brwainer

Everything said above is 100% true, I just want to add a few things. If you don't want your users to have to type in a port number in order to connect to the second (third, etc) minecraft server on the same external IP, you can buy a domain name and set up SRV records to encode both the IP and the port. Not all programs support this, very old versions of Minecraft didn't (before 1.3). For more information see this page or search for "Minecraft SRV" https://www.noip.com/support/knowledgebase/how-to-add-a-srv-record-to-your-minecraft-server-remove-the-port-on-the-end-of-the-url/ If you need a domain name, I recommend NameCheap, but that's just a personal choice.

The Meraki MX system is capable of Layer7 inspection and is a poor example to use unless you know someone has that system or one that is equally capable. EDIT: actually looking at the Meraki page you linked, the 1:Many NAT is just normal PAT or Port Forwarding. That feature on its own can’t distinguish between HTTP hosts. I believe a full featured Meraki system is capable of doing so, but not with the feature you linked. When that page talks about 1:1 and 1:many, they are talking about using one public IP for multiple inside servers, as opposed to the 1:1 which is just transferring all traffic between a public IP and a private one. This is useful for devices that you need a lot of external ports publicly available but you still want to provide UTM protection to.

I think @Homeless Pineapplemade a typo, and they meant to write "domain1.example.com:80 to the internal port 192.168.11.50:80 and domain2.example.com:8080 to the internal port 192.178.11.51:8080." or "domain1.example.com:80 to the internal port 192.168.11.50:80 and domain2.example.com:8080 to the internal port 192.178.11.51:80." When a router is processing the port forwarding (Port Address Translation or PAT, which is part of NAT, and normally implemented firewall) it has no idea what hostname you have put in. At the level of TCP/IP, the hostname isn't included only the IP address. Yes messages from the browser will include the full hostname, but that is in the HTTP layer and a normal router will never look there in order to route things differently. If your router is capable of making Layer 7 Firewall Rules then you may be able to do something like this, but otherwise it is not possible to use the same outside IP:Port with two different inside services.

doing routing in a L3 switch works for when you want top performance, but they usually can't do any security besides applying an ACL, and may not even be able to do that. For anything that you want protected by your firewall (like access to the MGT and Surveillance VLANs from the workstations) it would still go through the UTM. Of course that level of security might be overkill for your use and the L3 switch doing routing into those VLANs might be fine.

if its just switches, UPSs, and the odd short-depth server, then I am very happy with NavePoint racks. They are the cheapest option for enclosed/locked small racks.

"NIC" means Network Interface Card. A NIC could be for ethernet, SFP, Wifi, or any other network type. So the suggested parts aren't wrong because until now you never actually stated or confirmed you were looking to add wireless. Finding a key B or M or B+M wireless NIC is probably impossible because that isn't intended and is in low demand. An adapter from B/M to E would be difficult to make and probably doesn't exist, but if you want to search for one go ahead.

Looks like the second connection is for IPTV or something like that - anything starting with “10.” is a private IP address, and you can see that second connection has NAT disabled. So for the OP, 36.81.32.1 is the IP that should be pinged to see if the “local” connection is the issue, or something within the ISP’s network.

This is very interesting, and I know you said BETA store but I was initially confused because I could only find the old and basically abandoned mFi line. This is also an option to keep an eye on. I don’t like the specs (specifically temperature and CRI) of their first gen LED panel though.

If by NIC you mean wireless card, possibly, except that wireless cards are almost always “key E” whereas M.2 slots meant for storage are either “key B” “key M” or “key B+M”. Check the wikipedia page on M.2 to see what the different keyings are. I’m not aware of any M.2 ethernet NICs. EDIT: the slots on the motherboard will only be a single Key, but M.2 devices might be compatible with multiple.

Log into your router and see what the “default gateway” IP that it is getting from your ISP is. Start running a ping to that to see if that drops out. That IP will usually be the device at the other end of your telephone or coax cable, or worst case a few miles away in one of your ISP’s offices.

