Suggestions for new APs and Firewall
-
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
This is for a school, not an SMB. With out some form of traffic shaping somewhere, their bandwidth would be overrun with torrents.
@Markferron can correct me if I'm wrong, but right now, I think the Meraki APs are where the bandwidth shaping is being done now.
There is a lot more to it than that. How many schools have their phones via their public WAN, for example? They might, and then they likely need shaping, but the things that make you need shaping often go away when dealing with things like schools.
@scottalanmiller, I have worked at this place. They need shaping to prevent 3 computers with bit torrent from overrunning every ounce of bandwidth they have. Been there, done that, turned on traffic shaping, problem solved.
Edit: The Phone system is a different topic.
Why not block those rather than shape?
-
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
This is for a school, not an SMB. With out some form of traffic shaping somewhere, their bandwidth would be overrun with torrents.
@Markferron can correct me if I'm wrong, but right now, I think the Meraki APs are where the bandwidth shaping is being done now.
There is a lot more to it than that. How many schools have their phones via their public WAN, for example? They might, and then they likely need shaping, but the things that make you need shaping often go away when dealing with things like schools.
@scottalanmiller, I have worked at this place. They need shaping to prevent 3 computers with bit torrent from overrunning every ounce of bandwidth they have. Been there, done that, turned on traffic shaping, problem solved.
Edit: The Phone system is a different topic.
Why not block those rather than shape?
In general, you cannot. Not without some packet inspection going on. and that again kill the CPU in the router.
-
If you want to do all of this at the FW, which is reasonable but not the only choice, then yeah, obviously a bigger model is needed. If you are using the router only for routing, it will handle a lot of bandwidth. Just depends how you are setting it all up.
-
If they wanted to block it all at the edge, I'd assume they would need to look at something such as a Palo Alto or what-not?
ER Pro -> Palo Alto -> Internal Network?
-
@dafyre said in Suggestions for new APs and Firewall:
If they wanted to block it all at the edge, I'd assume they would need to look at something such as a Palo Alto or what-not?
ER Pro -> Palo Alto -> Internal Network?
That's one approach.
-
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
-
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
-
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
-
@dashrender said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
They would likely benefit form the Web filtering and such on the Palo Alto (currently handled by the Meraki FW).
-
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
Depends. Blocking one service is a very minor thing and easily handled by the entry level enterprise non-UTM device. So likely, no, you'd not split for one little thing.
-
@dafyre said in Suggestions for new APs and Firewall:
@dashrender said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
They would likely benefit form the Web filtering and such on the Palo Alto (currently handled by the Meraki FW).
Then you aren't doing just one thing of filtering out Torrents.
-
@dafyre said in Suggestions for new APs and Firewall:
@dashrender said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
They would likely benefit form the Web filtering and such on the Palo Alto (currently handled by the Meraki FW).
They likely would, but that would be a different discussion.
-
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@dashrender said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
They would likely benefit form the Web filtering and such on the Palo Alto (currently handled by the Meraki FW).
They likely would, but that would be a different discussion.
One they will run around the soccer field a few more times I'm sure, but that heads into religion / politics there.
-
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@dashrender said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
They would likely benefit form the Web filtering and such on the Palo Alto (currently handled by the Meraki FW).
They likely would, but that would be a different discussion.
One they will run around the soccer field a few more times I'm sure, but that heads into religion / politics there.
I don't follow this phraseology.
-
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@dashrender said in Suggestions for new APs and Firewall:
@dafyre said in Suggestions for new APs and Firewall:
@scottalanmiller said in Suggestions for new APs and Firewall:
EdgeRouter have an option for blocking BitTorrent themselves. But they have to spend time looking at the traffic to do so.
That's better done on a separate device, isn't it?
If that's the only thing you're doing - it is worth splitting?
They would likely benefit form the Web filtering and such on the Palo Alto (currently handled by the Meraki FW).
They likely would, but that would be a different discussion.
One they will run around the soccer field a few more times I'm sure, but that heads into religion / politics there.
I don't follow this phraseology.
It's a discussion around whether or not web filtering should be enabled or not on campus. One that has been discussed many times. I'm sure there will be many more... but it becomes a religious / political discussion since they are a Christian College.
-
@dafyre said in Suggestions for new APs and Firewall:
This is for a school, not an SMB. With out some form of traffic shaping somewhere, their bandwidth would be overrun with torrents.
@Markferron can correct me if I'm wrong, but right now, I think the Meraki APs are where the bandwidth shaping is being done now.
Yup I have rules on the APs and the MX400. They should all be the same as far as bandwidth limits, just in case.
