![]() ![]() ![]() but always growing and a much more "works out of the box" type of experience. Unifi Dream Machines - much more rudimentary in their capabilities at this point than the above solutions. The Sophos setup is very capable, and if you want all-in-one with category-based web filtering, I'd go this route.Ĥ. if you were to run Unifi APs, a cloud key or some other Unifi Network host solution would be required). This route also lets you run Sophos APs without any additional software/hardware (e.g. No catches, except a limit to 4 cpu cores / 6GB RAM utilization (can have more cores/RAM in the machine, but XG home won't use them). Sophos XG Home - a full enterprise-grade firewall for free. I think OPNSense has a lot more plugin options, but the ones available for pfSense are supposed to be good.ģ. Bottom line, pfSense is a little more well-known in the Enterprise space and potentially slightly more reliable, but the open-source end of the project is getting less attention as they migrate everything to closed-source pfSense Plus - still free for home use, though. You can read until you're blue in the face about differences between pf and OPN. pfSense - the more Enterprise-focused pseudo-open-source project. OPNSense - arguably the most "FOSS" solution out there, lots of packages available, good reputation, but little-used in the Enterprise spaceĢ. ![]() Other products do exist, but as I've never had an issue with pfsense I haven't looked into any of them myself.įor home use, I can't see paying for more than just hardware, and in that realm you have four well-known options:ġ. Obviously if you do want to use VLANs, you then have the extra expense of managed switches and more expensive access points. I'd say with confidence that i'd be very surprised if you can find anything you want to do that pfsense can't handle, but for the majority of use cases I wouldn't bother with the effort. Personally I run pfsense in a VM, but the only reason I bother is I have two WAN connections configured in a load balance/failover mode, I also have separate VLANs for domestic and working from home as I run a site to site VPN to the office, phone goes into a port secured into that network, laptop joins wifi in that VLAN and the family stuff is firewalled to stay out of it. If you're looking at dealing with outound traffic, you're looking into proxy servers really, pfsense can add squid to do this and you'll need to generate certificates and install them manually on each device in your house (unless you want to setup a domain controller and deploy certs via group policy). I'd suggest most people would do better investing in decent wireless access points to improve their domestic Internet experience than looking into fancy firewalls. Reasons to look at something fancy might be that you need to support a crazy number of simultaneous connections and low cost routers don't have the memory to cope (for home I'd be surprised if this is the case), as mentioned above scheduled firewall rules, enhanced logging for diagnostics, VLAN support or VPN support (inbound to connect to home remotely). The basics of dropping unsolicited packets is all most people need, so you're likely covered. Basic port forwarding can be done on anything, but unless you're hosting services from home almost nothing needs that doing any longer. Most people do fine with an ISP supplied router/nat device in all honesty, so it depends how complex you want your home network to be. I do see they list VPN throughput as 500Mbps based on that I would expect WAN throughput also caps out at a similar value. Their website is very spammy marketing ish. I am not familiar with Firewalla as a brand but the lack of technical specifications on their website isn't something that strikes confidence for me. ![]() It's a $600ish product, but it looks amazing and seems to have all the bells and whistles I want.Įthernet throughput on the LAN side DOES NOT equal WAN throughput of a firewall. Yes, the higher throughput is one of the reasons I was looking at Firewalla, since they offer 4 x 2.5 G ethernet jacks on the Gold Plus. whatever you buy make sure it supports your WAN speeds with the services enabled that you need to use. One item to watch with many firewalls \ routers is that they choke on high speed connections unless you spend a huge amount of money. Since you mention having fiber into your house you probably have a higher throughput WAN connection. Being able to segment the network would also be great, if it meant I could keep IoT items on their own strict subnet, for example. Affordable would also be great, like say $500 or less, although I might be willing to pay a little more to get a good product. Best for me is something that would allow me a fair bit of control and flexibility, with ease of use in configuring rules so that I can easily and quickly allow traffic I want and block traffic I don't want. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |