Home office / home enterprise router recommendation

[RamGuy]

Greetings,

I?m in the market for a new router. I?ve already got two access points, one broadcasting our 2.4GHz 802.11n (300mbit) wireless (D-Link DAP-2553) and one broadcasting our 5.0GHz 802.11n (450mbit) wireless (Apple TimeCapsule) so it doesn?t need to feature any wireless capabilities. But it doesn?t matter if it does as we would simply disable them.

The keyword is stability, stability and more stability and bug-free, yet very capable firmware. We are running about ten LAN (mostly gigabit capable) connected systems connecting through a HP ProCurve 1410-16G dumb gigabit switch, two wired printers and about ten wireless systems.

So the router has to be capable to handle all these clients at once without any hiccups or slowdowns.

We have an optical fibre connection sporting 25mbit download and upload speeds and will soon be upgraded to 100mbit download and upload speeds. So the router must be capable to utilize such routing speeds both LAN to WAN and WAN to LAN.

You can describe our network as a home office / home business / home enterprise setup as it goes beyond a regular home network. All our systems are a part of an Active Directory domain hosted by a Windows Server 2008 R2 server, but we do not require any sort of VPN nor additional VLAN capabilities within the router. What we do need is stability and reliability, and a router capable of utilizing our upcoming 100mbit WAN connection that can handle twenty our so clients simultaneously.

Several of our systems run heavy loads of torrent usage, resulting in lots and lots of simultaneous connections going everywhere all the time and the router must be able to keep up with the heavy load without losing connection or dropping speed.

Our Windows Server 2008 R2 will also be hosting both a website and a FTP-site, therefore stability and reliability is a keyword as the website must stay up at all times and be able to handle whatever load the site might be faced with at peak hours.

I?ve been through a few different routers the past years, but sadly none have proven to provide a perfect experience. They either come with unstable and or buggy firmware, or simply lack features. That or the hardware is simply not up to the task with all our simultaneous clients and connections coming from both the LAN and the WAN side.

We do not require much from the routers firmware, other than it being rock solid and stable without any noticeable bugs. But sadly most consumer routers seems to lack in firmware development making them haunted with bugs or simply lack depth and capability. The key features we need in the firmware is DHCP, dynamic DNS, DHCP / IP-reservations, port forwarding, upnp and preferably working DMZ and support for IPv6.

The ones we have tried the past years have been:

D-Link DIR-655 rev2, but it featured unstable firmware and seemed to slowdown during heavy load. The DMZ didn?t seem to do anything as port forwarding was still required even after DMZ-hosting a system and there was no upnp support. It became gradually worse with every new firmware update and some wouldn?t even let you return to older firmware.

D-Link DIR-855 rev1, performed and behaved almost identical with DIR-655 only with less reliable firmware and we didn?t see much improvement with the first couple of firmware updates.

Linksys WRT600N rev1, performed and behaved better than the two D-Link routers but neither this one had a working DMZ-feature and there was no upnp and the hardware still seemed to slowdown during heavy load and there seemed to never be much firmware development and patching from Linksys?

Netgear WNDR3700v1, the first router that seemed to not slowdown during heavy load, at least not nearly as much as the above ones. But I didn?t like the firmware layout and there were some dreadful DNS bugs and other things going on that made us replace it. But it might seem like Netgear has fixed these issues by now, but as they have released quite a few never models since the WNDR3700v1 the support and development seems to have gone down the drain and it has been replaced with both a v2 and v3 preforming worse than v1. Neither here did the DMZ seem to do anything.

Netgear SRX5308, the first enterprise / business router we tried and the first one to really shine when it comes to both firmware capabilities and raw performance. Sadly there is an existing firmware bug that makes the WAN performance cripple without any noticeable reason forcing us to restart it quite often to get the speeds back up. After reading our at the Netgear support forum several people has noticed this issue and Netgear is still trying to solve them. Crippled WAN performance is simply a no go.

Cisco RV220W, almost identical hardware to the SRX5308, but less RAM. Seems to be able to handle our heavy load but the firmware did not impress. Firstly it seems to lack DHCP / IP-reservations and Cisco has confirmed that the DMZ doesn?t do anything at the moment and there isn?t much firmware development and Cisco have started to actually remove features with the latest firmware updates.

And so our hunt for the ?perfect? router that will suit our needs continues and I hoped for some guidance and recommendations from you all. Price-range is uncertain, we are ready to pay what it may cost.

[+BudMan MVC]

And have you thought of running a linux distro as your router - you can put it on either hardware you have handy or buy some hardware for it.

I would suggest pfsense, but there are other players in this market - there is ipcop, m0n0wall, smoothwall, Vyatta, etc.

I think this gives you the best features and bang for the buck, there are many companies running pfsense in production environments alot heavier than yours, etc.

Here is the thing - most of these you can try out with some hardware you have on hand with no cost to you at all. Then if you like you can either purchase some dedicated hardware or go with what you have if works, etc.

You will be hard pressed to find a commercial off the shelf product that compare in features. And to be honest they a rock solid once up and running. I like pfsense best, but does not mean that will be the one you like the best. Some of them have commercial support options if that is something you feel is a must. If you don't want to pay for support then use the community support, etc.

