessing network resources was taking two to four times as long as using Windows Server VPN; Explorer windows took longer to open, files took longer to copy, and so on. Configuration was completed in accordance with Dell’s documentation. I tested connecting via the Sonicwall SSL client and, after some additional config, Windows connection manager. We experienced sluggishness with both. I’m ok with shelling out for some new equipment, especially since we’re taxing the Sonicwall pretty consistently as it stands now (I’d prefer not to give out our exact model number, but it is a mid-range UTM appliance).
Thanks for the info guys, I’ll start looking into some of the specific recommendations.
1 Spice up
dq95916
(DQ)
11
What’s your budget and what’s the VPN throughput of your current Sonicwall. If you are want something affordable you can check out the Netgear Prosecure UTM 5, it’s very affordable for a small business not requiring neck breaking speeds. I use this device for other purposes, Guest wifi access and they have been going strong for 3 years now. We did lose one of our major VPN sites at one time and I quickly threw one up for a 5 site to site VPN tunnels and it worked like a champ.
Cisco ASA 5505 will do what you need.
1 Spice up
krisleslie
(KrisLeslie)
13
Just thought I’d throw Pertino in the mix, not sure if your environment would benefit but thats what I use and stand by.
1 Spice up
voiceguy2
(voiceguy2)
14
I’d check out logmein Hamachi… you might be surprised at how well the vpn piece works. I’ve used it for a number of small offices and for $30 a year you can setup a 30 person network without any new hardware. I’ve had very good speeds through it as well.
2 Spice ups
If you’re virtualised, why not give a go to pfSense virtual appliance ?
Rock solid, free, and if you want you can buy support.
2 Spice ups
mpk
(mpk)
16
Sign me up for the Sophos UTM. Lots of different sizes for different size operations. Rock solid and easy to setup and use. I like the integrated Wi-Fi management, and the Remote Ethernet Devices (REDs). We run a number of IPSEC VPNs to AT&T, T-Mobile, and Verizon. We run VPN connections to our remote locations through the RED units.
2 Spice ups
We use our Fortigate appliance for a static point to point VPN replication connection but I was very happy to start using a Microsoft VPN server for offsite users - it has very good security features and Windows already has the client built in.
That your SonicWAll was slow, is it really old? Generally the SonicWall VPN is alright.
I appreciate the concern some are showing about the Sonicwall VPN, but I’ve addressed it about as much as I’m going to. For whatever reason, the SSL VPN on my UTM appliance is noticeably slow vs Windows Server VPN. I spent a long time troubleshooting it without success.
I’d prefer to break out the VPN to separate hardware anyway, so thank you for all of the hardware recommendations! (Also, Hamachi is intriguing, and I already have a subscription that includes it. I doubt I’ll deploy it, but it did cause me to look a little more closely at it.)
krisleslie
(KrisLeslie)
19
Consider Pertino (it even connects to your Active Directory server)
Based on the sales calls I’ve received from them, they seem like they’re marketing pretty hard.
You’re not affiliated with Pertino, are you? 
