Network Setup for Small Business

Hello,

I want to preface this with saying i’ve read a lot of other threads on this and know that hiring a pro is probably the easiest and smartest option however it seems like a fairly simple set up and i’d enjoy doing it myself.

CONTEXT:

My company is moving into a new office and as the office is currently unpowered, unpainted and unfurnished, they are looking at installing a small office network while they fit it out.

DETAILS:

Total employees: 15

Office Size: 75 m^2

We have one synology server and are a completely web based business so all our employees use laptops and we are looking to get a couple of dedicated office computers down the line. We will have a printer and probable a VoIP conference room system.

We use a cloud based service to manage all of our business and semi reguarly are downloading or uploading multi GB files or doing video calls.

I have looked at basically every online resource there is and have a decent knowledge of network architecture and the different brands in the space. However i am at a loss as to the finer points of which models and combinations of hardware i should go for.

My biggest gray area is around the modem/router aspect of it. Am currently considering a Fortigate firwall and an Aruba Instant On switch and AP. We are a small business and cheaper would be better but still want to have business grade kit and room to expand in future.

Any advice is very welcome.

​

***EDIT***

I have spoken to my boss and told him we should get a consultant in to do it as it seem like a project thats out of my depth. He said i should give it another crack as its relatively low stakes and a good way to learn. (again we will get it assessed by proffesionals before using). Again i want to stress this is a side project i am being payed hourly for as part of my general work at the company and my boss knows my skill level and is aware of the risks.

A lot of the comments here and elsewhere have narrowed my search down a lot and i am thinking of going with the Auraba instant on ecosystem as its simple and will suit our needs. Considering getting Aruba Instant instead but the licensing costs of Central seem to negate the extra control we would get (and likely dont need at this point in our business’s growth).

I looked at Cisco Meraki aswell and while they seem to be a great product line their licensing costs seem pretty excessive for our use case.

I know cloud based management inherently has risks such as the provider ending the service or the service going down but being able to manage everything from one place seems worth it for the slight risks especially because we dont have dedicated IT staff.

Thanks for all the advice. I will post an update when we have it installed.

​

Do you want to become the IT support when things break? The main reason I’d suggest bringing in external help is because you are going to be pinned for every little issue, every minor internet blip, every time a web conference drops or a printer doesn’t print. If you have a major issue what support will you have? What level of vendor support are you looking at? What’s the cost of having the whole office down for a hour, a day, a week?

Are you the owner or have some relationship with the owner because otherwise you are setting yourself up for a bunch more work with no real upside. Day to day you’ll have every little issue to worry about and if there is a major issue, security event, etc might’ve worse then that.

Do you have any customer info internally? Any pii? Any other protected data under gpdr, pci, hippa, etc? How are you protecting proprietary data? If your one server gets ransomwared what’s the fix? How are you documenting all of this? If you do all this work and leave in six months can someone pick it up?

The reason you should hire a consultant for this is the fact you could miss something that a consultant has already been through. There are many considerations to take into account, it’s not just running cabling though the office and slapping some hardware in a rack and an AP in the ceiling and calling it done.

What is the current network setup/configuration? What hardware is being used? Any particular features? Flat network or vlans? What servers are onsite? What about servers that are remote? You mentioned a Synology server, what about any other physical servers? What about security? Physical security (cameras, access systems, etc…).

You don’t have offload the entire project to a consultant but I recommend at least working with one to accomplish this.

If you are going with a FortiGate, why not go with a FortiSwitch and FortiAP and manage it all via the FortiGate.

The nice thing about FortiGate is you get a security focused network vendor.

I’d probably look at a 40F or 60F with the SMB license (SMB license gets you a year of log retention) with a FortiSwitch 124F-FPoE. Without knowing what your building looks like, I’d start with a FAP431F access point, and you can always add an additional one down the line if you need better coverage.

The FortiSwitches and FortiAPs are a bit more expensive than the Aruba InstantOn switches but you’ll have them for years, and the security and management benefits are worth the extra probably $1000 over the next 5 years.

I would advise brining in an MSP to configure/install equipment so that you know it’s set up securely.

You don’t know what you don’t know. Definitely work with a consultant. Preferably day 1. You can still learn a ton and dip your toes in it.

