ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Home Network Firewall Options

    Scheduled Pinned Locked Moved IT Discussion
    118 Posts 17 Posters 30.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Jason
      last edited by

      @Jason said:

      @jyates said:

      @wirestyle22

      @JaredBusch said:

      @Dashrender said:

      PFSense is a good free option, but it requires you provide your own PC class hardware, and the power bill will probably be 10X or more than an ERX.

      This right here.

      pfSense is a great solution but requires hardware that will cost you more than an ERX ever will.

      Drop another $80-$90 on an UAP-AC-LITE and you have a rock solid home network running basic enterprise hardware.

      Sophos has the same options. Free, but requires a machine to run on.

      https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

      It's a resource hog...

      Anything labelled UTM would be. UTMs really can't be used on anything but super slow connections. It's one of the many reasons many of us feel that the entire UTM concept is a silly and dead one.

      NashBrydgesN 1 Reply Last reply Reply Quote 2
      • wirestyle22W
        wirestyle22 @Deleted74295
        last edited by

        @Breffni-Potter said:

        I was getting 38 when I'm expected to get a 40 down line at home. 100+ MB is not common here yet.

        This was with all the IPS, gateway AV, content filtering on.

        Do you remember the spec of the machine? Mine was a core 2 duo, with 2 dedicated gigabit cards for in/out, though it did have a 32GB SSD.

        150 up 150 down here ^_^

        Deleted74295D 1 Reply Last reply Reply Quote 0
        • Deleted74295D
          Deleted74295 Banned @wirestyle22
          last edited by

          @wirestyle22 said:

          150 up 150 down here ^_^

          Don't rub it in you 🙂

          1 Reply Last reply Reply Quote 2
          • NashBrydgesN
            NashBrydges @scottalanmiller
            last edited by

            @scottalanmiller said:

            @Jason said:

            @jyates said:

            @wirestyle22

            @JaredBusch said:

            @Dashrender said:

            PFSense is a good free option, but it requires you provide your own PC class hardware, and the power bill will probably be 10X or more than an ERX.

            This right here.

            pfSense is a great solution but requires hardware that will cost you more than an ERX ever will.

            Drop another $80-$90 on an UAP-AC-LITE and you have a rock solid home network running basic enterprise hardware.

            Sophos has the same options. Free, but requires a machine to run on.

            https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

            It's a resource hog...

            Anything labelled UTM would be. UTMs really can't be used on anything but super slow connections. It's one of the many reasons many of us feel that the entire UTM concept is a silly and dead one.

            I've been running Sophos UTM on a 300/100Mbps connection at home (certainly not a slow connection) and easily get full bandwidth usage with everything turned on. Granted I'm running it on a Dell R210 II and it is a bigger resource hog, but for home, I want all of that turned on, especially with teenagers who don't care about sites they visit or what they download. In the SMB (closer to S than M or B of SMB anyway) I've found the UTM approach anything but silly. The simplicity of management is a huge bonus.

            Deleted74295D 1 Reply Last reply Reply Quote 0
            • Deleted74295D
              Deleted74295 Banned @NashBrydges
              last edited by

              @NashBrydges said:

              In the SMB (closer to S than M or B of SMB anyway) I've found the UTM approach anything but silly. The simplicity of management is a huge bonus.

              The problem I find with UTMs is they need to be monitored and watched to be used properly. If an attacker is really trying to break in, do you want to hope the magic box works? Or is there monitoring to spot suspicious activity and react to it.

              UTMs are a magic box that I'm seeing over-sold, I myself got suckered into buying one and actually, it provides no performance or security benefits to the organisation it protects because the monitoring and reacting that you need to do, is not being done.

              NashBrydgesN 1 Reply Last reply Reply Quote 1
              • DashrenderD
                Dashrender
                last edited by

                I too went the way of the UTM last time. Sure it did website filtering, but management complained about it.. and DAMN, the vendor wanted 90% the original cost to renew the updates, etc.

                I've dumped those and moved to ERLs.

                The idea of the LANless design encourages us to do other things to secure our endpoints.

                Removing admin rights from those teens machines should offer a fair amount of protection.

                1 Reply Last reply Reply Quote 3
                • NashBrydgesN
                  NashBrydges @Deleted74295
                  last edited by

                  @Breffni-Potter said:

                  @NashBrydges said:

                  In the SMB (closer to S than M or B of SMB anyway) I've found the UTM approach anything but silly. The simplicity of management is a huge bonus.

                  The problem I find with UTMs is they need to be monitored and watched to be used properly. If an attacker is really trying to break in, do you want to hope the magic box works? Or is there monitoring to spot suspicious activity and react to it.

                  UTMs are a magic box that I'm seeing over-sold, I myself got suckered into buying one and actually, it provides no performance or security benefits to the organisation it protects because the monitoring and reacting that you need to do, is not being done.

                  Totally agree that they're too often seen as a magic box but that's a user problem, not a technology problem. I wouldn't recommend a UTM without the appropriate oversight.

