VPNs can be difficult to install even when you have previous experience. There is a variety of sklls required, from networking (TCP/IP) to general security, firewalls, and the VPN specifics. The best way forward is often to have your reseller configure everything for you, and teach you along the way, then get some further training.
An unmonitored VPN/firewall is little better than no VPN/firewall at all. You need to be watching the logs and keeping an eye on what is happening inside and outside your network. All the units except the Watchguard used a browser-based client to configure and monitor the appliance, while the Watchguard uses a proprietary application.
A well-designed VPN can greatly benefit a company. For example, it can:
- Extend geographic connectivity
- Improve security
- Simplify network topology
- Provide global networking opportunities
- Provide better ROI than traditional WAN
Things to look out for
- Security. Most units use 3DES standard encryption which is pretty difficult to break.
- Number of VPN connections. The unit must be able to support the required number of VPN connections.
- Speed. Can the unit keep up? We found that over 100Mbps connection the speed was about 1/6 to 1/10 of the wire speed.
- Standards/ Interoperability. What standard does the unit meet, and how well does it interoperate with other units that you may use, or your business partners may have?
- Ease of Setup/Management. Some of these units are very difficult to setup, and shouldn't really be attempted by someone without a lot of experience. Better still, have your reseller configure everything for you.