The video from Genisys is pretty slick, both their implementation and their control software. But its really just an application of active POE with LED lighting. I’d love to see what other competitor solutions there are. For a few years I’ve thought about using POE for lighting and other low wattage always on items. For refence, 802.3af POE can provide up to 15W per port and 802.3at POE+ can provide 25.5W. A common 60W replacement LED bulb can use 4-7W. I’m sure the office ceiling tube replacement units might push close to 25.5W just because normally those fixtures produce a lot of light, but with a fully integrated system like they are showing, I’m sure they have designed those right up to the limit.

If it is a very small complex, like just a single building, or is owned by a private landlord, then it is very common that they have purchased a single consumer connection with a router (or maybe a combo unit). Generally only multi building complexes or ones run by a management company will make a contract with an ISP for service. Also there is three types of service a complex can purchase: -individual connections for each unit from the local cable or telephone company -“community” internet from the local cable or telephone company -“community” internet from a provider that specializes in this I am an engineer for a company that does the third option. Among apartment complexes, the three options are about equally split. The second and third option are the same architectually - a non-consumer internet connection is brought in to the main building and then shared via ethernet or DOCSIS - I’ve seen properties where consumer grade cable all-in-one modems were reprogrammed into basically APs. The OP said they are in a single 4-story building split into apartments by floor. My bet is that this is privately owned and that there is no contract with an ISP to provide individual service, based on experience. My recommendation is to use a normal router, and if there is any concern for privacy, pay for an encrypted VPN and program the router to send all traffic through it. This may require a more expensive router than is needed just for providing NAT and a stateful firewall (which is every router currently made).

If you buy Ubiquiti APs individually then they include the POE injector in the box. If you buy a multipack (ex. 5 Unifi AP AC's) then that does not include injectors because they expect you to have a POE switch when using that many APs. Ubiquiti Unifi APs are very good value for high-end home use and small businesses.

If talking about very long range PtP or PtMP communication, and we are comparing wireless to copper based wired, then yes for a given long distance link you will need less "repeaters" for wireless than for wired. Example, microwave wireless versus coax or telephone cables. Microwave might have a single-link range of 30km (with tall enough towers) but the copper line might have a max range of a few km. But then when you add in fiber to the comparison, the max link distance goes out to hundreds of kilometers - a standard single mode 10Gb SFP can do 10km links reliably, and then you can go to specialized equipment.

Namecheap prices for .com: $10.99 plus WhoisGuard free for 1 year; Whoisguard costs $2.88 after the first year but base price stays the same 1and1 price for .com: $0.99 first year, $14.99 after, “Private Registration” is free If paying one year at a time (namecheap offers discounts if you pay multiple years at onec) and including WhoisGuard, then the break-even is at about 7 years. Under 7 years, 1and1 is cheaper due to that $0.99 first year. After 7 years, namecheap saves you money. So do you expect to have this domain for a long time? Edit: Looks like I did that math wrong, the break-even is at 10 years. The calculation is attached. The same question still remains though.

At 1and1.com I’m seeing $0.99 for the first year and $14.99 every year after that for .com domains. I’m paying less than that for my domain plus private registration at namecheap.com. I didn’t compare .co.uk pricing nor non-USD prices.

There's no shame in going from DSL to Cable, and none of the non-trolls on this forum would bash you for it. There's plenty of places where you only have a choice between a single telephone provider and a single cable provider for internet. For your modem choice, I'd recommend spending a little bit more for an ARRIS SURFboard SB6183 ($69 on Amazon) or step down to the ARRIS SURFboard SB6141 for $50 because Arris has a lot more experience making modems than Netgear. Generally I recommend getting a modem that is rated for twice the speed you are actually paying for (so the 6141 would be go for up to 150Mbps down) For your router choice, that one is fine, I like TP-Link routers for entry level. At that low price point, there isn't really a lot of difference between the brands, they all have basically the same hardware inside with no significant feature differences.

