Sign in with
Sign up | Sign in
Your question
Solved

Small business network setup

Last response: in Networking
Share
August 21, 2013 8:53:09 AM

I need help on what to purchase regarding a firewall and routers and or ACCESS points etc... for a small business network. Heres what I need the network capable oif doing just not sure what I need to do it please help...

Up to a max of 50 customer's accessing the web over wifi via ipad/smart phone etc...

20 employees able to access a pos system via wifi.

Want to keep the customer's access limited so they arent on same network as employees so either by v-lan or just on different side of network or through different router/switch however it needs to happen.

I have two computers in office that will be hardwired and 1 printer for the business side of network.

I also will have a dedicated media server for running presentations and also looped videos for the front of the store...

Any help possible would bve great not even sure where to start with the hardware at this point!

More about : small business network setup

August 21, 2013 9:03:11 AM

Hire a consultant.

Unless you have experience or certifications you won't get far with just hwardware recommendations. A basic CCNA or CCNA Security would be enough to cover the basics you are doing but if you haven't setup security in a network - especially 50 people - then I strongly recommend hiring a consultant to assess your exact needs..

I usually don't mind researching a little for Tom's posters but this is a consultant service.

m
0
l
August 21, 2013 9:09:55 AM

depending how big of an area you need to cover a sonicwall with wireless tz205 could take care of your firewall and wireless access point. You can set up a secure side for your business and leave/throttle the other side for anyone else. I would put in a managed switch for any other hardwire stuff.
m
0
l
Related resources
August 21, 2013 9:21:07 AM

jackson1420 said:
Hire a consultant.

Unless you have experience or certifications you won't get far with just hwardware recommendations. A basic CCNA or CCNA Security would be enough to cover the basics you are doing but if you haven't setup security in a network - especially 50 people - then I strongly recommend hiring a consultant to assess your exact needs..

I usually don't mind researching a little for Tom's posters but this is a consultant service.



I do have experience but am not certified I just am trying to figure out most cost efficient firewall/router or router with a firewall behind it on the hardware side...
I have been doing research As well but just was looking for some feedback!

m
0
l

Best solution

August 21, 2013 1:48:19 PM

This situation is very similar to the network configuration we are utilizing at out local public library, just slightly less complex. I'll try and explain what we chose to do and what I would recommend for you.

The first thing in your network to address is your firewall and router. To separate your networks properly and ensure your business data is protected, this is a must. A TZ 205 or TZ 215 would proabably be what I would recommend for the performance you need to run the multiple simultaneous connections, but it might be worth it to contact directly to Dell and discuss your network information with them for a good recommendation based on the type of traffic you see, number of concurrent access, necessary throughput, etc.

In your Sonicwall you should configure three separate network zones: Management LAN, Private LAN, Public LAN. Each of these zones will be a separate network range and be the default gateway for your three new VLANs. VLAN100 for Management LAN, VLAN101 for Private LAN, and VLAN102 for Public LAN. You can establish firewall rules to block all traffic between the Management, Private, and Public LAN zones so that users cannot traverse to network devices they shouldn't have access to. In our case we also made it so the Management LAN had access to all other VLANs, but all other VLANs did not have access back into the Management LAN.

Next, you will need a managed switch with VLAN capabilities. If you have quite a few computers simultaneously accessing and transferring data with other internal network devices, such as a server, then I'd recommend installing a gigabit switch. Otherwise you could get by with a 10/100 switch and save a little money, but anymore a gigabit switch is not going to be much more expensive. If you're considering installing PoE capable wireless access points then you may consider a PoE capable switch as well. I have had great luck with the HP ProCurve 1810 series of switches, and these come in a large different configurations from eight to 48 ports and either 10/100 or gigabit speed capabilities. These are smart managed switches which support most business features including VLANs, link aggregation, and more.

For a wireless system, you really need an enterprise wireless solution for the number of simultaneous users you are talking about, and to minimize the number of access points you will need, you should get units which also support VLAN capabilities. Again the type that we use is Ubiquiti UniFi long range access points. They are very low cost but very great quality and performance. These can operate multiple simultaneous wireless networks, such as your Private and Public networks, in separate VLANs for security. I personally have never had more than twenty simultaneous users on a single access point, but they are supposed to be capable of more than that, and even then I never had problems with it besides the underlying bandwidth from the ISP being pretty limiting. You may way to set up two units to give you full coverage as well as fault tolerance (the wireless will continue to work if one or the other units goes down) but it starts getting kind of messy once you get more than three access points in an area. It's hard to say exactly what you need for this because we don't know the exact layout of your office area.

And that is what brings me to what has been stated above kind of. While the overall idea and design of how this network can operate and what is needed is somewhat simple in networking terms, actually getting it operational and secured properly is a whole different story. If you don't know how to configure VLANs or set up firewall access permissions, if you are unfamiliar with tagged and untagged VLAN identifiers on switched networks, or understand the security policies that need to be in place to protect your business data and users, then you should find someone locally who can help you out with this. We can be here offering some advice and some rough estimates on costs for a project like this, but there are many unknowns that will always exist we just can't answer for you that may play a big difference in the solution that works best for you. It's these unknowns that a local person should be able to determine actually being at your site and speaking in person with you. I hope that this gives you a starting place to do some looking though!
Share
August 22, 2013 10:02:18 AM

choucove said:
This situation is very similar to the network configuration we are utilizing at out local public library, just slightly less complex. I'll try and explain what we chose to do and what I would recommend for you.

