Also using pfsense, but mine is running on a tiny little appliance-style whitebox I built specifically for pfsense. It has 4 gigabit nic ports, six network segments (green trusted, green...
Also using pfsense, but mine is running on a tiny little appliance-style whitebox I built specifically for pfsense. It has 4 gigabit nic ports, six network segments (green trusted, green untrusted, orange dmz, blue wireless, red internet, violet vpn). I've been using pfsense (and that appliance) for almost ten years now. It's been awesome, and I must admit that I'm impressed it's managed to upgrade/preserve my rules and service configs since early 1.x through all of those software updates. I think I was using ipcop before pfsense, but switched because pfsense supported more interfaces more easily.
Interesting that you prefer pfsense to Sophos UTM, I've been meaning to check out Sophos' offerings since I liked their AV suite so much. Honestly the only single complaint I can think of for pfsense vs literally all other firewalls I've ever used is that it doesn't present a unified management interface. For example having four pfsense firewalls on your network and managing them centrally like with commercial firewall packages (such as checkpoint). I suppose being BSD-based hardware selection is also important, as the driver pool for BSD is still limited enough that you need to choose hardware carefully.
Frankly, pfsense's web UI puts most other web UIs (for any product) to shame. It's wonderful. Their docs and support forums are fantastic.
100% Ubiquiti - Edgerouter & AC-Lite access points. Can't recommend them highly enough. I have my apartment as well as a vacation house my family owns that I do the tech stuff for. There's an...
I have my apartment as well as a vacation house my family owns that I do the tech stuff for. There's an Edgerouter at each, and they've got a site-to-site OpenVPN tunnel between them. Once it's setup, everything "just works", including 2-way DNS resolution, so "home.lan" and "cabin.lan" addresses are resolvable and reachable in either location.
Nothing right now beyond what's built into the OS and router, but years ago I had an old desktop running m0n0wall. I don't remember much, but I do remember being pretty happy with it. Looks like...
Nothing right now beyond what's built into the OS and router, but years ago I had an old desktop running m0n0wall. I don't remember much, but I do remember being pretty happy with it. Looks like it hasn't had much forum or development activity in a while though.
pfSense on ESXi for router/firewall, Ubiquiti UniFi AC-Pro access point for wifi. Absolutely solid, dependable, great reception and speed anywhere in my house, which is something $250 wifi routers...
pfSense on ESXi for router/firewall, Ubiquiti UniFi AC-Pro access point for wifi. Absolutely solid, dependable, great reception and speed anywhere in my house, which is something $250 wifi routers have been consistently unable to deliver in my house. Has every single feature I could ever possibly want and more. QoS, IDS, VPN, pretty much every three letter acronym ever invented.
Sophos UTM VM, Pi-hole VM, Tomato OS on Netgear router, and eero access points that I got when eero was still a Kickstarter product. It's kind of a kluge, but the speed and reliable mesh coverage...
Sophos UTM VM, Pi-hole VM, Tomato OS on Netgear router, and eero access points that I got when eero was still a Kickstarter product. It's kind of a kluge, but the speed and reliable mesh coverage on eero APs is fantastically cost-effective for an all-concrete house, and I haven't taken the time to do better right now.
I may be able to get a decent, relatively new SonicWall to play with through work, as we've switched to Check Point, but frankly, both of them should die in a fire for all the bugs.
I'm looking for something that can act as an OpenVPN client with a whitelist. Ideally I'd have most traffic run through a VPN unless the destination IP/port/protocol matched certain patterns. This...
I'm looking for something that can act as an OpenVPN client with a whitelist. Ideally I'd have most traffic run through a VPN unless the destination IP/port/protocol matched certain patterns. This way I could have everything but my video games run through a VPN. Does anyone know of some software/hardware that would allow for this?
All of my personal computers run OpenBSD, so I just use a basic pf config that allows all outgoing, denies all incoming from the internet, and only allows incoming SSH from 192.168.1.*. It isn't a...
All of my personal computers run OpenBSD, so I just use a basic pf config that allows all outgoing, denies all incoming from the internet, and only allows incoming SSH from 192.168.1.*. It isn't a terribly sophisticated setup, but I figure it's better than nothing.
Also using pfsense, but mine is running on a tiny little appliance-style whitebox I built specifically for pfsense. It has 4 gigabit nic ports, six network segments (green trusted, green untrusted, orange dmz, blue wireless, red internet, violet vpn). I've been using pfsense (and that appliance) for almost ten years now. It's been awesome, and I must admit that I'm impressed it's managed to upgrade/preserve my rules and service configs since early 1.x through all of those software updates. I think I was using ipcop before pfsense, but switched because pfsense supported more interfaces more easily.
Interesting that you prefer pfsense to Sophos UTM, I've been meaning to check out Sophos' offerings since I liked their AV suite so much. Honestly the only single complaint I can think of for pfsense vs literally all other firewalls I've ever used is that it doesn't present a unified management interface. For example having four pfsense firewalls on your network and managing them centrally like with commercial firewall packages (such as checkpoint). I suppose being BSD-based hardware selection is also important, as the driver pool for BSD is still limited enough that you need to choose hardware carefully.
Frankly, pfsense's web UI puts most other web UIs (for any product) to shame. It's wonderful. Their docs and support forums are fantastic.
I hear pfSense is good. What do you like the best about it? Do you have those two nics total plus the onboard Nic or two nics total?
100% Ubiquiti - Edgerouter & AC-Lite access points. Can't recommend them highly enough.
I have my apartment as well as a vacation house my family owns that I do the tech stuff for. There's an Edgerouter at each, and they've got a site-to-site OpenVPN tunnel between them. Once it's setup, everything "just works", including 2-way DNS resolution, so "home.lan" and "cabin.lan" addresses are resolvable and reachable in either location.
Nothing right now beyond what's built into the OS and router, but years ago I had an old desktop running m0n0wall. I don't remember much, but I do remember being pretty happy with it. Looks like it hasn't had much forum or development activity in a while though.
pfSense on ESXi for router/firewall, Ubiquiti UniFi AC-Pro access point for wifi. Absolutely solid, dependable, great reception and speed anywhere in my house, which is something $250 wifi routers have been consistently unable to deliver in my house. Has every single feature I could ever possibly want and more. QoS, IDS, VPN, pretty much every three letter acronym ever invented.
Sophos UTM VM, Pi-hole VM, Tomato OS on Netgear router, and eero access points that I got when eero was still a Kickstarter product. It's kind of a kluge, but the speed and reliable mesh coverage on eero APs is fantastically cost-effective for an all-concrete house, and I haven't taken the time to do better right now.
I may be able to get a decent, relatively new SonicWall to play with through work, as we've switched to Check Point, but frankly, both of them should die in a fire for all the bugs.
I'm looking for something that can act as an OpenVPN client with a whitelist. Ideally I'd have most traffic run through a VPN unless the destination IP/port/protocol matched certain patterns. This way I could have everything but my video games run through a VPN. Does anyone know of some software/hardware that would allow for this?
All of my personal computers run OpenBSD, so I just use a basic pf config that allows all outgoing, denies all incoming from the internet, and only allows incoming SSH from 192.168.1.*. It isn't a terribly sophisticated setup, but I figure it's better than nothing.