Suggest me a firewall

G

Genisys

Honorary Master
Joined
Jan 12, 2016
Messages
11,551
Reaction score
1,811
Location
There
Ok, so I have decided to get rid of my PFsense instance, as the complication involved was starting to become an issue (had vlans for everything). So I moved over to my Mikrotik, but feel a firewall is a good idea.

What will be the most cost effective firewall for home use? I love Rack mount equipment, and have been looking at the USG-PRO-4, but that is a little expensive. Any other rack mount firewall alternatives?

It will connect to a VPN, and my LTE and ADSL account. It won't have to load balance, just use the LTE for incoming connections.
 
Honestly, just use the firewall on the Mikrotik? You already have the infrastructure, use it.
 
Dirty Harry101 said:
Honestly, just use the firewall on the Mikrotik? You already have the infrastructure, use it.
Click to expand...
Issue is, I can't get more than 1 Ether port to work for wan. Only allows Ether 1, and nothing else. I was thinking of getting a CCR, but those are very expensive.
 
What are you looking for the firewall to do exactly
 
More or less:

1. Allow multiple Wan interfaces
2. In some instances route gaming traffic over separate WAN - I'll script this
3. Block incoming traffic when not permitted - want to host a small mail server at home for personal emails
4. VPN server
5. SNMP
6. Do some DPI to see what types of traffic goes out.
 
Get a dedicated pfsense box, you should find some decent low power dual celeron stuff on carbonite.
 
Cisco ASA 5506-X bit expensive but if you got the cash it will do you justice
 
MickZA said:
Get a dedicated pfsense box, you should find some decent low power dual celeron stuff on carbonite.
Click to expand...
I like that idea. I used an N40L, but feel the Vlan setup was getting silly. I wanted to add a 3rd wan, and it didn't work as expected (I ran out of ports on my switch).Maybe I should just get an 8 port Gigabit Smart/managed switch.
 
Genisys said:
I like that idea. I used an N40L, but feel the Vlan setup was getting silly. I wanted to add a 3rd wan, and it didn't work as expected (I ran out of ports on my switch).Maybe I should just get an 8 port Gigabit Smart/managed switch.
Click to expand...

Are you running pfsense across a single NIC? Is that why you are Vlanning like crazy?
 
Genisys said:
Yes, single NIC.
Click to expand...

Then honestly, as above get yourself a small 2.4Ghz or above celeron server type on carbonite.
Get a dual or quad network card.

I got myself this one:
RouterBOARD 44Ge with 4 Gb LAN ports

and it's working beautifully in a Dell T20 microserver that I got specifically to purpose. There you can define any network on any interface with routing and the whole shebang.

Especially because you're now wanting to do multiple paths to different gateways etc. pfSense can do everything you need.
 
Genisys said:
More or less:

1. Allow multiple Wan interfaces
2. In some instances route gaming traffic over separate WAN - I'll script this
3. Block incoming traffic when not permitted - want to host a small mail server at home for personal emails
4. VPN server
5. SNMP
6. Do some DPI to see what types of traffic goes out.
Click to expand...

You have Mikrotik and Mikrotik can do this all.

Load balacing is different story on Mikrotik.

I currently run 2 x PPPOE out same interface but you can do multiple wan ports.
Routing gaming traffic through specific wan link is easy. Can use pre routing.
Block incoming traffic- normal filter rules with drop action.
VPN server - Mikrotik has PPTP, L2TP built in.
SNMP - yup can be done.
Get good SNMP program and then see what type of traffic is going out.
 
I thought I was the only one routing for the Mikrotik. I'll be honest, It would take me some time to get this setup going as I dont have the luxury of playing with this kind of setup, but I knwo it can be done.

HApyM3al is on the money there. It is a relatively easy setup. Mikrotiks are very capable little devices, if setup properly.
 
Dirty Harry101 said:
I thought I was the only one routing for the Mikrotik. I'll be honest, It would take me some time to get this setup going as I dont have the luxury of playing with this kind of setup, but I knwo it can be done.

HApyM3al is on the money there. It is a relatively easy setup. Mikrotiks are very capable little devices, if setup properly.
Click to expand...

Once you go Mikrotik... you'll throw every other router in the bin... trust me on that one...
 
Well, I havn't quite been able to compare or anything like that.
I know Mikrotik from my wireless ISP days, so about 3years no I am using it, but for the price you pay and the usability you get, its difficult to find a replacement. So yeah, can understand when you say that. Just wish I could play more. I'll get there.
 
No I have done the MTCNA and what not. Just a matter of actually being able to play and apply it. I'd like to do the MTCRE course Miro is having next month.

Yeah google can help, but there's a lot of yappies out there that post ****. Also, the Mikrotik forum is useless at best.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X