snapper 38 Posted February 2, 2018 Share Posted February 2, 2018 On 29/01/2018 at 10:47 PM, schoondoggy said: Ubiquiti Enterprise Gateway Router https://www.ubnt.com/unifi-routing/usg/ Anyone worked with either/both of these? Thoughts? Other recomendations? Unless they already have other UniFi stuff deployed, I wouldn't recommend the USG standalone just for VPN. That said, if IDS/IPS is useful, Chris Buechler (pfSense co-founder) now works for Ubiquiti and they now have USG beta firmware with IDS/IPS... My choice would be the Ubiquiti Edgerouter 4: https://www.ubnt.com/edgemax/edgerouter-4/ Dunno if they are any good as I'm UK, but Baltic Networks has them listed at $170 1 Link to post Share on other sites
itGeeks 187 Posted February 2, 2018 Share Posted February 2, 2018 (edited) The Ubiquiti Edgerouter 4 looks interesting but I have heard from others that the most basic tasks like port forwarding is a bit of a challenge and not strait forward. Over the recent years I have taken the stance that if firmware updates are not automatic and the most basic of setup is not end-user friendly I am not interested. Edited February 2, 2018 by itGeeks Link to post Share on other sites
snapper 38 Posted February 3, 2018 Share Posted February 3, 2018 1 hour ago, itGeeks said: The Ubiquiti Edgerouter 4 looks interesting but I have heard from others that the most basic tasks like port forwarding is a bit of a challenge and not strait forward. Over the recent years I have taken the stance that if firmware updates are not automatic and the most basic of setup is not end-user friendly I am not interested. May have been the case a few years back but port forwarding is a simple GUI web page now. Ref the updates, as this is not for home use, any firmware updates should be done under some form of change control to prevent any downtime to the users, so not having auto update firmware is actually a plus in this situation... 1 Link to post Share on other sites
itGeeks 187 Posted February 8, 2018 Share Posted February 8, 2018 schoon, You have anything new to share on this project? Was wondering if you decided on a solution? Link to post Share on other sites
itGeeks 187 Posted February 8, 2018 Share Posted February 8, 2018 @snapper, I guess I agree to disagree and it could be open to debate. If the business has an in-house IT person maybe but I know from my own experience out of sight out of mind and something as critical as your router that is supposed to help protect you should not be forgotten about. The sad truth they won't get updated. Most routers I dealt with have a "Schedule" for firmware updates so you set it for a time when no one needs the network/internet.... Link to post Share on other sites
snapper 38 Posted February 8, 2018 Share Posted February 8, 2018 14 minutes ago, itGeeks said: @snapper, I guess I agree to disagree and it could be open to debate. If the business has an in-house IT person maybe but I know from my own experience out of sight out of mind and something as critical as your router that is supposed to help protect you should not be forgotten about. The sad truth they won't get updated. Most routers I dealt with have a "Schedule" for firmware updates so you set it for a time when no one needs the network/internet.... Always up for a debate As this is a business, you need to put a business risk lens on it. Having uncontrolled firmware updates could potentially mean unexpected downtime for that company which may mean loss of revenue. What happens if the firmware is faulty and causes issues to other areas? (e.g. recent Intel microcode updates for Spectre and Meltdown caused unexpected reboots) The firmware update itself might fail and the first anyone knows about it is when they come into the office and they can't work. I'm all for timely updates, but in a business, they should form part of the IT risk profile that is acceptable for that company. e.g. if a firmware fix doesn't fix anything but the GUI, should they take it at all, is the risk of downtime / bricked router worth a GUI fix? At home however, the risk of a firmware issue is much smaller; I have auto-firmware updates enabled where possible as I'm happy to accept the risk of an issue arising... Link to post Share on other sites
schoondoggy 900 Posted February 8, 2018 Author Share Posted February 8, 2018 1 hour ago, itGeeks said: schoon, You have anything new to share on this project? Was wondering if you decided on a solution? Yup. They decided to do what I recommended they do in the first place. I did not think they would spend this much, so I did not list it as an option in this thread. A local VAR that is focused on SMB customers will be their IT department now. They will be installing a Fortinet Fortigate 60e in each facility with the full UTM bundle and configure the site to site VPN: https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/FortiGate_FortiWiFi_60E_Series.pdf The VAR will check/update the Fortigates and review threats. Thanks to everyone for the input, I appreciate it. 1 Link to post Share on other sites
itGeeks 187 Posted February 8, 2018 Share Posted February 8, 2018 Thanks for the update, Then it sounds like it's a win win for all involved Link to post Share on other sites
kylejwx 28 Posted November 17, 2019 Share Posted November 17, 2019 I'm interested if the Fortinet is still working well for this situation. I just searched this forum for Fortinet and found this thread. I'm actually interested in learning more about Fortinet in general. I was at a recent EdTech conference and they were everywhere. Seems like their range of products covers everything in the network, from firewalls to Access Points. They even have a phone system I'm looking into. Link to post Share on other sites
schoondoggy 900 Posted November 19, 2019 Author Share Posted November 19, 2019 On 11/16/2019 at 10:38 PM, kylejwx said: I'm interested if the Fortinet is still working well for this situation. I just searched this forum for Fortinet and found this thread. I'm actually interested in learning more about Fortinet in general. I was at a recent EdTech conference and they were everywhere. Seems like their range of products covers everything in the network, from firewalls to Access Points. They even have a phone system I'm looking into. It seems to be going fine, no issues. VPN works as expected. The VAR that installed it takes care of the technical aspects. The customer complains about the support cost, but thy do not have their own IT, so they need the help. Fortinet does very well with SMB and education. I am not sure how cost effective their WAP's are, but they seem to be a nice end to end solution. 1 Link to post Share on other sites
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now