New House, New Network Setup Help

cmac22

Reputable
Apr 1, 2014
8
0
4,510
Hey guys,

I just purchased a new house that's approximately 9500 sqft, not including the land that it sits on. ~4 acres. I'm designing a network that is scalable and I would like your feedback before I move forward.

Currently, I have two ISPs. I would like to tie them together via a load balancer for failover. Inside the house i have a surveillance system, a NAS storage server, an all-in-one printer, and between 8-15 mobile devices connected at any given time (cell phones and laptops). One of the problems I've had thus far is range of the wifi signal. So I'm also thinking of adding two access points on the opposite ends of the house. I'm also planning on having ethernet ports installed in many of the rooms in the house, though I wont do this part myself.

The security system is tied to one of my modems and I can access it from my cell phone. However, its been attacked recently so I would like to place it behind a firewall but still access it via my phone. Is this possible? I'm assuming i would need to do port forwarding?

I'm thinking of going with a Dell SonicWall TZ205. It has the capability for VPN setup which would be beneficial for when I need to access my files when I'm traveling. I'm also familiar with the interface.

What do you guys think of my network map? Do you see any issues? Should i make any changes? Should I have the load balancer handle DHCP between the two modems or should that be handled by the SonicWall?

Also, I'm assuming the surveillance server, printer, and NAS would all need to be assigned static LAN addresses, correct?

Thanks in advance!

networkmap_zps0c63311f.png
 

jeff-j

Honorable
Dec 13, 2013
508
0
11,060
I would look into a Fortigate firewall, they sell models that can do the load balancing/failover for dual ISPs, they are also the firewall, and they do VPN. I have heard of horror stories of sonicwall in the past so I tend to stay away from them. Also I would let the Fortigate or any firewall you get handle DHCP.
 

cmac22

Reputable
Apr 1, 2014
8
0
4,510
Thanks for input! I checked out the links you all have posted. The TP-Link doesn't seem to have a built in firewall, so I would still have to purchase one in addition to that. It seems to be really good at handling dual WANs though. I looked at the Fortigate AscenLink, and it appears to be the same thing as TP link. No firewall built in. They have other devices that are firewall and have VPN under their Unified Threat Management platform, but it doesn't appear to also have load balancing all-in-one. That leaves the sonicwall 2400, which I'm personally leaning towards as of right now, sort of. We have one of the smaller models installed at a few of our offices so I'm familiar with setup, configuration, VPN, and DHCP through the interface which makes it easy to get going. The description isn't very informative in regards to load balancing and failover. It isn't specifically indicated on the 2400, but the "Business Continuity" link says this feature is on all NSA models. I may have to contact sales to see its full capability versus the 2600 model.

Per my diagram above, I'm thinking of combining the firewall and load balancer, but still attaching a switch for scalability.

What are your thoughts?
 

cmac22

Reputable
Apr 1, 2014
8
0
4,510


Thanks abailey. I stand corrected. You are right. I looked at the datasheet and it does include a firewall.

I now have to decide between the Sonicwall NSA2400 and the TP-Link TL-ER6020.

Can you think of anything else I may need for this network or should i be good to go with the new proposed setup?