The key here isn’t can you do it but these two questions:

1. do you want to be at least partially responsible for the network including troubleshooting?

2. can you set appropriate expectations with your boss/ the owner?

The second question is the most important question for any engagement - nothing gets relationships in hot water faster than badly managed expectations. In terms of setting expectations, that’s unique to every circumstance but make sure that at the very least it’s clear that you’re new to this and things will go wrong. That’s fine, no big deal, just set the expectation.

For the first question, if you’re interested (and I certainly understand if you are, we all start somewhere and I think it’s great you’re taking the initiative and an interest) also ask if this is the best use of your time. What ways do you provide value to the business? If this takes up 10–20% of your time for X time period, that work will that take you away from? Don’t fall into the trap of ‘I can still do my job 40 hours a week and squeeze this in too’ - that’s a solid way to burn out and not manage both your and your boss’ expectations well. Back to question too, make sure you set the expectation that this will take away from N other initiatives.

Overall I think it’s great you’re interested. Also, despite what some other folks in this thread have said, there’s nothing wrong with asking the pros here for help - that’s why we as pros are here and commenting on these threads. As to if you can do it - certainly! Networking is a challenging discipline but it’s not black magic and many of us started with simple networks like what you’re describing. As long as you have plenty of tenacity and the ability to handle pressure when things occasionally go wrong you’ll be just fine.

With that out of the way I’d recommend you consider a Fortigate (40 or 60F) and a Fortiswitch and FortiAP. Of the three, Fortiswitches are my least favorite product (and I’ve used a LOT of Fortinet gear across many networks big and small) but for your use case it will work fine and be the easiest to manage. I’ve heard great things about Aruba InstantOn (though haven’t personally used them) but at the end of the day, keeping things under one brand will probably serve you better (and bear in mind the Fortinet AP tech is from their acquisition of Meru which was a very good wireless brand). I run a Fortigate and FortiAPs at home and have also run them in small and large enterprise environments without issue.

Avoid Ubiquiti, it’s just not worth the headache. I’ve run many networks over the years with their switches, APs, security gateways, etc. (from both the Edge line of products as well as the Unifi) and have run into so many issues with all of them I can’t ever recommend them for anything beyond one person working from a home office. I’ve used pfSense for around 15 years now and while it’s a decent product it’s not a NGFW in the same way a Fortigate or Palo are. Netgate has OK support but I’d stick with Fortinet - it’s easier to learn, has a much better feature set and will be a better investment of your time at the end of the day.

Fortinet has had some vulnerabilities in the recent past but that’s true of most software - the key isn’t so much vulnerabilities but how fast you can patch them. For some of the recent vulnerabilities that were announced for Fortinet devices I was able to patch them the night they were announced across numerous firewalls quickly and without a single issue. Don’t discount the importance of operational speed and efficiency when looking at products - Palo and Arista are probably at the front of the pack here but Fortinet is quite close with many of their products. Comparing to Ubiquiti here, it’s a huge difference in quality.

Be sure to set expectations and that it’s worth your time. With those things nailed down jump in! What better way to learn? If you have questions, Google and search support forums as much as you can, then post here and we’ll be happy to help! Best of luck

If I were you and the assumptions I’m making about your newness to this work are correct, I would tell you to go with Meraki.

They are straightforward to setup and have an easy of use that will be attractive to your business. Also, keeping things within a single vendor means you can get support without multiple vendors pointing fingers at one another and leaving you in the middle.

Certainly sounds like a job best handled by a “Managed Services Provider” (MSP, especially if you’re unfamiliar with the process. Look for which ones are reputable in your area and leave it up to them.

Your instincts are quite good in all honesty - personally I’d say swap out the Fortigate for a Netgate pfSense+ machine, and take a look at Ubiquiti Unifi for the managed switch and access points (I’ve heard decent things and Aruba so compare and contrast on your own).

Fortigate doesn’t have the best reputation, and they’ve had a number of back door CVEs that’re enough to dissuade me. pfSense meanwhile is open source, runs on any Intel or AMD based computer, and is vetted very thoroughly for security.

Ubiquiti devices can be controlled entirely from a web interface without any kind of cloud subscription (despite how hard they try to sell you one), and the controller could run as a VM or Docker image on the Synology.

As for a modem - your best bet is to just grin and bear with whatever your ISP provides. Modems are essentially dumb devices that convert data lines from the carrier to (typically) standard Ethernet.

