Suggest me a firewall

[Genisys]

Ok, so I have decided to get rid of my PFsense instance, as the complication involved was starting to become an issue (had vlans for everything). So I moved over to my Mikrotik, but feel a firewall is a good idea.

What will be the most cost effective firewall for home use? I love Rack mount equipment, and have been looking at the USG-PRO-4, but that is a little expensive. Any other rack mount firewall alternatives?

It will connect to a VPN, and my LTE and ADSL account. It won't have to load balance, just use the LTE for incoming connections.

 

[Dirty Harry101]

Honestly, just use the firewall on the Mikrotik? You already have the infrastructure, use it.

 

[Genisys]

Honestly, just use the firewall on the Mikrotik? You already have the infrastructure, use it.

Issue is, I can't get more than 1 Ether port to work for wan. Only allows Ether 1, and nothing else. I was thinking of getting a CCR, but those are very expensive.

 

[syntax]

What are you looking for the firewall to do exactly

 

[Genisys]

More or less:

1. Allow multiple Wan interfaces
2. In some instances route gaming traffic over separate WAN - I'll script this
3. Block incoming traffic when not permitted - want to host a small mail server at home for personal emails
4. VPN server
5. SNMP
6. Do some DPI to see what types of traffic goes out.

 

[MickZA]

Get a dedicated pfsense box, you should find some decent low power dual celeron stuff on carbonite.

 

[scoobs]

Cisco ASA 5506-X bit expensive but if you got the cash it will do you justice

 

[Genisys]

Get a dedicated pfsense box, you should find some decent low power dual celeron stuff on carbonite.

I like that idea. I used an N40L, but feel the Vlan setup was getting silly. I wanted to add a 3rd wan, and it didn't work as expected (I ran out of ports on my switch).Maybe I should just get an 8 port Gigabit Smart/managed switch.

 

[DMNknight]

I like that idea. I used an N40L, but feel the Vlan setup was getting silly. I wanted to add a 3rd wan, and it didn't work as expected (I ran out of ports on my switch).Maybe I should just get an 8 port Gigabit Smart/managed switch.

Are you running pfsense across a single NIC? Is that why you are Vlanning like crazy?

 

[Genisys]

Are you running pfsense across a single NIC? Is that why you are Vlanning like crazy?

Yes, single NIC.

 

[DMNknight]

Yes, single NIC.

Then honestly, as above get yourself a small 2.4Ghz or above celeron server type on carbonite.
Get a dual or quad network card.

I got myself this one:
RouterBOARD 44Ge with 4 Gb LAN ports

and it's working beautifully in a Dell T20 microserver that I got specifically to purpose. There you can define any network on any interface with routing and the whole shebang.

Especially because you're now wanting to do multiple paths to different gateways etc. pfSense can do everything you need.

 

[WAslayer]

it doesnt get any better than Ovule...

 

[Dirty Harry101]

ha ha ha ha ha. there's your firewall solution.

 

[Randy_The_Squirrel]

Honestly, just use the firewall on the Mikrotik? You already have the infrastructure, use it.

These days, I rather use Mikrotik... easier, and just less pain.

 

[HApyM3al]

More or less:

1. Allow multiple Wan interfaces
2. In some instances route gaming traffic over separate WAN - I'll script this
3. Block incoming traffic when not permitted - want to host a small mail server at home for personal emails
4. VPN server
5. SNMP
6. Do some DPI to see what types of traffic goes out.

You have Mikrotik and Mikrotik can do this all.

Load balacing is different story on Mikrotik.

I currently run 2 x PPPOE out same interface but you can do multiple wan ports.
Routing gaming traffic through specific wan link is easy. Can use pre routing.
Block incoming traffic- normal filter rules with drop action.
VPN server - Mikrotik has PPTP, L2TP built in.
SNMP - yup can be done.
Get good SNMP program and then see what type of traffic is going out.

 

[Dirty Harry101]

I thought I was the only one routing for the Mikrotik. I'll be honest, It would take me some time to get this setup going as I dont have the luxury of playing with this kind of setup, but I knwo it can be done.

HApyM3al is on the money there. It is a relatively easy setup. Mikrotiks are very capable little devices, if setup properly.

 

[Randy_The_Squirrel]

I thought I was the only one routing for the Mikrotik. I'll be honest, It would take me some time to get this setup going as I dont have the luxury of playing with this kind of setup, but I knwo it can be done.

HApyM3al is on the money there. It is a relatively easy setup. Mikrotiks are very capable little devices, if setup properly.

Once you go Mikrotik... you'll throw every other router in the bin... trust me on that one...

 

[Dirty Harry101]

Well, I havn't quite been able to compare or anything like that.
I know Mikrotik from my wireless ISP days, so about 3years no I am using it, but for the price you pay and the usability you get, its difficult to find a replacement. So yeah, can understand when you say that. Just wish I could play more. I'll get there.

 

[Randy_The_Squirrel]

There are many knowledgable Mikrotikers on this forum who can help you quickly. In my case Google had all the answers I needed

 

[Dirty Harry101]

No I have done the MTCNA and what not. Just a matter of actually being able to play and apply it. I'd like to do the MTCRE course Miro is having next month.

Yeah google can help, but there's a lot of yappies out there that post ****. Also, the Mikrotik forum is useless at best.