I'm in the process of looking for new network equipment to upgrade our small office network. I currently have a single consumer-grade Netgear wireless router to unmanaged switch and then another netgear router configured as a WAP in back of the building. We have comcast business 75/25 for internet service without static ip. We don't have a physical server, everything is handled through G Suite. We do have 5 voip phones (1 to 2 calls at most at once) and a Synology NAS for any local data transfer needs and local g suite backup. There are 5 office users with laptops. Three printers. There are 4 wired ip cameras controlled by a separate Synology + a network door access controller. Lastly, everyone has personal/business phones connected to a guest network including additional 10 manufacturing employees with their own devices. Our current router controls "everything" on the network which is not much: QoS for voip phones, reserved IP addresses for printers etc.
I'm leaning towards the Synology router + 1 WAP because I like the interface of my NAS, that it comes with free VPN capability, and it appears to have a secure guest network. I am really the only VPN user, nobody is remote, I just need it to check on equipment, cameras, door access etc. I don't want anything that charges licensing for additional features but I do want VPN so that I don't have to expose internal network equipment to the internet for external access. I currently have a VPN setup through L2TP/IPSec on the Synology NAS so could continue that approach.
Budget is pretty flexible but I'd say trying to stay under $1,000 for 2 (maybe 3) pieces of equipment - router + 1 to 2 WAPs.
I have an unused managed switch that I haven't connected and I could go into the VLAN approach if that's appropriate? I've never set one up but it appears common for phone systems and maybe another network for iPhones/guests? I'm not an IT professional other than part time job responsibility here. When I switched us to the VOIP phones I came to the conclusion via google that we didn't need VLAN for our size office phone system and so far so good.
Hopefully that's enough of a use case scenario for people to provide alternative products for me to explore. My main concerns are ensuring quality of service to the phones, security in general, and I'd really like to lock out the iphones/guest network devices that aren't owned by the company if somehow those devices became security threats. I'm sure this is somewhat similar to past posts but things change quickly and I'm hoping with my use case explanation that I can get some responses of similar configurations by people who may do this for a living. Thanks in advance for any/all suggestions.
No comments:
Post a Comment