On 31/05/2022 17:00, Theo wrote:
> That'll likely be a CPU problem. Not much you can do to improve
performance
> at that end. Some of them have hardware acceleration for networking, but
> many don't (or no drivers, especially on replacement OS installs)
The Draytek 2926 I have at home has hardware acceleration and lots of
other firewall features that are heavily used for blocking server
atacks. e.g. blocking countries and hundres of host subnets etc.
The work router is several models behind so it's missing much of the
good stuff.
<snip>
>
> Depends how much you want to set up, but anything with a decent amount of
> compute: small Intel box (eg search TinyMiniMicro - like a NUC but
cheaper),
> Chinese small Celeron box, Raspberry Pi 4, etc. Preferably one with two
> network interfaces. Perhaps you have something like this lying around?
I.T. equipment, like my vehicles I keep using for as long as they remain
operational whereupon they retire to the graveyard shelf so nothing of
any use I'm afraid.
> If you want to go commercial, Ubiquiti have things like the EdgeRouter,
> Mikrotik have similar small boxes, etc. Possibly an older one can be
picked
> up used for cheap.
Just saw a Ubiquiti USG on ebay but the first vid. showed with "threat
management" off it was doing over 900Mbps but with it switched on it
dropped down to not much over 100Mbps
> Unless you already have suitable hardware, you're going to be
investing in a
> second one anyway. It would seem more awkward to have separate
firewall +
> router boxes where you could have combined box, unless you have
particular
> needs. Although there is something to be said for having a wired
> firewall/router and then a separate wireless access point (located
> whereever's best for wifi signal).
>
> I assume your redundant Drayteks are going to be worse/older than your
> current one, so no help from your pile.
If I remember, I upgraded the home one when for some reason it locked up
and couldn't be reset, what it replaced went to "the shelf". Then
perhaps 12 months later the shop one locked up and couldn't be reset so
out of desperation I pluged the retired home one in, did the factory
reset (RST) configuration etc and it came back to life so everything
else is significant;y older/lower spec. or dead (at time of retirement).
I might have to just run with lower security and no QoS which was
essential on ADSL2+ for VoIP but not so critical now.
Greatly appreciate your input and advice as always.