How to choose a VPN router for small businesses

Hello! Another article in blog is devoted to the use of VPN routers in small and medium-sized enterprises. Reliable high-speed Internet access is a mandatory attribute of a modern office. But the reliability and speed of the Internet almost entirely depends on the router used. In fact, the router is the heart of the office, since all the data circulating on the local network of the enterprise passes through it. And even a short-term stop of this «heart» is able to paralyze the work of an entire office. That is why it is so important to take seriously the choice and purchase of a router. How to choose a suitable router that fully meets the needs of your business will be described in this article.

What is a modern router with VPN support

Router – one of the most important elements of a modern network. These devices choose the optimal route for transmitting data packets from the sender to the recipient. Figuratively speaking, routers on the Internet play the same role as post offices in regular mail communication. Router classes range from basic routers (Core router), which are used by telecom operators and owners of the largest Internet services (for example, Google or Amazon), to small home routers used by ordinary users to access the Internet and create a home network. Routers designed to serve local area networks of small and medium-sized enterprises form a special class of these devices – business class routers. Compared to home routers, business class routers have a lot of advantages, which we will talk about later.

Attention! In principle, it is possible to create a local network in a small office and on a home router, but it is categorically not recommended to do this. Always give preference to a business class router, since home routers are less reliable and don’t provide the proper level of security.

What you should pay attention to buying a router for your company

When designing a local network, even for a small office, it is necessary to take into account many factors on which the smooth operation of the enterprise depends. Here are the main criteria on the basis of which a local network should be built:

  • scalability. If necessary, the network should be easily expanded without replacing the router;
  • reliability and safety. The network should be protected by a firewall and support reliable VPN protocols;
  • performance and high throughput. The normal operation of the office depends on it;
  • simplicity of setup and manage. The budget of a small enterprise does not provide vacancies for a professional system administrator, so the setup and administration of a local network should be available not only to a professional.

This follows the general requirements for a router for business:

  • a business class router should have excellent performance, the higher the processor power, the more computers, that is, jobs are able to service the router. Therefore, it is necessary to give preference to models with powerful multi-core processors;
  • the high overall throughput of the router is also very important. If the router has a low throughput, then with large volumes of traffic, the data transfer rate will drop sharply;
  • the more available ports the router has, the less problems there will be with network expansion. If you prefer to create a local network based on Wi-Fi, then the signal from the router should be strong enough to cover the entire office area without any problems;
  • there must be a Dual-WAN load balancing capability, since even a short-term absence of an Internet connection can have disastrous consequences for business;
  • it should be possible to configure the DMZ;
  • in a large office, you can’t handle without VLANs, so this technology should be supported by all business class routers;
  • if you plan to create a local network based on Wi-Fi, then the router should support WPA2 or WPA3 technology (WPA is the Wi-Fi Protected Access security protocol, WPA2, WPA3 are improved WPA, support modern AES encryption standards) and MAC address filtering;
  • naturally, there must be a built-in firewall to protect the local network from intruders and malicious code penetration;
  • the ability to filter content and the presence of advanced security settings must be present in the business class router;
  • similarly, built-in VPN support is currently not a luxury, but an urgent need. Read more about why VPN is important for any office here.
  • high fault tolerance. Overload should not lead to an emergency shutdown of the router;
  • the interface of the control panel should be intuitive, the configuration of the router should be accessible not only to a professional.

Thus, if you plan to further expand the local network of your enterprise, create new jobs, then buy a router with a good margin of performance and throughput capacity. It is mandatory to have a built-in VPN client and VPN server and support for several VPN protocols. There must also be the ability to filter content individually for each connected device – you don’t want your company’s employees to spend their working time visiting social networks and entertainment sites. What is Dual-WAN, DMZ and VLAN load balancing will be described in the following sections.

What Dual-WAN load balancing is?

Business class routers have the ability to connect to an external network via two WAN ports, and each port can be connected to different Internet providers. That is, you get two independent Internet channels. If one of the Internet providers fails, then all traffic will go through the WAN port connected to the second Internet provider. The ability to manage two Internet channels is called Dual-WAN load balancing.

There are two modes of Dual-WAN load balancing: Failover&Failover and Load Balance.

  1. Failover&Failback – in this mode of operation, one of the WAN ports is considered the main one, and the second is considered auxiliary. During normal operation, all traffic goes through the main port. In case of any malfunction of the main port, the router will automatically switch to the spare port;
  2. Load Balance – in this mode, the load is evenly distributed between the two WAN ports. In case of any network problems on one of the ports, the load on the second port increases.

Note that Dual-WAN load balancing also allows you to configure the local network so that traffic from individual computers and other devices goes through a specific WAN port.

For example, if there are only 12 computers in the office, you can make it so that traffic from the first six computers goes through the first WAN port, and traffic from the rest of the computers goes through the second.

What Demilitarized Zone (DMZ) is?

DMZ or Demilitarized Zone – a dedicated part of the local network that can be accessed from an external network. In our case, the Demilitarized Zone is a part of the local network that is not protected by the router’s firewall. For example, if you need users from the Internet to access a certain server in your office (it can be freelancers, remote workers, etc.), you simply place this server in the demilitarized zone in the router settings – DMZ.

A local area network (LAN), a router connected to an external network (WAN) and Demilitarized Zone (DMZ)
A local area network (LAN), a router connected to an external network (WAN) and Demilitarized Zone (DMZ)

What VLAN is?

VLAN (Virtual Local Area Network) technology allows you to create several virtual subnets on the basis of one local network. For example, the router has 4 LAN ports, to each of which 3 computers are connected via switches, that is, the local network consists of 4*3=12 computers. Using a VLAN, you can split a local network into 4 virtual subnets, each of which will have three computers. At the same time, computers located in different subnets will be isolated from each other. As you can see, VLAN technology is indispensable when you need to create several departments in one office. Another important advantage of VLAN technology is that you can set your own security policy and access rights for each virtual subnet.

Note that several subnets can be created on the basis of one switch, it is enough to divide the computers connected to it into the required number of groups.

Installing and configuring a VPN on the router

Nowadays, only those companies that take the security and protection of confidential data seriously can withstand competition and survive. Therefore, even small firms allocate funds to protect their Internet connection. And the cheapest way to protect the Internet traffic of a small enterprise is to set up a VPN on a router. Switcherry VPN company offers ready-made solutions for small and medium-sized businesses. Our corporate clients receive dedicated high-performance VPS servers that are ideal for servicing small and medium-sized enterprises. Write to our company’s support service to get the data needed to connect to our service. How to configure the router yourself to work with a VPN was described in the article «How to install and configure VPN on the router». After setting up, you can check the speed and security of your VPN connection.

In the next section, we will proceed to choosing the router that is most suitable for your company’s needs. All prices are current for December 2021.

Modern VPN routers for small businesses

We recommend choosing one of the routers in our list.

Linksys LRT224

Linksys LRT224
Linksys LRT224

Technical specifications:

  • total throughput capacity: up to 1000 Mbps;
  • available ports: 4 Gigabit LAN, 1 Gigabit WAN, 1 Gigabit WAN/DMZ;
  • supported VPN protocols: OpenVPN, IPsec, PPTP;
  • price on Amazon: $413.99

Description:

Linksys LRT224 – an old (produced since 2013), but a very well-proven router for small businesses. A control panel with an intuitive interface. Supports Dual-WAN, VLAN, DMZ technologies. However, if you want to connect the router to two different Internet providers in order to create a Dual-WAN load balancing, you will have to abandon the creation of a demilitarized zone, since the same Gigabit WAN/DMZ port is used to connect the router to the second provider and to create a DMZ. The router can simultaneously serve up to 50 IPsec VPN tunnels and 5 OpenVPN tunnels. It can also work as an OpenVPN server.

Buy Linksys LRT224 on Amazon

TP-Link ER7206 Multi-WAN Professional Wired Gigabit VPN Router

TP-Link ER7206
TP-Link ER7206

Specifications:

  • total bandwidth: 1700 Mbps;
  • Number of available ports: 1 Gigabit WAN, 2 Gigabit WAN/LAN, 2 Gigabit LAN, 1 SFP WAN;
  • VPN protocols supported: IPSec, L2TP/IPSec, PPTP, OpenVPN;
  • Amazon price: $149.99

Description:

Powerful router for small to medium sized businesses. Can support local network operation with 700 client connections. Full support for DMZ, Dual-WAN and VLAN technologies. Supports 100 IPsec, 50 OpenVPN, 50 L2TP and 50 PPTP VPN tunnels at the same time. Configurable firewall with content filtering and protection against DoS attacks.

Buy TP-Link ER7206 on Amazon.

