Re: Firewalls recommendations for fast Inet connections
Posted: Sat Jun 08, 2019 8:34 am
Well I've joined the pfSense universe. I love that little Ubiquiti EdgeRouter X, but I want to start implementing some additional features that it doesn't have the horsepower for. I'd like to setup my own OpenVPN for one thing, and and do some more advanced logging and some intrusion detection/prevention. Also, we're supposed to have 1Gbit available from Comcast around here soon, and that EdgeRouter X maxes out at around 500Mbit - even less with QoS enabled. QoS is actually choking it a bit right now at my 200Mbit bandwidth.
It's a bit overkill but after a lot of soul searching I decided to go with the monster SG-5100. I was thinking of getting the SG-3100 to save money, but reading up on it, it sounds like it would be a little underpowered for everything I want to do AND a 1Gbit connection. Plus I like the idea of having the extra 3 ports to play with. I could see the utility of setting up a 3rd LAN segment for the Nanobeam connection to the old house, to isolate it from the trusted and guest LANs at the main house.
Pricey, but it was on sale for $100 off, and I had a credit with them for another $100 which helped.
Was up late last night configuring it. Took me a while to figure out how to setup one of the extra ports as a Guest network with a separate LAN segment, but I figured it out (one nice thing about the Ubiquiti, it has a wizard built in for two networks).
I must say, I like the elegant way the firewall rules work in pfSense. Now I need to play with traffic shaping.
The old Ubiquiti will stay on the shelf as a spare in case something nukes the new router.
https://www.netgate.com/solutions/pfsense/sg-5100.html
It's a bit overkill but after a lot of soul searching I decided to go with the monster SG-5100. I was thinking of getting the SG-3100 to save money, but reading up on it, it sounds like it would be a little underpowered for everything I want to do AND a 1Gbit connection. Plus I like the idea of having the extra 3 ports to play with. I could see the utility of setting up a 3rd LAN segment for the Nanobeam connection to the old house, to isolate it from the trusted and guest LANs at the main house.
Pricey, but it was on sale for $100 off, and I had a credit with them for another $100 which helped.
Was up late last night configuring it. Took me a while to figure out how to setup one of the extra ports as a Guest network with a separate LAN segment, but I figured it out (one nice thing about the Ubiquiti, it has a wizard built in for two networks).
I must say, I like the elegant way the firewall rules work in pfSense. Now I need to play with traffic shaping.
The old Ubiquiti will stay on the shelf as a spare in case something nukes the new router.
https://www.netgate.com/solutions/pfsense/sg-5100.html