Lee H. Marzke on 29 May 2018 13:01:36 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Cheap Firewall


So is your total Cloud billing, plus reduced network to the house , and reduced power to the house a net
increase or decrease in monthly bills ?

If you like full features and a GUI, I still recommend pfSense,  and you can get it on supported hardware from
https://store.netgate.com/SG-1000.aspx

The SG-1000 may only pass 100mbs with filter enabled, so you may need something larger if you do video or VPN connections.
AES-NI support in the cpu helps a lot.  The next pfSense 2.5 will require AES-NI.

Netgate doesn't allow pre-installed pfSense - so any units on Amazon with that are likely old versions, and
you may have hw issues with upgrades, so be careful.

I've had bad luck with pfSense running on micro SBC units,  with the chip running the switch interface
not working so well on multiple Nics,  especially with vLans, so you might want to pick supported hardware.
The same exact pfSense ran fine as a VM, but wouldn't play correctly on the small SBC.

I've also had good luck with the Edge-router as a backup firewall ( since my main pfSense is virtual )
but anything more than basic features are difficult with GUI, and the command line is based on vyatta
( now vyos ) which is like Juniper fw,  so  there is a learning curve.

Lee




----- Original Message -----
> From: "Casey Bralla" <MailList@NerdWorld.org>
> To: "Philadelphia Linux User's Group Discussion List" <PLUG@Lists.PhillyLinux.org>
> Sent: Tuesday, May 29, 2018 11:42:07 AM
> Subject: [PLUG] Cheap Firewall

> I'm finally closing down all my servers in my basement on my comcast
> commercial account and moving them all to rented servers in the cloud. Â
> I'll be able to save a ton of money on internet charges, but will have
> to give up a bunch of blinken lights.
> 
> I'm not sure how to setup a good firewall, however.
> 
> Up till now, I've been using an old PC with 3 network cards.  But
> without the servers, this is way overkill.   I thought I might use an
> old wireless router (in non-wireless mode) to provide NAT.  But I'm not
> sure if that is robust enough.
> 
> 
> Any suggestions from the list on setting up a good, low-power firewall
> that is capable of gigabit speeds?
> 
> --
> 
> Casey Bralla
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

-- 
"Between subtle shading and the absence of light lies the nuance of iqlusion..." - Kryptos 

Lee Marzke, lee@marzke.net http://marzke.net/lee/ 
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM 
+1 800-393-5217 voice/text 
+1 484-348-2230 fax
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug