I have two offices that need a site-to-site VPN over a non-dedicated bandwidth cable ISP. The SRX5308 firewalls will connect to each other, but when our spotty internet service drops packets or gets too laggy, the VPN connection will drop out, and often we have to reboot both firewalls to get them to connect again.
We are also not getting the full speed that our ISP is delivering at the demarc when I test the speed behind the SRX5308.
I think it's time to move on from Netgear, so I have purchased two EdgeRouter PoE routers. I looked at the EdgeRouter Lite, but I would kinda like to have the extra ports available for VLANs, if that makes sense:
- the default VLAN is for workstations, NAS, and server
- VLAN 10 -- Phones
- VLAN 20 -- Guest-WiFi
- VLAN 30 -- Forms tablets (wifi)
- VLAN 40 -- A/V devices
- VLAN 50 -- IP video surveillance
Each VLAN would need some different rules in regards to speed limitations and access to other VLANs.
For example:
- Forms VLAN 30 could have unlimited bandwidth but access to no other VLAN and no devices on the same VLAN
- Guest VLAN 20 would need a combined internet bandwidth limitation and no access to other VLANs
- A/V VLAN 40 would need unlimited bandwidth access but limited access to the default VLAN
Also, the Phones VLAN 10 at the branch would need to have access to the Phones VLAN 10 at the main, and the default VLANs at each office would need access to one another.
In the next few months, we will upgrade the main office's ISP to dedicated fiber--10x10 or 20x20. Eventually, the branch office will follow suit.
I just want to make sure I'm doing the right thing here and have the right hardware. Any comments or suggestions?
I'm new to Ubiquiti, and relatively new to business networking in general, but have been impressed with how the many UAP and AP-AC WiFi antennae I've installed have held up, the support documentation, the community. I'm excited to get into the EdgeMax devices. This is my first real dive into EdgeOS, so I totally expect to learn a lot about the command-line and networking in general.
Probably won't be installing the new devices until another week or so, but I'll update this post as I go along if you guys think it may be useful to others.
Thanks!