Mind sharing what internet type and speeds are expected from the ISP? 100Mbps? 1Gig? 10Gig? Over fiber? Cable? Anything like that would be great to provide.

For your size business and if your going in this alone why not go unifi? Easy to deploy and manage. Tons of videos online of people setting it up and it’s affordable.

Your small enough to where I think unifi equipment will work just fine for you.

75 m2, everyone uses laptops: Easy, get single PoE switch and 2-4 Access points. Aruba Instant On fits the bill perfectly IMHO. Feeling extra: try to grab 500-series AP from ebay instead. Switching is less of a problem, get a better APs instead. Forget about expensive site survey, 75m2 will be covered by single AP.

Get a firewall based on your budget and/or internet speed.

60F w/ aruba 1960 stackable switches and Aruba APs. Make sure QoS on voip. Segment when you can. Even a fortigate 40F would be enough. Best future proofing where all traffic is all 100% routed by firewall - 80F

Also please do not use Ubiquiti or PfSense… is not a homelab… instant on is “soho” enough… I would say even catalyst 1000s are more “business” and a small Palo Alto FW would be good to… but that is stepping it up a bit much for 15 users.

If you are going full security, everything L3… don’t route at switch, everything should go up to your FW. Again, this is for security but will take a toll in your CPUs

Honestly, for an office that size and use case, a good quality wifi modem/router is all you need. Then maybe a netgear unmanaged switch or two to add ports.

Enterprise gear is going to be overkill for you.

Very good points.

I am not the owner but have been working with the business from basically day one and i have been given this task with full knowledge that i am unqualified and just having a crack to see how far i get. There is no expectation that i will do a profesional grade job and we are more than happy to get professionals in to give us a hand.

We do not store any sensitive client information on site and we have a contracted IT Security company that manages our systems (we will run the upgrades past them before pulling the trigger)

Yeah you make a good point.

The reason i am looking to at leaast do most of the project myself is that it is a very simple situation. There is not existing infrastructure in the office. The building has one other tenent but they are running their own network which will be seperate to ours. essentially there is a modem and nothing else. This is our companies only office. We have one server which is a small synology NAS which we have in the office with us. We dont need security cameras or any other systems. it is simply wired and wireless internet to a handfull of devices in a small office with the only complication being the possible inclusion of a VoIP system in future.

We will be running the whole install by our IT security service we use but would rather not get to do it all as they are expensive.

Good call. I have not heard anyone recomend Fortigate switches or APs and only picked them as it seems to be the agreed upon best hardware firewall solution out there

Thanks so much for your comment.

This is by far the most informative and useful thing anyone has said. i have been convinced to look for a MSP to do it for us as you and many others have mentioned it not being worth the headache in an invironment where work relations are on the line.

I will have a chat with my boss and discuss other options and tell him that im not confident in my ability to set it up solo.

Was still a very interesting endever plunging in and learning about network architecture which was, up until now, a mystic form of magic which i stayed far away from.

I will probably explore it again in the future in the form of a home network or maybe my current career path as an engineer will lead me back into this area again.

Thanks for your help, will post an update in a few months

Thanks thats really good advice. Your assumption are correct i am not trained in IT and have just dipped my toes into networking and servers as its something that interests me.

I saw that the Aruba Instant On systems seem to be very plug and play and they dont require a subscription system like Meraki seem to do.

Interested to hear your thoughts

Definitly looking at our options for getting a MSP to come in and either handle it or at least give us a hand but still interested in seeing how far i get without one.

I went with Aruba over Ubiquiti as i have seen a lot of people saying they are garbage wrapped up to like nice (but have no idea if this is true) and aruba instant on seem to be fairly highly regarded while also being cheap and relatively plug and play.

I thought that was the case with the modem to be honest, was more wondering about a router if i should look at getting a stand alone one or not.

I believe we have fiber to the building but its australia and our internet sucks so probably looking at between 100Mbs and 300Mbs connected to the building and my boss (who has seen the building) says there is a shared modem and switch downstairs but we will need our own router.

I’d never recommend a business run Ubiquiti equipment. The price difference over the 5 year hardware life cycle vs something better is minimal.

Until you need support and realize there isn’t any and you rely on forums for answers.