Netgear Insight Instant VPN Business Router BR500, BR200

Netgear Router
Netgear Router

Technical specifications:

  • processor: 2-core, 1.7GHz;
  • total bandwidth: 924 Mbps;
  • Number of available ports: 4 Gigabit LAN, 1 Gigabit WAN;
  • VPN protocols supported: SSL, IPsec, IKEv2, PPTP, L2TP, OpenVPN (BR200 only).

Description:

Two small business routers are identical in appearance and with similar specifications. The main difference between them is that BR200 has built-in support for OpenVPN, BR500 doesn’t support this VPN protocol. In addition BR500 has a 5 year warranty and BR200 has a 2 year warranty. Otherwise, routers are indistinguishable from each other – both support 256 VLAN subnets, 1 DMZ, work as a VPN-client/VPN-server, content filtering by keywords and domain names. Dual-WAN technology is not supported by these routers.

Buy Netgear BR200 on Amazon.

TP-Link Safestream Multi-WAN TL-R600VPN

TP-Link Safestream
TP-Link Safestream

Technical specifications:

  • total throughput capacity: 680 Mbps;
  • number of available ports: 1 Gigabit WAN, 3 Gigabit WAN/LAN, 1 Gigabit LAN;
  • supported VPN protocols: IPSec, L2TP/IPSec, PPTP;
  • price on Amazon: $124.99

Description:

A simple inexpensive router for small businesses. Supports the creation of a demilitarized zone and Dual-WAN load balancing. The router can simultaneously serve 20 IPsec, 16 L2TP and 16 PPTP VPN tunnels. The intuitive web interface will allow you to easily configure the router. The firewall has built-in protection against DoS attacks. The disadvantage of the router is the lack of support for the OpenVPN protocol.

D-Link DSR-1000AC

D-Link DSR-1000AC
D-Link DSR-1000AC

Technical specifications:

  • total throughput capacity: 1.3 Gbps;
  • number of available ports: 2 Gigabit WAN, 4 Gigabit LAN, 2 USB 2.0;
  • supported VPN protocols: SSL, GRE, PPTP, L2TP, IPSec, OpenVPN;
  • prices on  Amazon: $570.98

Description:

A modern multifunctional router for small businesses. It is perfect for deploying a local network on both Wi-Fi and cables. Full support for AMD, Dual-WAN and VLAN technologies. If desired, you can even create a third Internet connection via a USB port using a USB modem. High-speed Wi-Fi supports all modern security protocols: WEP, WPA-PSK, WPS, WPA2-PSK. It has support for all modern VPN protocols. It can simultaneously serve 155 VPN tunnels, including 70 IPsec tunnels, 20 SSL/TLS tunnels, 25 PPTP/L2TP tunnels, 20 GRE tunnels, 20 OpenVPN tunnels. Disadvantage – high price.

Synology RT2600ac

Synology RT2600ac
Synology RT2600ac

Technical specifications:

  • processor: 2-core, 1.7GHz;
  • total throughput capacity: 2.53 Gbps (2500 Mbps);
  • number of available ports: 3 Gigabit LAN, 1 Gigabit WAN/LAN, 1 Gigabit WAN,  1 USB 3.0, 1 USB 2.0, 1 SD card reader (SDXC, SDHC);
  • supported VPN protocols: SSTP, OpenVPN, L2TP / IPSec, PPTP;
  • price on Amazon: $219.66

Description:

An excellent router for creating a local network, both based on WI-Fi (you can create a network on cables, but the choice of Wi-Fi is preferable). Supports DMZ and Dual-WAN technologies (the cable of the second Internet provider is connected to the WAN/LAN port). All modern Wi-Fi security protocols are supported (WEP, WPA-PSK, WPA2-PSK). It can work as a VPN client and VPN server, there is support for most popular VPN protocols. User-friendly control panel interface, easy configuration of content filtering for each user. Synology RT2600ac was originally created as a home computer for a large family, but it will work fine in a small office.

Buy Synology RT2600ac on Amazon.

