Office Network Advice - Dual WAN? VoIP QoS? Which Router?

[BowShock]

I'm looking for advice on a network setup for an office with around 40 people. We're a consultancy and I'm a data scientist, not an IT expert but as the only tech enthusiast in the office it's fallen to me to try and sort out the network in our new office. I'm pretty good as far as PC hardware goes and building servers etc. but I know very little about networking so I could do with some help.

 

We currently have a ~100 Mbit DSL connection with the ISP provided modem-router combo and a network switch feeding ethernet ports and 2 wireless APs around the office. We make a lot of VoIP calls (mainly Skype for Business and Webex) but we experience dropouts and dips in quality pretty frequently. Our general internet traffic is just web browsing, people listening to Spotify and syncing files to SharePoint Online with the occasional large download.

 

I've tried setting up the QoS options on the ISP's router to prioritise VoIP but it didn't seem to do anything. My boss is game for getting a second DSL connection but not sure that's 100% necessary. From my own research I have some options below but I don't know what's best and what hardware to get.

 

1. Keep a single DSL connection, get an enterprise router with proper QoS support, put ISP's router into bridge mode and use as modem (is it worth getting a standalone modem as well?).
2. Get a second DSL connection, get a dual WAN enterprise router (Cisco RV340?) and setup QoS to send all VoIP traffic through a single connection and keep everything else on the other connection.
3. Option 1 but with a high-end consumer router?
4. Something else?

Any suggestions on the above or what routers are good would be much appreciated! 

 

Thanks

 

 

[mtz_federico]

I would use pfsense and test it with just one wan with some rules and if it doesn’t make it better then get the second wan, connect it to pfsense and put some rules sending traffic to specific services or from specific devices to one wan and other devices and services to other wan

[Acedia]

Well if you were my customer I'd sell you a FortiGate 60 or 80E with 2 FortiAP 221Es. Get a second internet connection. Set up SD-WAN and use the existing devices as modems only if required.

Set up Traffic Shaping for favorite SIP Traffic, set Sharepoint Online/OneDrive to low, and use SD-WAN rules to route VoIP over one connection and any Cloud Drive Traffic to the other.

Check if you current switches properly support QoS and handle DSCP flags correctly.

[dalekphalm]

I would 100% avoid a custom built pfSense solution. Just imagine if something breaks. Now you gotta figure out how to fix it, and quickly.

 

You need to QoS the VOIP and guarantee it a chunk of your bandwidth. VOIP doesn't really need that much bandwidth, but it's very sensitive to latency and needs certain minimums.

 

What is your current Network switch? You might be better off contacting a local IT Vendor who can tailor a solution to your specific needs, and configure it for you.

[BowShock]

5 hours ago, dalekphalm said:

I would 100% avoid a custom built pfSense solution. Just imagine if something breaks. Now you gotta figure out how to fix it, and quickly.

 

You need to QoS the VOIP and guarantee it a chunk of your bandwidth. VOIP doesn't really need that much bandwidth, but it's very sensitive to latency and needs certain minimums.

 

What is your current Network switch? You might be better off contacting a local IT Vendor who can tailor a solution to your specific needs, and configure it for you.

Yeah I don't fancy trying to manage pfSense and I'd have to buy a new machine to run it on anyway. Can't remember what the switch is, it's a brand I haven't heard of before. I'm working remotely at the minute so I can't check myself. I'll have someone check later.

 

I would like to get a local IT company to take care of everything, especially since I'm working remotely most of the time, but the bosses aren't too keen on the idea. I might get some quotes first and present the case.

 

7 hours ago, Acedia said:

Well if you were my customer I'd sell you a FortiGate 60 or 80E with 2 FortiAP 221Es. Get a second internet connection. Set up SD-WAN and use the existing devices as modems only if required.

Set up Traffic Shaping for favorite SIP Traffic, set Sharepoint Online/OneDrive to low, and use SD-WAN rules to route VoIP over one connection and any Cloud Drive Traffic to the other.

Check if you current switches properly support QoS and handle DSCP flags correctly.

This sounds like a solid plan! Don't exactly understand all of it but you've given my Google searches direction!

