Zentyal community edition - is ok for production? and using VLAN with Zentyal.



  • The alternative would be to use something a bit less all-in-one-esk and just use Fedora to setup your file server, domain, printers etc.



  • How big is your environment?



  • Why not use something like an EdgeRouter



  • I can't think of any situation where I would recommend using something like Zentyal as a router. This is a general purpose server, not a networking device. The OS and networking stack are not tuned for this. And you certainly don't want a software device, nor standard desktop or server hardware, nor something with that much code sitting in that position on your network, you definitely never want a multi-homes situation with a server like this. That it is a development rather than whatever else release really isn't the issue, Zentyal is fine as a server, but it's definitely not okay as a router. When enterprise routers and firewalls start under $100, it's hard to imagine the scenario where something like this could make sense since 30 minutes of installation time alone would pay to buy a proper, business class, supported device.



  • One of the key purposes of a firewall is to protect the server, more than anything else. Essentially here there is no firewall, the server is being put directly onto the Internet. Imagine hearing that a client had a Windows Active Directory server and decided to not only not put it behind a firewall, but to not have it even behind a router. You'd think that that customer was crazy. That's exactly the same thing here.



  • @DustinB3403 I understand, it is more about with Support and without Support.

    @DustinB3403 This is not for file server, domain or printers but for Firewall mainly.

    @IRJ Around 75 workstations

    Let me highlight my main targets with this setup:

    1. I'm setting up this Zentyal in my LAB at office, with no connection with production by using an extra 4G Internet Link, to build my whole network and test and learn things.

    So to have Firewall in Lab and learn, I setup Zentyal, main purpose is for Firewall and DHCP with VLAN.

    Also want to try to setup VPN on this Zentyal and try to connect from office Network to my LAB 🙂

    1. We have Sophos Firewall, it is going good with Firewall and DHCP server, want to mention VLAN in use.

    So along with setting up things from scratch by myself, testing and learning, I want to be ready for any failure of our production Firewall. So at least I can keep the minimum firewall things and dhcp services up for have internet, until production Firewall is back with this by using a pc and two or three NIC cards?



  • @scottalanmiller It is is more about building things from scratch, test, learn and be ready for skills advancement and future firewall failures (just saying).



  • @scottalanmiller said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    One of the key purposes of a firewall is to protect the server, more than anything else. Essentially here there is no firewall

    Isn't Zentyal a firewall?



  • I tried PFSense, due to something was not working, I had to scratch my head, so went with Zentyal to give a try.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    I tried PFSense, due to something was not working, I had to scratch my head, so went with Zentyal to give a try.

    Have you tried opnsense? It is a fork of pfsense.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    @scottalanmiller It is is more about building things from scratch, test, learn and be ready for skills advancement and future firewall failures (just saying).

    What? Your original post clearly specified production only use, which is what every response had to do with.

    Now that you changed to usage to a non-production learning/test lab environment, behind a real firewall, that's fine. However, I'd question the benefit of bothering to learn how to use Zentyal in ways you'd never use or consider in production.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    @DustinB3403 This is not for file server, domain or printers but for Firewall mainly.

    What would make you use anything like this for only a firewall? There are great options for this, both full hardware (recommended) for so cheap that even a home user should be spending the small amount of money, and software that is free but actual routing software if you are in a situation where a tiny hardware spend is impossible (below normal home levels.)



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    @scottalanmiller It is is more about building things from scratch, test, learn and be ready for skills advancement and future firewall failures (just saying).

    Then use something that would be applicable in a business setting. Learning how to do this on Zentyal has no applicability in any real world scenario. It's just a regular general purpose Linux OS not well suited to networking use so anything you learn here is useless.

    If you feel this is something you want to learn, which I would suggest that it is not as what you'd do for any real business is not this style of thing, is get VyOS and use an actual router OS to do this so that the skills you learn are applicable to networking devices.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    @scottalanmiller said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    One of the key purposes of a firewall is to protect the server, more than anything else. Essentially here there is no firewall

    Isn't Zentyal a firewall?

    Anything IS a firewall. But it's a firewall with absolutely zero acceptable real world use case. It's not in any way designed or built to be a networking device, let alone a router. It's a firewall just like a Windows desktop is a firewall.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    I tried PFSense, due to something was not working, I had to scratch my head, so went with Zentyal to give a try.

    PFSense is also, IMHO, a bad idea. Same reasons. It's better, way better, because it is built off of FreeBSD which has a much higher performance networking stack. And PFSense has tons of work on it to make it acceptable as a firewall, but we still remove them every time we see them and replace them with hardware because they really aren't something you'd use outside of a lab.



  • @Obsolesce said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    However, I'd question the benefit of bothering to learn how to use Zentyal in ways you'd never use or consider in production.

    Exactly, even as a lab project this is a waste of time. No one has enough time to do enough stuff in a lab to get to a point where building worthless items is valuable. Learning VyOS or something like that would be different. Buying a $62 EdgeRouter-X would be better.

    https://www.amazon.com/Ubiquiti-EdgeRouter-Advanced-Gigabit-Ethernet/dp/B00YFJT29C/ref=sr_1_2?keywords=edgerouter+x&qid=1578761564&sr=8-2

    At $62 for something that's supported, works, and uses way less power you can't really justify considering Zentyal in production (and something never considered for production is the same as never considered for a lab) in the US or even in the third world where power costs are higher. In the US, the cost to acquire the X is so low, I could never spend fifteen minutes evaluating the need or I'd be wasting money. Just the time to install Zentyal is too costly to consider it. And in the third world, like Nicaragua, I could never consider Zentyal because of the lack of support parts and high power costs. The X is just so much cheaper to operate.



  • Thanks for driving me to right direction, I will look into VyOS (would be great if I can get some suggestions like VyOS to have more choice 🙂 )

    EdgeRouter seems a cheap and very worthy product, may suggest my friend as well, who used to setup small offices (with around 15 workstations). By the way for how many workstations it can handle the traffic, roughly with normal office operations? 30



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    Thanks for driving me to right direction, I will look into VyOS (would be great if I can get some suggestions like VyOS to have more choice )

    Literally don't know of anyone else doing this. The DIY routing market basically doesn't exist and is almost always considered a bad idea. AMD64 hardware is not considered good for networking, you want custom hardware. So having an OS like this isn't very useful. That one exists, like VyOS, makes sense because it's not a zero market, but it is such a niche market that there is good reason that nothing else exists once the one product out there is both really good and open source (and free.) Just no reason for anyone to try to compete.

    VyOS is a sibling of EdgeOS (Ubiquiti gear), they are both descended from the same parent product.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    By the way for how many workstations it can handle the traffic, roughly with normal office operations? 30

    EdgeRouter line would handle offices of a hundred thousand. This is big time gear. This isn't the toy stuff you are used to with Cisco and other silly products for resellers. This is actual quality stuff.

    But keep in mind, all routing is done by line speed, never user count. Any vendor using user count in their marketing thinks of their users like home users, not selling to IT departments. We should never talk about routers in terms of number of users because a single user can use more than any router made today, or a million users might be able to work from a $95 device - the number of users just isn't a factor. But how they use it and what kind of line it is, is what matters.



  • @openit said in Zentyal community edition - is ok for production? and using VLAN with Zentyal.:

    EdgeRouter seems a cheap and very worthy product, may suggest my friend as well, who used to setup small offices (with around 15 workstations).

    As well as... what? Absolutely it would not be okay to use anything he builds himself. One is the best default option, one is nearly the worst.


Log in to reply