TP-Link AX5400 WiFi 6 Router (Archer AX73)

TP-Link AX5400
TP-Link AX5400

Technical specifications:

  • processor: 3-core, 1.5GHz;
  • total throughput capacity: 5378 Mbps;
  • number of available ports: 4 Gigabit LAN, 1 Gigabit WAN,  1 USB 3.0;
  • supported VPN protocols: OpenVPN, PPTP;
  • price on Amazon: $199.95

Description:

Modern (its production started this year) and powerful router for home and office. Uses the latest Wi-Fi 6 wireless communication standard using the most advanced security protocols WPA3, WPA2-Enterprise, WPA2-PSK. Six antennas will provide 100% coverage of your office, the absence of «dead zones» is guaranteed. The built-in firewall will reliably protect against DoS attacks. The intuitive interface of the control panel allows you to easily configure the router to a person who is far from IT technologies. For those who are going to create a wireless office.

Buy TP-Link AX5400 on Amazon

NETGEAR Nighthawk X10 Smart Wi-Fi Router (R9000)

NETGEAR Nighthawk X10 Smart
NETGEAR Nighthawk X10 Smart

Technical specifications:

  • processor: 4-core, 1.7 GHz;
  • total throughput capacity: 7200 Mbps;
  • number of available ports: 6 Gigabit LAN, 1 Gigabit WAN, 1 10Gigabit LAN SFP+, 2 USB 3.0;
  • supported VPN protocols: OpenVPN, PPTP;
  • price on Amazon: $531.00

Description:

A powerful upscale router for home, but can also be used to create a local network in the office, both on the basis of cable connections and Wi-Fi. One of the fastest routers in its class. A configurable firewall will provide protection against DDoS attacks and allow you to configure an individual security policy for each workplace.

FAQ

1. What a WAN port is?

1. What a WAN port is?

WAN (Wide Area Network) is the standard designation of an external network. WAN ports are used to connect the router to an external network (Internet) and to create a demilitarized zone (DMZ). Business class routers must contain at least two WAN ports. However, some routers have only LAN ports (see the next paragraph), and they are used, including for connecting to the Internet and for creating a demilitarized zone (DMZ). In this case, in the router settings, you must specify which or which LAN ports are used as WAN ports.

2. What a LAN port is?

2. What a LAN port is?

LAN (Local Area Network) the name of the local network. Office computers and other devices are connected to LAN ports directly or via switches.

3. What a SFP WAN/LAN port is?

3. What a SFP WAN/LAN port is?

SFP (WAN and LAN) port allows you to connect the router to a fiber optic cable (via a transceiver). Thanks to this, it is possible to significantly increase the data transfer rate and reduce the influence of electromagnetic interference.

4. What does Gigabit Ethernet mean?

4. What does Gigabit Ethernet mean?

A Gigabit Ethernet cable can theoretically transmit data at speeds up to 1 Gbps – one gigabit per second (one gigabit per second, approximately 1000 Mbps), while a Fast Ethernet cable is designed for a maximum of 100 Mbps. Thus, each of the Gigabit LAN or Gigabit WAN ports can provide throughput capacity up to 1 Gbps.

5. What a PoE port is?

5. What a PoE port is?

PoE (Power over Ethernet) – power supply via an Ethernet cable. That is, the PoE port is not only designed to transmit a signal, it can also serve as a power source.

6. What are the router's USB ports used for?

6. What are the router's USB ports used for?

Peripheral devices such as external disks, printer, modem, etc. can be connected to the USB ports of the router.

7. Does the overall performance of the router depend on the number of available ports?

7. Does the overall performance of the router depend on the number of available ports?

No, not always. The performance of the router depends only on the processor power and maximum throughput capacity. For example, one router has 4 LAN ports and a total throudhput capacity of 4000 Mbps, and the other has 8 LAN ports and only 800 Mbps of total throughput capacity. Obviously, you can connect 5 times more computers and other devices to the first router than to the second one. That is, with the first router, you can significantly expand your office network by connecting several computers to each LAN port through switches.

8. Does the Wi-Fi coverage area depend on the number of router antennas?

8. Does the Wi-Fi coverage area depend on the number of router antennas?

No, as a rule, it does not depend. The total coverage area depends only on the signal strength, but the more antennas a Wi-Fi router has, the better it serves the premises of this area, providing more complete coverage, without the so-called «dead zones» («dead zones» or «dead spots») and a higher data transfer rate.

9. Which VPN protocol is best suited for business use?

9. Which VPN protocol is best suited for business use?

Without a doubt, OpenVPN is the best choice. This is a time-tested, secure and reliable VPN protocol. So, for business, you should choose only a router with built-in support for the OpenVPN protocol.

Author: SwitcherryVPN Team

Leave a Reply

Your email address will not be published. Required fields are marked *