+ Reply to Thread
Page 1 of 2 1 2 LastLast
Posts 1 to 10 of 18
  1. #1

    Contractor Among Contractors

    portseven's Avatar
    Join Date
    Nov 2006
    Location
    the polling booth
    Posts
    1,161
    Thanks (Given)
    0
    Thanks (Received)
    3
    Likes (Given)
    5
    Likes (Received)
    17

    Default 40+ Site Unmanaged WAN

    Helping a friend of mine out who is working for an SME

    They have 40+ remote sites, all with their own internet connection, various devices on each site, all on a flat network.Micture of their own devices (pc's etc) and 3rd party things. They have no IT staff at all, but now realise they need to take care of it a bit more. I am suggesting they get some network segmentation and monitoring in place

    They want to do it on the cheap and use netgear devices, but I am thinking this is mad, for a WAN of this size Cisco seems the best choice, based on manageability, and ease of getting skills in the market.

    Thinking a Cisco ASA 5505, with a manged switch at each site, bunch of VLAN's, with site to site VPN to head office. Plus they need a few full time IT Bod's.

    Is my steer correct?
    Politicians are wonderfull people, as long as they stay away from things they don't understand, like working for a living!

  2. #2

    I live on CUK

    SueEllen's Avatar
    Join Date
    Nov 2005
    Location
    in the Park
    Posts
    26,369
    Thanks (Given)
    1140
    Thanks (Received)
    937
    Likes (Given)
    4273
    Likes (Received)
    3791

    Default

    If they want to do it on the cheap and don't realise how important security is, I would run a mile or 100.
    "You’re just a bad memory who doesn’t know when to go away" JR

  3. #3

    Double Godlike!

    stek's Avatar
    Join Date
    Oct 2009
    Location
    East of Eden
    Posts
    10,885
    Thanks (Given)
    3
    Thanks (Received)
    243
    Likes (Given)
    11
    Likes (Received)
    1421

    Default

    ASA 5505 does VLAN's too, good box. We replaced ours with ASA 5506's and found out they didn't do VLANs so we had to do them on the switch...

    If you're wanting site-to-site VPN you're going to need security devices are each end anyway, ASA 5505 for example. Cheap enough now but not supported anymore.

  4. #4

    Contractor Among Contractors

    portseven's Avatar
    Join Date
    Nov 2006
    Location
    the polling booth
    Posts
    1,161
    Thanks (Given)
    0
    Thanks (Received)
    3
    Likes (Given)
    5
    Likes (Received)
    17

    Default

    Quote Originally Posted by SueEllen View Post
    If they want to do it on the cheap and don't realise how important security is, I would run a mile or 100.
    Have given her a quick lesson in how to give risks a cost, given the sort of data moving round this network, it should be a no-brainer to do this right.
    Politicians are wonderfull people, as long as they stay away from things they don't understand, like working for a living!

  5. #5

    Still gathering requirements...


    Join Date
    Jan 2006
    Posts
    90
    Thanks (Given)
    0
    Thanks (Received)
    0
    Likes (Given)
    0
    Likes (Received)
    4

    Default

    Try looking at Meraki (they are Cisco owned) or the cheaper and without the yearly license cost Ubiquiti.

  6. #6

    TykeLike

    SimonMac's Avatar
    Join Date
    Aug 2010
    Location
    God's Own Republic Of Yorkshire
    Posts
    22,063
    Thanks (Given)
    225
    Thanks (Received)
    1106
    Likes (Given)
    803
    Likes (Received)
    2941

    Default

    Quote Originally Posted by davetza View Post
    Try looking at Meraki (they are Cisco owned) or the cheaper and without the yearly license cost Ubiquiti.
    +1 For Meraki

    Depending on how big each of the sites are there should be a suitable option for all, not cheap but they will have to realise if they want it done right it will cost them
    “Live a good life. If there are gods and they are just, then they will not care how devout you have been, but will welcome you based on the virtues you have lived by. If there are gods, but unjust, then you should not want to worship them. If there are no gods, then you will be gone, but will have lived a noble life that will live on in the memories of your loved ones.”

    ― Marcus Aurelius

  7. #7
    sal
    sal is offline

    Contractor Among Contractors


    Join Date
    Jun 2014
    Posts
    1,297
    Thanks (Given)
    1
    Thanks (Received)
    53
    Likes (Given)
    270
    Likes (Received)
    257

    Default

    Quote Originally Posted by portseven View Post
    Helping a friend of mine out who is working for an SME
    ~snip~
    They have no IT staff at all, but now realise they need to take care of it a bit more.
    ~snip~
    So you friend is not IT or was she hired as the first IT to sort this out?

    If she doesn't have significant knowledge of networking, better not to get involved or she might be used as a scapegoat if (more like when) something goes wrong.

    If they went along without any proper network security so far and a re stingy/stupid enough to have no IT staff with 40+ sites and no network security. Cisco is an overkill for them, there are alternatives like Ubiquiti that can achieve the same results for a fraction of the cost.

  8. #8

    Double Godlike!


    Join Date
    Dec 2012
    Posts
    10,384
    Thanks (Given)
    755
    Thanks (Received)
    742
    Likes (Given)
    4942
    Likes (Received)
    2860

    Default

    Quote Originally Posted by sal View Post
    So you friend is not IT or was she hired as the first IT to sort this out?

    If she doesn't have significant knowledge of networking, better not to get involved or she might be used as a scapegoat if (more like when) something goes wrong.

    If they went along without any proper network security so far and a re stingy/stupid enough to have no IT staff with 40+ sites and no network security. Cisco is an overkill for them, there are alternatives like Ubiquiti that can achieve the same results for a fraction of the cost.
    The alternative is for the OP to PM Suity.

    He specialises in such matters

  9. #9

    Contractor Among Contractors

    portseven's Avatar
    Join Date
    Nov 2006
    Location
    the polling booth
    Posts
    1,161
    Thanks (Given)
    0
    Thanks (Received)
    3
    Likes (Given)
    5
    Likes (Received)
    17

    Default

    Quote Originally Posted by sal View Post
    So you friend is not IT or was she hired as the first IT to sort this out?
    She was hired as head of marketing!!! Getting involved due to previous job having 'IT' in the title

    The Meraki stuff looks interesting, they just need some segments in place with some ACL's plus some central VPN
    Politicians are wonderfull people, as long as they stay away from things they don't understand, like working for a living!

  10. #10
    sal
    sal is offline

    Contractor Among Contractors


    Join Date
    Jun 2014
    Posts
    1,297
    Thanks (Given)
    1
    Thanks (Received)
    53
    Likes (Given)
    270
    Likes (Received)
    257

    Default

    Quote Originally Posted by portseven View Post
    She was hired as head of marketing!!! Getting involved due to previous job having 'IT' in the title

    The Meraki stuff looks interesting, they just need some segments in place with some ACL's plus some central VPN
    Tell her to stay away if she can. Otherwise she will be saddled with managing/supporting this forever and i kinda doubt it will be reflected in her pay.

    Taking additional responsibilities in the area you were hired to build up your career is one thing, getting saddled with random unrelated crap, just because you have done something remotely similar in the past is entirely different.

    Unless of course she is happy/looking forward to do it and prefers IT to Marketing.

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Content Relevant URLs by vBSEO 3.6.0 ©2011, Crawlability, Inc.