Firewalls recommendations for fast Inet connections

Networking and broadband talkabout. Need help with that new router or setting up a network?
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Firewalls recommendations for fast Inet connections

Post by Losbot »

I currently have an older Sonicwall TZ 215 which handles my two Internet connections. Once is 100Mb and the other is 200Mbit but I plan to upgrade that 200Mb to a 1Gb. The problem I have is that I can only get up to 100Mb on the 200 circuit because my firewall can't handle the speeds.

I don't thing I want to get another Sonicwall, because they get expensive so I was wondering what you guys are using. I need to be able to configure 2 WANs preferably.

Any suggestions while I look around online myself? I don't want to overlook any possibly good brands.

Thanks!
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Firewalls recommendations for fast Inet connections

Post by FlyingPenguin »

The Ubiquity Routers can be configured for load-sharing dual WANs. It was one of the configuration options on mine. You don't want the cute little $55 EdgerouterX I'm using because while it has gigabit ports, it can't do full gigabit bandwidth. You'll need one of the higher end ones.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Firewalls recommendations for fast Inet connections

Post by Losbot »

I'll look into those. I really don't want to load balance but I definitely want to specify a default WAN interface and have some static routes for certain types of traffic to go over the 2nd WAN. I was just about to look into those. Thanks Bob!
User avatar
psypher
Golden Member
Posts: 884
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Firewalls recommendations for fast Inet connections

Post by psypher »

Do you want something pre-packaged, plug in, configure and good to go? Or are you ok with doing a bit more work? If you don't mind dealing with procuring hardware and installing, then take a look at pfSense https://www.pfsense.org or Untangle https://www.untangle.com.

I run pfSense as a VM hosted on VMWare ESXi 6.5 on a Dell R610. The server is overkill, but I run other VMs on it (Web, SQL). You could use something considerably less powerful if that's the only thing it's doing.

I recently started playing around with untangle (a client of mine uses it). It's prettier, but I can't tell you much more than that.


Otherwise, go with Ubiquity. The enterprise gateway router is rack mount and under $400. I using their managed switch and two wireless APs and they've been great.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Firewalls recommendations for fast Inet connections

Post by FlyingPenguin »

I really don't want to load balance but I definitely want to specify a default WAN interface and have some static routes for certain types of traffic to go over the 2nd WAN
You can easily do that too. The Ubiquitis are a lot easier to configure now than they used to be. You used to have to write (or copy-paste) scripts, but now it can all be done from the CP by clicking on a wizard, and there's lots of tutorials on line for special cases.

I had no problem setting up two separate and isolated LAN segments (one trusted and one untrusted).

QoS config is also ridiculously easy (there ARE advanced settings but you generally don't need them). Set your max download and upload speeds (the router knocks 5% off the values you give it so you have a little wiggle room) and that's it.

They're also REAL proactive about firmware updates. I'm told there's a way to set it up to do auto-updates at a certain time but I prefer doing it manually. In this crazy cyber-attack environment we live in now, I check everything (APs, Router, NAS, the Nanobeams) for firmware updates on an every 2 month schedule.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: Firewalls recommendations for fast Inet connections

Post by Genom »

I have a variation of this:

https://www.amazon.com/Firewall-Applian ... i+computer

With pfSense installed. 1 port is for my normal switch/gear, and I setup another port as a DMZ for doing demos and testing when I need to send 150Mbit video streams, although it can handle msot anything. Handles 1Gb fiber just fine with 4GB RAM and 32GB SSD. Note the CPU does not supper AES so if thats important to you with pfSense, then you will have to spend about 100 bucks more on a model that has a newer CPU. But I havent had any issues with it in a couple years so far.

I tried untangle a year or so ago and it's pretty, but the hidden costs can pile on quikly in some cases. I didnt really need any of the paid services for my shit, but just a heads up.
User avatar
psypher
Golden Member
Posts: 884
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Firewalls recommendations for fast Inet connections

Post by psypher »

Genom wrote:I have a variation of this:

https://www.amazon.com/Firewall-Applian ... i+computer

With pfSense installed. 1 port is for my normal switch/gear, and I setup another port as a DMZ for doing demos and testing when I need to send 150Mbit video streams, although it can handle msot anything. Handles 1Gb fiber just fine with 4GB RAM and 32GB SSD. Note the CPU does not supper AES so if thats important to you with pfSense, then you will have to spend about 100 bucks more on a model that has a newer CPU. But I havent had any issues with it in a couple years so far.

I tried untangle a year or so ago and it's pretty, but the hidden costs can pile on quikly in some cases. I didnt really need any of the paid services for my shit, but just a heads up.
pfSense 2.5 will only work with AES-NI capable CPUs so if buying something new, it's probably best to go with something that will support future versions.

Maybe like this? https://www.amazon.com/Firewall-Micro-A ... ZMQP7SVY3S
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: Firewalls recommendations for fast Inet connections

Post by Genom »

Yup. Of course, v2.5 has to come out first. I may update the machine or I may move over to OPNsense since I dont depend on a lot of third party apps for pfsense, and my main outside the firewall use is ad blocking and I can make a pi-hole for that or setup some hosts downloading scrips that are out there.

Probably try opnsense again over xmas when I have some days off.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Firewalls recommendations for fast Inet connections

Post by Losbot »

It would be nice if these "firewall appliances" for pfSense came in a rack mountable format. Tired of all these small boxes piling up on my rack's shelf. lol
I see they sell their own but much more expensive. For that, I'd probably go with something else. LOL
User avatar
psypher
Golden Member
Posts: 884
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Firewalls recommendations for fast Inet connections

Post by psypher »

Losbot wrote:It would be nice if these "firewall appliances" for pfSense came in a rack mountable format. Tired of all these small boxes piling up on my rack's shelf. lol
I see they sell their own but much more expensive. For that, I'd probably go with something else. LOL
If you have a rack, then pick up a used Dell server. (I have a vendor I've been buying from for years now) I use an R610 for mine. Load up vmware ESXi on it and run it as a VM. Makes it easier to deal with backing it up, snapshots before upgrades, etc...
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: Firewalls recommendations for fast Inet connections

Post by Genom »

Yeah, I see tons of decommissioned 1RU servers that have more than enough horsepower for it, usually for pretty cheap. Just saw a Proliant 360 for like 70 bucks shipped with 2 3Ghz Xeons, 4GB RAM and a 73GB HD. More than enough to run pfsense. Just add a NIC card for 100 bucks and bam.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Firewalls recommendations for fast Inet connections

Post by Losbot »

My only issue with those is that I have to sit like 10ft away from that rack in my office and those Dells can get loud.
User avatar
psypher
Golden Member
Posts: 884
Joined: Sun Nov 02, 2014 1:05 pm
Location: Marietta

Re: Firewalls recommendations for fast Inet connections

Post by psypher »

Losbot wrote:My only issue with those is that I have to sit like 10ft away from that rack in my office and those Dells can get loud.
ha, yea they are loud. My rack sits in the basement.
User avatar
Genom
Steely Eyed Missile Man
Posts: 866
Joined: Thu Aug 28, 2014 4:14 pm
Location: Hotlanta

Re: Firewalls recommendations for fast Inet connections

Post by Genom »

Always an option on some of them to manage thermals manually. It's not like a firewall is gonna stress the CPU much so you can crank the fans way down, or stop them entirely in some cases.
User avatar
Losbot
Almighty Member
Posts: 4991
Joined: Sun Jul 13, 2014 8:59 am
Location: South Florida

Re: Firewalls recommendations for fast Inet connections

Post by Losbot »

I wish I had a basement. Hopefully when I eventually move out of South Florida.
Post Reply