You're hearing a lot about virtual private networks (VPNs) these days, whether it's from people who want to tunnel to another geographic area or people who want a secure connection to the internet. A VPN router is an attractive solution for small to midsize businesses (SMBs) that need secure communications because it allows the VPN tunnel to exist between two networks and it may also allow inbound secure connections for employees in the field.
But just because a box carries the moniker "VPN router," doesn't mean it's the right one for your business. In addition, just because it works and appears to create a secure tunnel doesn't mean it's actually secure or that it's the type of tunnel you need. As is the case with most things in IT, a great deal depends on the task you have in mind and how you need to accomplish it.
Consider the Linksys Smart Wi-Fi Router AC 1900 (WRT1900AC) wireless router that sits on a shelf in my office. This router includes three ways to handle VPNs. First, it supports VPN pass-through, which means that, if you have VPN software on your computer, then it will allow the tunnel to pass through to the internet. Second, this router can be configured to work as a VPN server or as a VPN client. It does not, however, offer much help in setting up those capabilities. Third, this router can run open-source DD-WRT software that essentially replaces the router's operating system and that way can provide additional features. But does that make it a good solution for your business?
Possibly not. While it will support VPN tunneling from your desktop computer or phone, you have to set up that VPN capability on each device as there's no central management. You can also configure the router to create a VPN connection to another location and then pass network traffic between the two locations. But there's only one such tunnel available; if that goes down or if it's oversubscribed, then you're basically out of luck because there's no failover and no load balancing.
A Better Business Solution
A better business solution might be the Linksys LRT224 Dual WAN Business Gigabit VPN Router , which supports two wide area network (WAN) connections, does load balancing and failover, and has a number of other security features that aren't available in home or consumer routers. For example, this router supports up to 45 tunnels, has an excellent firewall that allows filtering of inbound and outbound traffic, does content filtering, and can enforce minimum complexity levels for passwords and encryption keys.
Admittedly, the Linksys LRT224 isn't a wireless router, but you can add a wireless access point (AP) to your network and still spend less than you would for a high-end wireless router without that level of security, which is an interesting thought for cash-strapped SMBs.
But if your wallet isn't overly thin and you really need a wireless router with not only good VPN support but also the advanced security features that come with business-class routers, then you'll need to look at offerings from "big iron" vendors like Cisco. This company offers the Cisco Small Business RV260W VPN router that provides business-class VPN capabilities and security at an MSRP that's lower than some home routers. D-Link offers the D-Link DSR-1000AC wireless router for business at a similar price. However, both of those routers come with significantly complex operating and management systems that require IT-level skills to manipulate. This means the low MSRP price will go up once you factor in man-hours for configuration, deployment, and ongoing management.
Some business router makers even go beyond basic wireless routers into the world of Wi-Fi mesh network systems. The Netgear Orbi WiFi System AC2200 (RBK30) and the Linksys Velop Dual-Band Whole Home WiFi Mesh System are both self-configuring mesh wireless networks that offer the same business-class features you'd get with more traditional wireless networks.
Reasons to Use a Business-Class VPN Router
Ultimately, the rationale for a business-class VPN router boils down to having features that support the kind of networking operations that your particular business needs. These might include a higher level of security than you'd expect or need in a consumer environment, often prompted by the need for compliance to regulatory restrictions imposed by things such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). But as a baseline, the router also needs to support enough VPN sessions to make it useful to more than one employee, and it also needs to include the ability to configure and manage the VPN as well as integrate it with other security features, notably those pertaining to remote access and identity management.
Other key features include the ability to have multiple wireless networks available so that customers can have access to the company Wi-Fi bandwidth without compromising the business' production network. The router also needs to support as many employees on the wireless network as necessary (with room for growth), and be able to handle as many VPN tunnels as those employees require, even if it's almost all of them.
What's interesting is that there can be very little cost penalty involved with choosing a business-class VPN router over a consumer-grade router. The aforementioned Cisco Small Business RV260W VPN router is actually less expensive than the consumer routers aimed at gamers or movie watchers, but it has equal or better specifications. It has dramatically better security, and the ability to be managed as part of the overall company network. For example, the Cisco router, like the D-Link router and most other business routers, supports standard management features such as Simple Network Management Protocol (SNMP). For IT professionals, that's a boon; however, for consumers, it's practically irrelevant.
While you have to give up the snazzy design of the consumer routers if you go with a business-class choice, you'll end up getting a lot more that's useful—and you'll likely get it as a much better price. But what's more important is that, by going with a business-class VPN router, whether it's wireless or not, you take a significant step in maintaining the security of your business. The only drawback is that you'll need to make sure you've got the IT talent on staff that's required to take advantage of those capabilities. Frankly, in the current technology and security climate, that can be the best investment of all.