                  1 Reply Last reply Reply Quote 0
                  • NETSN
                    NETS
                    last edited by

                    So without a UTM device how are you monitoring the network and locking down the traffic?

                    I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment

                    J DashrenderD scottalanmillerS 4 Replies Last reply Reply Quote 0
                    • J
                      Jason Banned @NETS
                      last edited by

                      @NETS said:

                      So without a UTM device how are you monitoring the network and locking down the traffic?

                      I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment

                      Netflow on your router then another device (IDS/IPS) can look at traffic and modify to block it if needed. Ours is actually called a Network Behavior Anomaly Detection. There's open source ones too I'm sure.

                      1 Reply Last reply Reply Quote 1
                      • DashrenderD
                        Dashrender @NETS
                        last edited by

                        @NETS said:

                        So without a UTM device how are you monitoring the network and locking down the traffic?

                        I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment

                        In the SMB, one idea floated is to move way from the LAN altogether to a LANless design. Don't trust the local or any network. Protecting people from the websites they visit is difficult at best and impossible at worst, it's a moving target, and normally good site can be hacked and and suddenly start dishing out bad stuff.

                        scottalanmillerS 1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller @NETS
                          last edited by

                          @NETS said:

                          So without a UTM device how are you monitoring the network and locking down the traffic?

                          1. What is the actual need here? A firewall already monitors and locks down the traffic. Those are not UTM functions.
                          2. With a UTM, how are you doing it?
                          NETSN 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @NETS
                            last edited by

                            @NETS said:

                            I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment

                            Sure, but a firewall is just as easy. So what's the benefit to the UTM? UTMs are costly and often introduce big bottlenecks to the network. In what way do you see them justifying their extra cost to purchase and maintain?

                            1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said:

                              @NETS said:

                              So without a UTM device how are you monitoring the network and locking down the traffic?

                              I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment

                              In the SMB, one idea floated is to move way from the LAN altogether to a LANless design. Don't trust the local or any network. Protecting people from the websites they visit is difficult at best and impossible at worst, it's a moving target, and normally good site can be hacked and and suddenly start dishing out bad stuff.

                              Not just in the SMB, but the SMB will lead here but the nature of being easier to be agile.

                              1 Reply Last reply Reply Quote 0
                              • larsen161L
                                larsen161 @wirestyle22
                                last edited by

                                @wirestyle22 I've managed to kit out my home network entirly with Meraki gear I've acquired through webinars and cheap eBay sales. Currently using an MX60 which I picked up for £40 that included a little less than 1yr of the Advanced Security license on it.

                                1 Reply Last reply Reply Quote 1
                                • dafyreD
                                  dafyre
                                  last edited by

                                  We had a UTM applicance that was excellent for web filtering and sucked big time for IPS.

                                  I cut the IPS off and ran Snort / Suricata for a few years in-line so I could actively block the attacks and things like P2P It was awesome. Sadly, our Badnwidth outpaced the hardware and we had it converted to an IDS out of band so it just monitored.

                                  I am a HUGE believer in knowing what is going on on your network. Get something in place, even if it can only see what is going on and alert you.

                                  wirestyle22W 1 Reply Last reply Reply Quote 2
                                  • wirestyle22W
                                    wirestyle22 @dafyre
                                    last edited by

                                    @dafyre said:

                                    I am a HUGE believer in knowing what is going on on your network. Get something in place, even if it can only see what is going on and alert you.

                                    This.

                                    1 Reply Last reply Reply Quote 0
                                    • wirestyle22W
                                      wirestyle22
                                      last edited by wirestyle22

                                      I've been playing with my ERX. It's pretty amazing for $60. Looking into purchasing their UAP-AC-LITE as per @JaredBusch

                                      DashrenderD 1 Reply Last reply Reply Quote 2
                                      • DashrenderD
                                        Dashrender @wirestyle22
                                        last edited by

                                        @wirestyle22 said:

                                        I've been playing with my ERX. It's pretty amazing for $60. Looking into purchasing their UAP-AC-LITe as per @JaredBusch

                                        I have one, it's awesome!

                                        JaredBuschJ 1 Reply Last reply Reply Quote 1
                                        • JaredBuschJ
                                          JaredBusch @Dashrender
                                          last edited by

                                          @Dashrender said:

                                          @wirestyle22 said:

                                          I've been playing with my ERX. It's pretty amazing for $60. Looking into purchasing their UAP-AC-LITe as per @JaredBusch

                                          I have one, it's awesome!

                                          I have a ERX/UAP-AC-LITE combo sitting net to me righ tnow to configure up this morning

                                          1 Reply Last reply Reply Quote 3
                                          • wrx7mW
                                            wrx7m
                                            last edited by

                                            I have been running an ERX for a couple of weeks and it really is great for the money. I also have a UAP-AC-LR that I am having some issues with in terms of devices losing connectivity. Most of my stuff is hard-wired. My phone loses connectivity from what I can tell about once a day but my WiFi thermostat disconnects and won't reconnect, making it all but useless for 75% of the time. I saw an update was released as of 2-29 but that didn't fix the issue. I am going to hit up support to see what they recommend.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post