Customer with 5 sites
Site 1 Principal and 2 BW : 100/100
Site 3 BW:1000/800
Site 4 and 5 BW : 20/500k
Actually
S1 Netgear FVS318 WAN IP on PORT WAN
S2-3-4-5 Zyxel USG40W DMZ with ISP BOX
All of them with IPSEC IKEv1 (SHA1-AES128-DH2) to S1
Performance over IPSEC are really poor between 1 and 2-3, 8/8 in copy of file, cause their app use SMB and SQL
For testing i created CHR VM on S1 after Netgear( full NAT to VM) and GRE to S2, i’m about 60/60
Think about replace S1 Netgear by RB4011 and S2-3 Zyxel by HEX S.
Go for 4011 on all the sites, the key to easy management in the future is to simplify when you can.
Also - you can make configs more or less identical and have a preconfigured spare.
Concur, the hex cant provide 1 gig throughput and the RB4011 is good at least up to 3-4gig.
For IPSEC the hex is capable up to 170Mbps, the RB4011 is probably good for 700-800.
Based on a future growth and trend it is not unreasonable to expect 1gig up and down in the future
If this is the case, as an investment, then the RB4011 for all sites is excellent.
If on a tight budget, the Hex S, for Primary, BW and sites 4,5 make sense and the RB4011 ONLY for Site 3.
Anything else based on throughput and ipsec speeds (as per your initial thought bubble) makes no sense, so is there something you are not letting us know???