Hello,

Would like to have your idea about this project :

Customer with 5 sites
Site 1 Principal and 2 BW : 100/100
Site 3 BW:1000/800
Site 4 and 5 BW : 20/500k

Actually
S1 Netgear FVS318 WAN IP on PORT WAN
S2-3-4-5 Zyxel USG40W DMZ with ISP BOX
All of them with IPSEC IKEv1 (SHA1-AES128-DH2) to S1

Performance over IPSEC are really poor between 1 and 2-3, 8/8 in copy of file, cause their app use SMB and SQL
For testing i created CHR VM on S1 after Netgear( full NAT to VM) and GRE to S2, i'm about 60/60
Think about replace S1 Netgear by RB4011 and S2-3 Zyxel by HEX S.

What do you think ?

Thanks

Go for 4011 on all the sites, the key to easy management in the future is to simplify when you can.
Also - you can make configs more or less identical and have a preconfigured spare.

Concur, the hex cant provide 1 gig throughput and the RB4011 is good at least up to 3-4gig.
For IPSEC the hex is capable up to 170Mbps, the RB4011 is probably good for 700-800.

Based on a future growth and trend it is not unreasonable to expect 1gig up and down in the future
If this is the case, as an investment, then the RB4011 for all sites is excellent.

If on a tight budget, the Hex S, for Primary, BW and sites 4,5 make sense and the RB4011 ONLY for Site 3.
Anything else based on throughput and ipsec speeds (as per your initial thought bubble) makes no sense, so is there something you are not letting us know???

Hello,

Sorry for long time don't have any notification about reply and didn't saw reply!!!

Actual problems are so long transfert between sites they work with SMB FTP and SQL, opening Word (1-2Mo) file is long copy of phots is long too, etc....

Zyxel are very slow on FTP/SMB transfert over IPSEC (about 700K/s), support don't find anything.

That's why thikn to Mikrotik (use CHR as personal and no problem)