Sign in with
Sign up | Sign in
Your question

Network setup for 25 people, Advice please

Last response: in Networking
Share
April 2, 2010 3:38:42 PM

I need advice on setting up internal and external email systems, internet access for about 25 staff and remote dial-up (VPN). Currently we have only standalone PC’s, not networked.

What hardware and software will I need to acquire, what services will we have to contract from other vendors and what are the security considerations we need to take into account.

Thanks
April 3, 2010 6:11:25 PM

That's a huge question, that can't be answered in enough detail in a forum post. You may want to look for a local vendor that does IT support. You're talking firewall, router, windows server (possible) to handle the VPN. Security is something serious, you can't just slap this together and hope it works, it needs to be confiured correctly or your network is at risk.
April 4, 2010 5:23:32 AM

Well from the networking front you'll need the following:

1) Switch, preferably a managed one but it doesn't have to be. If you go with a managed switch you'll be able to create vlans and separate off "virtual" networks all within the same switch. You can then firewall these separate networks. For a 25 person office this probably isn't a requirement, and it maybe easier just to use two switches a "DMZ" switch (put your internet facing servers if you have any here) and an "internal" switch (user segments).

2) A good firewall / router. If you're looking for a VPN solution as well as a firewall / router I personally like the Cisco ASA series equipment. Depending on your routing needs this would PROBABLY do all you'd need from a router. If not you may want to look at the ISR models as well. Even with the entry level ASA 5505 (I'd prob ask for a 5510 though) you'll have enough throughput to easily handle 25 users and depending on licensing you can maintain up to 25 concurrent SSL based VPN users as well. I'd HIGHLY recommend using an SSL based VPN solution as it works better with mobile networks and traveling users where ipsec maybe getting dropped / blocked. I'd recommend staying away from using a Windows server as your VPN termination point... they aren't typically built to have encryption hardware accelerated for best throughput... where as a lot of the appliances are. My shortlist for vendors would probably be Cisco, Juniper, and CheckPoint... though there are some others that might be worth investigating as well such as Sonicwall NSA's, Fortinet, IBM's Proventia MX line, etc... The latter group tend to include a lot more features into a single box.

If you go with the Cisco ASA it's NOT fun to configure the first time, but once you do it'll run forever... and the AnyConnect SSL VPN client is GREAT.


If you're on a tight budget you may want to take a look at Untangle, it's a customized (free) linux that includes IPS, Firewall, SSLVPN, Content Filtering (web / antispam), etc... you just supply a good server level piece of hardware and the rest is free. Keep in mind that a GOOD server to run all this maybe more expensive than just buying an appliance based solution from one of the above. Make sure it's got RAID 1 or 5... disk drive failures are your biggest worry on a pretty much any firewall. Juniper and Cisco use flash memory for this reason.

Regarding your internal servers for file / print.... Plenty of people will argue that Linux is best... but I like Windows. I'd setup one (maybe two) servers and run Active Directory on it for auth and file / print sharing. It's easy, it works, and pretty much everything will integrate into it, not to mention your internal users life will be simplified greatly by only having a single sign on.

For email I'm not sure what you're trying to setup, but for internal I'd again say I like MS Exchange running on Windows.... but if you're just pulling mail down from an external pop3 / imap server this isn't needed. If you're going to host your own domain and handle all your own mail, I kinda prefer having a unix host that acts as a relay before passing the mail off to Exchange... this could also be accomplished by one of the multifunction firewalls where it does AV and antispam checking at the gateway.

Sorry for the long ramblings... hopefully it gives you some ideas on what you can start looking for.
April 6, 2010 5:56:42 PM

Thanks for your help
!