The first thing in your network to address is your firewall and router. To separate your networks properly and ensure your business data is protected, this is a must. A TZ 205 or TZ 215 would proabably be what I would recommend for the performance you need to run the multiple simultaneous connections, but it might be worth it to contact directly to Dell and discuss your network information with them for a good recommendation based on the type of traffic you see, number of concurrent access, necessary throughput, etc.

In your Sonicwall you should configure three separate network zones: Management LAN, Private LAN, Public LAN. Each of these zones will be a separate network range and be the default gateway for your three new VLANs. VLAN100 for Management LAN, VLAN101 for Private LAN, and VLAN102 for Public LAN. You can establish firewall rules to block all traffic between the Management, Private, and Public LAN zones so that users cannot traverse to network devices they shouldn't have access to. In our case we also made it so the Management LAN had access to all other VLANs, but all other VLANs did not have access back into the Management LAN.

Next, you will need a managed switch with VLAN capabilities. If you have quite a few computers simultaneously accessing and transferring data with other internal network devices, such as a server, then I'd recommend installing a gigabit switch. Otherwise you could get by with a 10/100 switch and save a little money, but anymore a gigabit switch is not going to be much more expensive. If you're considering installing PoE capable wireless access points then you may consider a PoE capable switch as well. I have had great luck with the HP ProCurve 1810 series of switches, and these come in a large different configurations from eight to 48 ports and either 10/100 or gigabit speed capabilities. These are smart managed switches which support most business features including VLANs, link aggregation, and more.

For a wireless system, you really need an enterprise wireless solution for the number of simultaneous users you are talking about, and to minimize the number of access points you will need, you should get units which also support VLAN capabilities. Again the type that we use is Ubiquiti UniFi long range access points. They are very low cost but very great quality and performance. These can operate multiple simultaneous wireless networks, such as your Private and Public networks, in separate VLANs for security. I personally have never had more than twenty simultaneous users on a single access point, but they are supposed to be capable of more than that, and even then I never had problems with it besides the underlying bandwidth from the ISP being pretty limiting. You may way to set up two units to give you full coverage as well as fault tolerance (the wireless will continue to work if one or the other units goes down) but it starts getting kind of messy once you get more than three access points in an area. It's hard to say exactly what you need for this because we don't know the exact layout of your office area.

And that is what brings me to what has been stated above kind of. While the overall idea and design of how this network can operate and what is needed is somewhat simple in networking terms, actually getting it operational and secured properly is a whole different story. If you don't know how to configure VLANs or set up firewall access permissions, if you are unfamiliar with tagged and untagged VLAN identifiers on switched networks, or understand the security policies that need to be in place to protect your business data and users, then you should find someone locally who can help you out with this. We can be here offering some advice and some rough estimates on costs for a project like this, but there are many unknowns that will always exist we just can't answer for you that may play a big difference in the solution that works best for you. It's these unknowns that a local person should be able to determine actually being at your site and speaking in person with you. I hope that this gives you a starting place to do some looking though!



Yes that gives me a place to start we had received a couple quotes one was reasonable the nother was like $8000 so esentially we are just getting feedback etc to get a broader idea of pricing and what not.

As to layout size The network is in a 2800 square foot office there is seperate office in the facility which is where the two hardwired pcs and the media server will be.

The devices connecting will be essentially Ipad's maybe some android based devices and cell phones no laptops no other hardwired machines etc .

so just the up to 60 at most wireless connections at any given time realistically probably only 25 to 35 on guest network or customer network, 10 on employee based pos ipad set-up systems and the the only 3 hardwired connections all in our office seperate from the wireless portion other than the hardware being in that office!



m
0
l
August 23, 2013 5:26:15 PM

I agree with choucove's assessment and recommendations. For the wireless, however, if you're going to use a Sonicwall TZ 215, you could go with their SonicPoint wireless AP's for your wireless. The TZ 215 can support up to 16 of them and acts as a controller, allowing central administration and configuration. They also support multiple SSIDs, VLANs and all the security features of the Sonicwall, and come in several different antenna configurations. Plus, they are not that expensive.
m
0
l
August 23, 2013 5:38:37 PM

Unfortunately I had a very bad experience with the SonicPoint systems, and that's why I didn't recommend them in this case. There is no way of configuring them outside of the Sonicwall firewall, they are not stand-alone APs that can run from just any router, and Sonicwall requires that they be attached within their own WLAN zone with no other exception. We had many difficulties getting communication properly between the WLAN and LAN networks even though all of the firewall settings were configured properly (even by the Sonicwall experts recommendations) and ended up replacing the unit with a Ubiquiti UniFi WAP.

But yes, if you are running only a Sonicwall environment the SonicPoint WAPs are very high quality and have a very decent range capability as well.
m
0
l
!