Network Solutions: Wi-Fi, LAN, VPN and Firewalls

A high-quality network infrastructure is the basis for reliable, secure and efficient IT.

Requirements analysis and planning

Current requirements are taken into account and expandability for future demands is ensured. After the requirements analysis, we create a customized network design.

Hardware installation, cabling

Cabling of routers, switches and access points. Wi-Fi coverage measurements allow us to adjust and fine-tune access point placement.

Configuration

Setting up logical network areas and routing. Configuration is done using an automated DevOps/SDN approach via Ansible.

Maintenance and support

Continuous performance monitoring ensures smooth operation. We troubleshoot and perform regular upgrades to keep your network secure and reliable.

Let’s talk about your network

 
 

You are also welcome to directly send an email to office@foundata.com or call us on +49 721 7540 7430 (Mon–Fri, 9:30 am–5 pm). Your data will only be used to process your request and not be transferred to any third party (as described in our privacy statement).

Basic network services

Wi-Fi: Planning, construction, commissioning

Many Wi-Fi installations are subject to avoidable errors which have nothing to do with the price segment of the access points and Wi-Fi controllers. We take a structured approach and ensure that we build the optimal solution for your requirements and budget:

  1. Clear definition of coverage areas: In which rooms and outdoor areas is WiFi required?
  2. Defining a minimum reception level: End devices such as laptops or industrial hand-held scanners have significant differences in their minimum reception properties, which is why it is advisable to survey the target devices. Although almost all device manufacturers specify data for the 2.4 GHz and 5 GHz band (e.g. -65 dBm), this is often ignored in practice. This is based on the minimum reception level in order to place access points and achieve stable reception in the defined coverage area, which may not be suitable without a survey. In a worst-case scenario with an unknown fleet of devices (e.g. with a BYOD concept), exemplary minimum reception properties should be specified and, if necessary, planned with more access points.
  3. Correct alignment and mounting: Access points with built-in antennas should usually be mounted horizontally/flat. Only a few models should be used vertically, but they often end up in a vertical position on the wall. Incorrect assembly has a considerable influence on the signal and compliance with the planned minimum reception level. The radiation properties of the installed access points should be taken into account. Nevertheless, incorrect assembly is one of the most common errors in practice.
  4. Measurements for verification and optimization: Not everything can be planned. It is essential to examine the spectrum for sources of interference or signal attenuations which may not be obvious. Planned access point locations must be verified and, if necessary, optimized.
  5. Planned channel selection, appropriately low transmission power: The channels of the neighboring access points must be different in order not to interfere with one another. In the case of transmission power, a value that is too high is usually harmful.1 Rest assured that our measurements and experience will achieve an optimal density of access points, the channels used, channel widths and transmission power. As you can see, a good, stable WiFi network can be implemented with inexpensive hardware (e.g. UBNT UniFi and TP-Link Omada). Of course, high-priced solutions from HPE Aruba or Cisco also have their place. We’re here to assist you.

Wired Networks: Planning, structured cabling, commissioning

No matter the size of your business, you usually need a wired network. Structured network cabling is an organized system for connecting devices within a building or on a campus.

As a rule, we work in small and medium-sized environments with star cabling or topology, in which all rooms and servers have cable connections that converge directly at a central switching point (core router) in a rack. This offers high reliability (e.g. cable damage affects only one room) and is easy to maintain. We work with local partners for LAN cabling with copper and LWL/Glass fiber.

Structured cabling also plays an important role for wireless networks (Wi-Fi). In order to transmit the data sent or received via WiFi, the access points must be connected to a powerful network backbone via an uplink. Many devices also require network cables for the power supply (Power over Ethernet, PoE). The quality and organization of the network cabling therefore directly affects the performance and reliability of the WiFi, which is why professional structured network cabling is also important for an efficient and reliable WiFi.

VPN

Road Warrior

Remote working has become the norm and it is of the utmost importance that your employees can access the corporate network securely, quickly and easily, wherever they may be. A Virtual Private Network (VPN) is a great solution to achieve just that. foundata helps you to set up a user-friendly VPN, which gives your employees external encrypted access to your company IT. Such solutions are commonly referred to as “road warrior” VPNs.