Your going to need to go with a SMB/Enterprise device vs the soho stuff which you have outgrown if your running 100mbit connection with serving up services to the public net, etc.

[sc302 Veteran]

You say you have active directory, why not use that for your dns and dhcp needs...It does quite well and has many features that many off the self routers lack with those features. dynamic dns can be handled by a client install on any computer that is left up 100% of the time.

The rest of it most basic routers can handle. Perhaps you should look for something a bit more robust like an ASA appliance for your needs and start getting into more enterprise equipment. Maybe an entry level 5505 or a 5510, but as budman suggested a pfsense firewall could do what you want or a sonicwall tz 210, you could go to a NSA applicance...a NSA 220 would be enough to handle your needs.

[+BudMan MVC]

Yeah I didn't catch this part

"All our systems are a part of an Active Directory"

As sc302 points out - this should be your DNS, and to be honest pretty much has to be your DNS for all member devices. And windows servers are quite capable of doing all your dhcp requirements along with reservations, etc. This also plays nice with dynamic dns registration for you member devices.

As to dynamic DNS for your public IPs - depending on who is hosting this. Quite often they have a client you can run on pretty much any os you have behind your gateway to handle the updating of your public IPs to public dns. So again this is not a feature you need in your firewall/gateway device. But pfsense can handle of these features if you want it to as well.

Also the sonicwall devices would prob be a good choice as well, same with the ASAs from Cisco --- all comes down to budget and how much flexibility you want from the device. Which is why I am a big fan of the router/firewall distro's -- they are pretty much wide open to pretty much anything you could think of as far as features. Even if say the gui of the distro might not have the feature built in, you can always just do it on the OS be it a linux or bsd based distro.

[RamGuy]

I' am looking at possible Supermicro based Intel Atom or LGA1155 solutions that could be running pfSense, Untangled, Astaro or other solutions. That seems to provide much more customizability, not to mention way more performance for money compared to Cisco and other fixed solutions.

The Active Directory Domain Server / Master is featuring both DHCP and DNS, but as a few of our systems run Mac OS X Lion which have proven to be a real pain adding to Active Directory in a sensible way I have always stayed with DHCP and DNS in router just for the ease of things.

Either Intel Atom or Intel Xeon E3 based U1-rack might be the way to go.

[sc302 Veteran]

Just because the MAC doesn't like windows, DHCP and DNS is a network service. It doesn't matter what is using it. a MAC does not have to be joined to the domain to use these features. For DNS to properly function and for you to be able to logon, MS DNS needs to be the only DNS server on the network adapters of your network. We have gone over this time and time again. This has to do with proper functionality and basic functionality, if it functions in your scenerio it is only a matter of time before something doesn't work right (can't access a share, can't logon, etc).

as far as customizability goes, that depends on your point of view. the sonicwall has as much or more customizability that you could ever shake a stick at if you purchase all the upgrades for it. The only thing you can't do is upgrade the hardware later on, it would be a completely new purchase. cisco is starting to think about things like built in av, content filtering, ssl vpn, built in wireless, etc in their enterprise grade products.

[ANON86364]

I' am looking at possible Supermicro based Intel Atom or LGA1155 solutions that could be running pfSense, Untangled, Astaro or other solutions. That seems to provide much more customizability, not to mention way more performance for money compared to Cisco and other fixed solutions.

The Active Directory Domain Server / Master is featuring both DHCP and DNS, but as a few of our systems run Mac OS X Lion which have proven to be a real pain adding to Active Directory in a sensible way I have always stayed with DHCP and DNS in router just for the ease of things.

Either Intel Atom or Intel Xeon E3 based U1-rack might be the way to go.

We have a couple of those SuperMicro 1Us in action as redundant DCs and DNS. They are great and I recommend them for roles like this.

[alexalex]

The best routers for SMB/Home Office... are Checkpoint's SofaWare routers. I use one at home with unlimited users. Firmware is updated remotely, regularly. The router has a build-in anti-virus, site blocking, vpn, ....You get a monthly router's blocking report and service is great.

[tonyjr]

Try Mikrotik - they have powrful software and it is regularly updated. Has mainly ISP and enterprise features aswell as home user stuff like uPnP. Excellent performance and reliability, just takes a bit of effort to read a few tutorials etc. to get started.

[pierre626]

The rest of it most basic routers can handle. Perhaps you should look for something a bit more robust like an ASA appliance for your needs and start getting into more enterprise equipment. Maybe an entry level 5505 or a 5510, but as budman suggested a pfsense firewall could do what you want or a sonicwall tz 210, you could go to a NSA applicance...a NSA 220 would be enough to handle your needs.

Can't recommend the ASA 5505 enough! Used one at home for a while, albeit on a smaller scale than the one you are aiming to support. But it just ran forever, no matter what you throw at it! Failing that, I can also safely recommend Vyatta, which I am currently using. It's an excellent OS for a router, can run pretty large networks on minimal hardware, and has a great community around it!