Hi! I’m planning to set up a remote VPN server for my dad’s business when I visit India the next time. He and possibly one other employee would be the only users, accessing the VPN from two different remote locations.
I was hoping for a secure hardware VPN solution under $500. I’d prefer hardware because his windows desktop is not regularly updated due to this terrible accounting software he uses that often breaks with window updates, so ideally I wouldn’t want it exposed to the internet much or at all. (Though again, I’m not sure it’s great idea restricting internet entirely in case he does need it sometime because I can’t expect him to flip firewall rules or something?)
My dad is technically challenged, so I’m looking for something which requires minimal intervention and can be managed via the cloud (or maybe even offers on site support in India when needed.) So something like a self hosted Linux box is out of the question.
I like my unifi dream machine and was considering the unifi express, but I’m not sure I’d trust their software updates or security for a business.
pfsense on either netgate or protectli. Cloud-managed doesn’t help you if the site’s internet is down no matter what you do. And if it’s the firewall itself that is the problem, same thing.
My last employer (MSP) standardized on WatchGuard for small business clients. They’re easy to configure and troubleshoot, especially if you’re not well-versed in networking and/or security. The WatchGuard T25 would meet your technical requirements; however, the appliance + three-year license will be around $1,200 USD.
With that being said, at your desired price point, I would suggest PFSense running on Netgate 2100 ($349 USD) or Netgate 4200 ($549 USD). Both of these appliances include TAC Lite (basic support), with higher tiers of support available.
I would not implement a 40F for VPN at this point. There have been so many VPN vulnerabilities on the platform that it does not make sense. OP if you don’t have time to actively manage this device I would look for another solution.
Yeah, then you only have to deal with the VPN bugs. I wouldn’t touch a Fortigate with the proverbial 10 foot pole when it comes to VPNs, both SSL and IPSec.