For the implementation of Road Warrior VPNs we use OpenVPN as well as WireGuard.

Site networking (site-to-site)

Networking different locations via a site-to-site VPN enables stable data transmission between locations. In this way, a company-wide, cross-location network is set up. Site-to-site VPNs help you create a uniform, secure, and efficient corporate network, wherever you may be located. For this we use IPsec oder WireGuard.

OpenVPN

OpenVPN Logo
OpenVPN® is a trademark of OpenVPN Inc.

OpenVPN is a widely used and robust TLS/SSL-VPN protocol. It supports various encryption standards and enables fine-grained control over network settings and security parameters.

OpenVPN is characterized above all by its comprehensive compatibility. It can be used on a variety of operating systems and devices. Official clients are also available for mobile phones, which are continuously being further developed and improved by an active open source community around OpenVPN Inc. Many proprietary VPN solutions also use OpenVPN internally (you can get the original from us).

Obwohl WireGuard mit seinem Roaming-Verhalten gerade bei Road-Warrior-VPNs immer beliebter wird, betreiben wir OpenVPN wegen seiner unerreichten Kompatibilität und Client-Verfügbarkeit gerne mindestens parallel, um sicherzustellen, auch alle benötigten Endgeräte anbinden zu können.

WireGuard

WireGuard Logo
WireGuard® is a trademark of Jason A. Donenfeld

WireGuard is a modern VPN protocol that, in addition to security, aims for efficiency and simplicity. It uses state-of-the-art encryption and is easy to audit due to its lightweight code, making it potentially less vulnerable to security breaches. It quickly asserted itself alongside already established VPN protocols. The built-in roaming should be emphasized, with which the clients can maintain the VPN connection without packet loss and reconnection even if they switch between different networks (e.g. LTE, Wi-Fi and LAN). This is a huge advantage, especially in Road-Warrior setups.

2-Factor Authentication (2FA) for OpenVPN and IPsec

Based on OPNSense, we implement two-factor authentication using Time-based-One-Time-Password (TOTP). This allows us to secure VPN access in Road-Warrior setups. Thanks to its compatibility with well-known TOTP authenticator apps such as Google Authenticator, the solution also benefits from a high level of acceptance among end users.

Firewall

A firewall is your first line of defense and is a vital part of any network infrastructure. A well-designed and properly configured firewall can thwart numerous attacks, accommodate misconfiguration of server services, thereby securing your networks. Our experts at foundata have extensive experience in planning and implementing firewalls. Our vendor independence enables us to use the best products and technologies on the market.

OPNSense

OPNSense Logo
OPNSense is a trademark of Deciso B.V.

OPNsense is an open source firewall and routing platform based on FreeBSD. It offers extensive security features and is known for its stability, reliability and ease of use. OPNSense is therefore our firewall solution of choice.

OPNSense offers extensive functionality including VPN with 2-factor authentication, traffic shaping, intrusion detection and prevention and is ideal for small and medium-sized businesses looking for a robust and customizable firewall solution.

Network Automation with Ansible

Ansible Logo
Ansible® is a trademark of Red Hat Inc.

Ansible is an open source automation tool. It uses a simple but powerful syntax (YAML) to describe the target state of systems.

Ansible does not require any agent software on the target systems, which simplifies administration and maintenance in network environments considerably. It can be used to manage configurations, automate routine tasks, and quickly deploy network services. Ansible supports a variety of network devices.

With Ansible, we ensure that your network configuration can be used in a traceable and idempotent manner in order to achieve the desired target state. The integration in modern CI/CD workflows is a matter of course for us.

In particular, foundata has extensive experience in the automation of Cisco Application Centric Infrastructure (ACI) and TP-Link Omada. In addition, we have extensive automation practice in the legacy area (old Cisco IOS versions, HPE Comware version 5 and higher) and code inventories.

  1. It doesn’t make sense if end devices can see access points but don’t have enough power to respond to the signals properly. This creates well-known effects such as “full Wifi signal but the video is jumpy”. ↩︎