Hardware encryption?

You need to connect two offices in one local network through the provider means l2VPN.
both sides put two pieces of iron which will encrypt traffic.
Tell me what hardware to use and how is it correctly to organize.
It is necessary that they consistently kept 1 Gigabit.
July 9th 19 at 11:14
7 answers
July 9th 19 at 11:16
Solution
Starting with the Fortigate 60, but see the exceptions here.
The above devices have a separate package processor, so even overloaded the CPU (anti-virus, Url Filtering) do not drop the basic functions. I don't know how prices Cisco - but on a subscription/warranty iron Fortinet they are democratic.

If the price is not the budget offers a suitable alternative.

after I found Zen by setting the ASA - do not recommend it.
pfsense is also, Fortigate, CheckPoint - although it would be logical to set up. The AIA logic is very interesting ..... I have never learned.
Yes, I've almost decided on the Fortigate 80 series... - alexandria.Skiles7 commented on July 9th 19 at 11:19
Fortigate 80 - very old and will be discontinued.
I have the farm enough - no complaints.... But "it is Necessary that they consistently kept 1 Gigabit." - see table. It Gigabit IPSec does not hold.
90 Cm Fortigate. - Frank.Parker commented on July 9th 19 at 11:22
For the price - not so.
For cheap models, a computer is not a competitor.
But if you need encryption and fast computer koditsa cheaper. - Weston98 commented on July 9th 19 at 11:25
: hmm... I didn't know that... thank you so much for the tip.. and then I guys alone for almost napar 80ую model. - alexandria.Skiles7 commented on July 9th 19 at 11:28
July 9th 19 at 11:18
Encryption, in General, are quite resource-intensive procedure.
A light load will pull the cleverly-configured router type Mikrotik.

But its processor will become rotten under heavy loads.

Specialized high-performance encryption solutions are very expensive.

What some inexpensive compact computer with two network cards and operating system pfsense is also the best option simple. It's a FreeBSD distro specialized for work as a gateway, has the web management, is managed by network monitor it does not need (well, except that during the initial installation of the monitor will be easier).
Mikrotik CCR - Gigabit and not rotten - alexandria.Skiles7 commented on July 9th 19 at 11:21
:
At a price of about fifty thousand rubles?
This is only if you desperately need it compact enough electricity-eating machine with RouterOS.

For the money you can roam and compact full-fledged computer, which will be cheaper and faster. - Frank.Parker commented on July 9th 19 at 11:24
: well, there are a lot of things, not only compactness and malorossii. But task dependent, Yes. - Weston98 commented on July 9th 19 at 11:27
: Yes, RouterOS with her - "all out of the box". This bonus important. For this same task - no. - alexandria.Skiles7 commented on July 9th 19 at 11:30
July 9th 19 at 11:20
IPSec on pfsense is also two
on two servers with normal satavahana server, the business settings for a couple of hours. stacked can be cheaper than Cisco - alexandria.Skiles7 commented on July 9th 19 at 11:23
July 9th 19 at 11:22
Just found some equipment Fortinet, say cope...
But its main niche is a firewall
Cisco ASR 1000 series likely to satisfy your requirements - alexandria.Skiles7 commented on July 9th 19 at 11:25
July 9th 19 at 11:24
may ask the province to do so, L2VPN in their internal network (gray), non-routable in the world?
key in L2VPN - L2 - alexandria.Skiles7 commented on July 9th 19 at 11:27
July 9th 19 at 11:26
Mirotik Cloud Core Router, if the budget will allow. It will obviously be cheaper than two servers, the CCR series is significantly more stable (important not to update the firmware immediately after the release, and then they happen).
Mikrotik vzhizni not pull me under Gigabit IPSec - alexandria.Skiles7 commented on July 9th 19 at 11:29
: RB750, Yes, but CCR is a little about the other 36 CPU. Check the Gigabit IPsec how it potjanet (2 and channel) - Frank.Parker commented on July 9th 19 at 11:32
: I have as controller for wireless APS, VPN encryption is more than 300 M. the bit does not pull - Weston98 commented on July 9th 19 at 11:35
July 9th 19 at 11:28
If you need a good and honest encryption without glitches in the work can cough up the CheckPoint they have a ready piece of iron or a path as you. Can look in I will shift 2200 model And if not a secret what for such provider that gives you gigabitnyj VPN channel?
Thanks for the advice, unfortunately can't disclose such information. - alexandria.Skiles7 commented on July 9th 19 at 11:31

Find more questions by tags EncryptionSystem administration