[SOLVED] Asus RT-AC66u or Sonicwall TZ 205 for firewall and VPN

[MonsterMaxx]

Cold rainy day, nothing better to do than mess around with computer stuff.

I have to decide between continuing to use the Asus router or should I switch out for the Sonicwall.

Home/office. 4 of the Asus at the main building, ubiquity long range wireless to reach the shop and another Asus. I got VPN working some time ago but it was never reliable, it's very slow and now it's not working.

Spent a bit of time getting all the routers/etc updated today and am looking into this sonicwall.

Had this Sonicwall for a few years NIB. Got it out today, got it fired up, loaded the latest 1.25yr old firmware and am looking around the device.

Have my doubts, but am turning to the community for advise.

I need a fast, reliable, secure connection. And I sometimes need VPN.

Should I make the firewalling Asus just another access point and let the Sonicwall do firewall and VPN or stick with the Asus?

Thanks in advance

 

[bill001g]

Why do you feel you need a firewall.

If you do not host a server at your house then you likely do not need one. The NAT function even on the simplest router prevents any traffic going from the internet to any machine inside your house. This is why you need to port forward to get some games to work because all incoming traffic is blocked.

Almost all advanced firewall function are related to stopping attacks on something like a web server.

If you are worried about rogue machine in your lan you have a much larger problem.

The VPN question will mostly be based on how much bandwidth you need. This is purely a CPU issue and most sonic walls have larger CPU. There are newer asus routers RT-AC86U that have vpn accelerator hardware in them so they offload the cpu.

 

[MonsterMaxx]

I configured and installed it (the sonicwall.)

DSLreports speed test is half (100mbs)on the downlink side than it was before (200mbs.)

So I guess I wasted a rainy afternoon on this silly thing

 

[MonsterMaxx]

Yup, put the Asus back in as primary and speeds went back up to 200mbs.

 

[bill001g]

If you get 100mbps on a vpn you are doing pretty good. Many home routers without a vpn chip are limited to well under 50mbps when you use openvpn. It is extremely cpu intensive. From what I have seen firewalls have charts that show the expected vpn bandwidth. Pretty much it too is based on how fast the cpu chip is.

Many have accelerators for ipsec but not openvpn. If your VPN provider support IPSEC you may get more throughput.

 

[MonsterMaxx]

not on the vpn, just straight download, speed was cut in half w/ the sonicwall

 

[jsmithepa]

I wager this maybe an older Sonicwall with a 100 mbit WAN port. These things are home-office class worth several usd$hundreds new and you shouldn't find one sitting around unless it's been obsoleted.

 

[bill001g]

That is surprising. You would have to dig to find the NAT rates they expect with that firewall.

I know most consumer router have a feature that allows the NAT to bypass the CPU and have the NAT done by the switch chip...I think.

The problem is when you bypass the cpu chip you lose almost all the advanced features and even simple ones. My asus router will not even display utilization stats because the cpu never sees the traffic.

You get gigabit nat speeds but pretty much that is all the box does and if you try to use the feature it drops back to cpu doing nat and even the largest ASUS routers top out under 300mbps.

 

[MonsterMaxx]

I switched the Asus from PPTP to OpenVPN and it works. Can't really say how fast it is, connected via phone hotspot and I don't want to use up all my data. But it does work.