 

I wasn't aware that switches had any settings. I thought you just plugged in all the cables and away you go! I'll definitely look into this.

 

My current plan after your responses is to contact some IT companies and see what they can do and then failing that I'll get a dual WAN router like the FortiGate 60E, try and setup QoS with that and existing hardware, then if that doesn't do the job I'll get a second connection and set up SD-WAN.

 

Thanks for your help!

[BowShock]

The switch is a Trendnet TE 100-s24g and it appears to be un-managed with no QoS or DSCP support. Does this mean we need a new switch also?

[Eniqmatic]

When you are looking at Fortigates, have a look at some Palo Alto equivalent devices also, Many people consider them way to expensive, but things have changed and we actually got higher spec Palo Altos for less than Fortigate were offering. Granted these were higher end devices than your looking at, but the sales rep can always go lower!

 

Just don't limit yourself to looking at one manufacturer, try them all. You can get trial devices from pretty much everyone for free, I tried several different vendors for months at a time when looking for Firewalls. Definitely put in the time to find which one you like to work with and has the best features for you.

 

One thing I did observe when I tried Fortinet, they aren't the best with firmware/updates...As in, the new firmwares they push seem to always have bugs.

[BowShock]

2 minutes ago, Eniqmatic said:

Just don't limit yourself to looking at one manufacturer, try them all. You can get trial devices from pretty much everyone for free, I tried several different vendors for months at a time when looking for Firewalls. Definitely put in the time to find which one you like to work with and has the best features for you.

Thanks for the tip! I'll see about some trial devices.

[Eniqmatic]

12 minutes ago, BowShock said:

Thanks for the tip! I'll see about some trial devices.

Also when testing, make sure to enable every feature you plan to use to ensure that the device can keep up. Many of the throughput figures are given without much of the features enabled, then people turn them on and wonder why they can't get the maximum out of their links. I tried several devices that could get full potential out of our internet links, then when turning on some features would be drastically reduced.

[dalekphalm]

9 hours ago, BowShock said:

Yeah I don't fancy trying to manage pfSense and I'd have to buy a new machine to run it on anyway. Can't remember what the switch is, it's a brand I haven't heard of before. I'm working remotely at the minute so I can't check myself. I'll have someone check later.

 

I would like to get a local IT company to take care of everything, especially since I'm working remotely most of the time, but the bosses aren't too keen on the idea. I might get some quotes first and present the case.

 

This sounds like a solid plan! Don't exactly understand all of it but you've given my Google searches direction!

 

I wasn't aware that switches had any settings. I thought you just plugged in all the cables and away you go! I'll definitely look into this.

 

My current plan after your responses is to contact some IT companies and see what they can do and then failing that I'll get a dual WAN router like the FortiGate 60E, try and setup QoS with that and existing hardware, then if that doesn't do the job I'll get a second connection and set up SD-WAN.

 

Thanks for your help!

One thing you can do is after you get a quote from one of the IT vendors... just rip off whatever solution they proposed.

 

Obviously you'll still have to do all the config and installation yourself, but at least you'll have a hardware list to start with. I would definitely try and sell your boss on an IT Vendor solution though - it'll save you guys time and money in the long run.

[Acedia]

13 hours ago, Eniqmatic said:

When you are looking at Fortigates, have a look at some Palo Alto equivalent devices also, Many people consider them way to expensive, but things have changed and we actually got higher spec Palo Altos for less than Fortigate were offering. Granted these were higher end devices than your looking at, but the sales rep can always go lower!

 

Just don't limit yourself to looking at one manufacturer, try them all. You can get trial devices from pretty much everyone for free, I tried several different vendors for months at a time when looking for Firewalls. Definitely put in the time to find which one you like to work with and has the best features for you.

 

One thing I did observe when I tried Fortinet, they aren't the best with firmware/updates...As in, the new firmwares they push seem to always have bugs.

I was just using what I know best as an example. I am sure, Dells SonicWall, PaloAlto, Watchguard, Juniper, Sophos, Barracuda, Meraki etc. etc. etc. all offer those features now.