I don’t understand what you mean about devices being assigned to a VPN server or client on the same router. Just to make sure we’re clear, this is what I am talking about: -VPN Server running on a router: allows users who are currently outside of the network to be connected to it, granting “local” access to any resources on the network, and (optionally) routing all traffic including that to normal websites through the router. Commonly called a “Road Warrior” VPN setup -VPN Client running on a router: all traffic from internal users is sent through the VPN tunnel, to increase privacy relative to the ISP and sometimes to get around geo-ip blocks These things are not exclusive, and I don’t understand what you mean by assigning users/devices to them. For the VPN server, if you want devices to always connect back home when away, you just need VPN client software that does that - nothing related to the server software on the router. For the VPN client, any router that supports this will by default apply it to all devices on the network (the default route the router uses is changed to go over the VPN instead of direct to the ISP) so the only thing you might want to do is configure the router to not do this for aome devices, or only do it for certain ones.

You could set this up with any Mikrotik router, although the learning curve on them is a bit high. I’m assuming that Ubiquiti routers can do it as well (pay attention to the difference between Edge branded devices and Unifi ones - Edge has more features but has to be managed in a traditional way, Unifi has a “Unifi”-ed control panel at the cost of niche features). You can also set up anything you can dream of with PFSense or other open source router operating systems, you would install these either on a special type of x86 computer called a network appliance, or a regular old computer with two NICs, or a VM inside a hypervisor server. You can also buy one from Netgate, who develops PFSense. If you’re looking for specific models that are meant specifically for SMB and SOHO then I don’t have any recommendations. I see Dell Sonicwall routers in use a lot, they seem to be rather capable but I don’t have any experience or knowledge of them.

OpenVPN already uses SSL - that’s why you normally have to copy a certificate from the server to the client unless the server paid for a signed cert from a trusted vendor. The only thing i’ve heard of people doing with OpenVPN is setting it up on port 443 in TCP mode (the OpenVPN default is UDP) so that if you are at a hotel or other place, it really just looks like you’re communicating with an HTTPS server (there are still ways to tell the difference based on the headers, but even most UTMs don’t catch that yet)

The 2540 series also has a USB port for console access, but you have to install the driver. Se pages 23-25 for info: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c05325081

Usually I see that the other way around - one of the traffic ports can be configured to also carry IPMI, if it isn’t that way from the beginning (supermicro workstation oriented boards for example don’t always have a dedicated IPMI, just a shared). Its still worth inspecting but I doubt it will be that way. I also find the “reworked” wording interesting, but the system bundles they sell that include CPU and RAM appear to be based on the same base system.

That does sound like a compelling deal then, and their prices on complete systems don’t seem too bad either. I’llbe looking forward to the update

there are some rather odd choices in this... like the only networking being a single SFP+, and a drive bay style backplane but for internal drives. Speaking of those internet drives, if the chassis doens't come with the proper standoff screws, I don't see how you are going to mount any in this. Also, I hope you already have or are willing to get 1U CPU coolers because I doubt they are included

Your vendor and Lenovo won’t provide warranty coverage for anything that involves the WD disk (i.e. if you build a RAID array that includes it and exxperience issues with that particular array) - but they can’t invalidate the overall warranty for parts that are unrelated, like if the CPU or RAM or system board develop an issue. I’m fairly sure in the US there is a law protecting you in that case. A vendor can’t prevent or punish you for using third party equipment but they don’t have to support it either (something like a switch that only accepts SFPs that have some magic number on them is considered a feature, it doesn’t really prevent you from using third party equipment) Based on the product guide for this model, there is two areas for hard drives in the front, and each can be either 6x 3.5” or 16x2.5”. If you have a 3.5” section already and it has less than 6 drives in it, then you just need to get an empty drive caddy (look on amazon, ebay, or ask your vendor for an “x3500 m5 drive caddy”). If your 3.5” section has 6 drives and the second section of the system is empty (neither 2.5” nor 3.5”) then you will have to upgrade the server with the extra drive bays and possibly another raid adaptor or sas expander to provide enough ports - your vendor will be able to do this for you in a way that maintains your existing warranty and warranties the new parts also.