well if they're not installed it doesn't prove anything. If many are installed and failing, then there's a case against Draytek.
they are extremely well known people have them at home because they are cheap. So ppl know about them.
no, if the Belkin and
The one huge commerical environment i am aware of swear by the draytek vigor. They say it's a top of the range , top notch router. They also have multiple levels of network security there. Very paranoid.
it's hard to see your reasoning here, the answers to your questions aren't so obvious. Belkin may be ok for cables, but they make terrible KVM switches and Reverse KVMs, so, I wouldn'tr trust them with a Router!! I have asked people about router makes and they say belkin is worst.
They usually say LinkSys is best (linksys being adivison of cisco probably helps)
users of netgear and dlink both have their share of bad experiences.
I also heard good reports about Watchguard routers.
Maybe Draytek and Watchguard are more for commercial environments or a techie home. I guess cisco would be one up on that.
I am interested in your assertion about Draytek routers, as I am about to buy one. In what respect are they "crap"? Could you, for example, please explain in detail how the Netgear router which you recommend is better than the equivalent Draytek model?
It's just personal experience with hundreds of units in the last couple years - so, now you know.
Ask how many Draytek devices are installed and working perfectly in large corporate environments, then ask yourself how many D-Link and Netgear switches are being used in professional installations (and I know we're not talking the same level of parts), no, if the Belkin and Draytek was good enough, would they not be using more of their hardware in commercial environments?
As yourself how many Belkin devices you've seen fail, same for other no- name devices.
I like Linksys for home users, they are cheap, but they also don't offer SPI which I think should be part of the base protection package. I also find that many people want to host a VPN connection inbound to a box in their home, and linksys units don't pass GRE inbound very well (as do some others).
I have about 50 Linksys BEFSX and BEFVP units in the field acting as a barrier for clients that want to connect to the office from their homes
- these are the minimum I would consider for ANYONE. The BEFSR units are under $50, the other two are in the $80+ range most places.
WatchGuard doesn't make routers, they make firewalls - they are NOT like the NAT Routers that others provide - they are true firewalls in all cases..
CISCO is a PITA for setup, more than most home users want to deal with. Linksys being purchased by CISCO has not provided by additional quality for Linksys products, in fact, GRE still doesn't work and they've not put SPI back in to their routers yet.
No, I'm saying I have personally experienced several hundred routers of all types/vendors/classes, and Belkin is the last I would install, draytek in the middle, and Netgear or D-Link would be font form SOHO/Home users.
If I wanted a firewall, I would pick a WatchGuard first and always.
It's OK, I'm just some poster in the grand scheme of things - the Draytek will most likely work fine for you, but look on google for support, assistance, help, methods that show specific details from posters on how to set it up in the method you need before you purchase anything.
If you are saying that you have experience of hundreds (or even just a few) of Draytek routers which have proved to be "crap", then I respect your judgment. But you aren't saying that, are you?
I've always set the MTU on DSL type connections to 1400 or 1430, never found one that worked at 1500 yet. I did not have to make any changes at the client/workstation/server level, only at the WAN interface.
Yes, but most businesses don't want a no-name solution that is setup in some uncertified manner with some generic computer parts - regardless of how well it's built.
I have used quite a number of FVS318's but have never seen the rule (service) or option within custom services for GRE. How is this configured? But then again, if you are using a L2TP router why bother with PPTP anyway apart from the obvious reasons.
If you are using ADSL then the Dynalink RTA230 natively supports inbound PPTP and IPSec, rather than using the port47 fiddle.
I have not encountered an off-the-shelf router (without a 'modem' component) that fully supports inbound PPTP passthrough properly in quite some time. In those instances I just build an IPCop box which does support GRE properly.
Another caveat to be aware of is a good number of those that do support inbound PPTP passthrough (most don't, despite claiming to) is that the number of concurrent connections is limited to about 2.
My experiences with Netgear products has also left me with a high opinion of their gear. Dynalink, D-link also. I am not referring to the $65 firewall *cough**choke**splutter* NAT boxes.
I used to lean that way, until the X edge series which were problematic on stub networks using PPPOE. (they had no awareness that PPPOE added 8 bytes and would cause connection failures by sending out 1508 byte packets, meaning you had to adjust the ethernet MTU on all client workstations.)
Also you can do similar with open source on fairly low spec boxes and get similar, if not better levels of protection, for a much lower cost. E.
I can setup a Firebox X700 for most business needs in 30 minutes and the retail cost from most vendors is $1900. If you spend time to build and configure a nix box you already spend half of that - not to mention that you don't get updates or support in a open-source solution.
I have a BUNCH of Wg units in the field, some are industrial clients, some are medical centers, some are government, some are just businesses with 2~10 offices - not one of the WG units has failed in the almost 6 years I've been using them. I can count, using the remaining hairs on my head, how many PC's have failed in that time :)
I like the idea of being able to take a new unit out of the shipping box and having the client up and running in minutes in most cases, not to mention the support if I need to do something non-standard.
But, if the unit acts as a VPN (PPTP) end-point, it's very likely that it handles GRE properly. None of the PPTP end-point units I've seen/used have had problems with inbound GRE, only the cheap NAT units have problems with it.
And none of those should be trusted with it connected to a live public connection - it needs a barrier device/server between the Internet and the server itself. I've never liked ISA, and while that may go against the ideals of SBS, I've never had a firewall (non-ISA) or an appliance (a real firewall, not one of these NAT systems) let me down.
Not true, I've never had a customer compromised in 25+ years of working with computers, and I've never setup a server exposed directly to a public connection and always (since they became available) tucked them behind a firewall appliance (or a firewall server). I don't like ISA or the dual NIC setup for SBS.
I think you misunderstand my intention and how I normally work with servers - I never allow a direct connection to the server for VPN connections, and I never use Dual NIC's in a solution.
I install a barrier device, my choice is the WatchGuard Firebox x1000, and use it to filter SMTP, HTTP, and other services for content and malicious attachments - even blocking bad headers and such.
As for the PPTP connection to the device acting as an endpoint, I would not do that in a Dual NIC solution, a single NIC with a real firewall is all that's needed. Since there seems to be a large number of people doing the NAT router with a single NIC, I would at least want on with a PPTP End-Point ability - and I would make sure that the PPTP user/password DID NOT match the domain user/password - this would provide two layers (oh, did I mention that in a firewall solution, not a simple NAT solution, getting the VPN to the firewall still doesn't get the user access to the network, they still have filtering rules applied to them).
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.