Jump to content
RESET Forums (homeservershow.com)
nguyendot

Home firewall options?

Recommended Posts

itGeeks

I'll give it a try and see if it will hit gigabit. That's one of my goals. Check Point just partnered with the company I work for and they gave me some gear to try out. The 3200 is just a trial, but they will give a huge discount or maybe a hookup if I like it enough. Sophos is like a 60 or 70% discount. Their older UTMs can be had super cheap, like the 525 which will run just about anything.

 

 

I do have the r710 with esxi 6.x I will try untangle on too.

Good luck I will just say this again unless you live alone or you have a very simple network or your willing to deal with the yelling & screaming stay away from Sophos for a home network. Buyer be warned.

Edited by itGeeks

Share this post


Link to post
Share on other sites
nguyendot

As I've got two WANs, I can test it on part of the network without too much interruption. The SonicWALL blocks similarly to the Sophos so I'm not a stranger to it.

 

We allow rfc1919 and rfc1918 protocols and that solves a lot of the problems with mainstream access

Share this post


Link to post
Share on other sites
itGeeks

IPS with any of these three packages with use a lot of CPU because they all use Snort and as we all know or should know Snort is still a single threaded application though from what I understand this will be changing in the near future.

That is what the make drills and dremels for :D

Chris I will also tell you as much as I liked Sophos and the great protection it offered its not geared for home use. I wish it was because I liked the ease of use with reusable objects ect but it just caused to much trouble on a home network. I hope one day they become more interested in the home network but as of now there not interested. For home users its Untangle all the way.

Share this post


Link to post
Share on other sites
nguyendot

Sophos model was really never for home. Their home UTM is free purely as a cheap publicity avenue so more IT specialists can become familiar with it. I love the interface. I hated it at first back when we were a SonicWALL shop, but it grew on me. The VPN capabilities of the RED devices are some of the better parts of it - but that's geared towards the SMB not the home users. They likely will not move into the consumer space any more than they'd moved into the large enterprise space.

Share this post


Link to post
Share on other sites
itGeeks

Sophos model was really never for home. Their home UTM is free purely as a cheap publicity avenue so more IT specialists can become familiar with it. I love the interface. I hated it at first back when we were a SonicWALL shop, but it grew on me. The VPN capabilities of the RED devices are some of the better parts of it - but that's geared towards the SMB not the home users. They likely will not move into the consumer space any more than they'd moved into the large enterprise space.

Agreed.

Share this post


Link to post
Share on other sites
nrf

I am reasonably comfortable with my sophos utm setup, no screaming (usually) in my house and should it happen I know how to handle it.

I am, however, going through the youtube videos on pfsense with an open mind. I am still allergic to the subscription model :)

Share this post


Link to post
Share on other sites
pcdoc

Good luck I will just say this again unless you live alone or you have a very simple network or your willing to deal with the yelling & screaming stay away from Sophos for a home network. Buyer be warned.

 

Certainly do not want to open this thread up to the much debated topic of Untangle vs Sophos, however I must disagree with your comment.  I have 4 people in the house (two are in their early 20's) and have not had a single issue once I got it setup.  The only complaint I got was their inability to get to sites I wanted blocked.  Yes, it took some initial tweaking but most solutions do take a bit of tweaking, but it has been months with no issues and I have allot of filtering, IPS, and AV running.  Not disagreeing that Untangle is good solution for the home as well but I think we need to keep it in perspective.  Every maintenance release (now 3) has improved the product and it continues to get better.

  • Like 1

Share this post


Link to post
Share on other sites
snapper

 

 

pfSense=a train wreck for administration

Sophos both UTM9 and XG=Will wreck havoc on a home network blocking streaming services to mobile devices as well as stopping some updates to devices such as printers and builds for anyone on the Windows Insider program as well as gaming consoles and many other things such as digital picture framed nest thermostats ect., Sophos UTM9 will allow you to create Regx rules that will allow you to fix most of this stuff but those same Regx rules will not work with Sophos XG. Plan and simple Sophos is not home network friendly and Sophos is proud of it. Yes there offer a home license but they have clearly stated that they are not a home product so be warned. Unless your willing to deal with the heavy footsteps cumming down the hall screaming this won't work and that won't work and your willing to bypass several devices from the powerful protection that Sophos offers then stay clear of it.

 

The new Untangle v12 is your friend for home networks, It now provides a very nice dashboard that is Customizable with real-time reports & great gateway protection & it wont break your network & Unlike Sophos Untangle is very interested in the home user and unlike Sophos they will provide you support via phone with there new home licensing offer of 50.00 a year for all you can eat. I am very happy with the performance and protection I am getting with Untangle on my home network. I must tell you I am very anal aka (OCD) about how my home network performance and protection so I would not recommend Untangle if it did not deliver in all arias.

 

 

Thats a pretty fair summary, but its worth pointing out that by design, Sophos blocks all outgoing and its up to the admin to open access.

Untangle (and XG i believe) is the reverse - everything is allowed out unless blocked.

 

This makes it easier for Untangle to setup for home etc at the cost of less secure.

 

I'm running UTM9 at the moment as I prefer the locked down approach, but when I get a moment, am planning on spinning up an Untangle VM again, but blocking everything from the outset and seeing what happens...

Share this post


Link to post
Share on other sites
nrf

but it doesn't take much to open outgoing to all in the utm.

  • Like 2

Share this post


Link to post
Share on other sites
Drashna Jaelre

Thats a pretty fair summary, but its worth pointing out that by design, Sophos blocks all outgoing and its up to the admin to open access.

Untangle (and XG i believe) is the reverse - everything is allowed out unless blocked.

 

This makes it easier for Untangle to setup for home etc at the cost of less secure.

 

I'm running UTM9 at the moment as I prefer the locked down approach, but when I get a moment, am planning on spinning up an Untangle VM again, but blocking everything from the outset and seeing what happens...

 

 

I *wouldn't* call this a fair assessment, actually.  Sophos UTM is meant to be a very locked down, heavily restricted UTM device.  "Trust no one".  As others have mentioned, it's not really meant to support home use out of the box.  It's meant to LOCK DOWN EVERYTHING. 

 

Additionally, the web filter requires much less tinkering and works better if you DO NOT use the "Decrypt and Scan" option, and only do the URL filtering.  This is intentional, as well.  URL filtering doesn't catch as much... but it takes a lot less resources and interferes less. 

 

Additionally, I've personally provided a lot of documentation on how to get the vast majority of services working properly (it's not comprehensive, but I do periodically add more to it, and refine it). 

 

 

 

But yes, it's not something that you just drop in and it worked 100% like a consumer router. 

And as for Untangle, IIRC, a lot of the good stuff (like filtering, etc) requires a monthly subscription. So it's most certainly NOT FREE. 

 

 

Each option has it's advantages and disadvantages, but they're all very good, IMO.  But they're definitely suited to different type of people. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • JROrtiz
      By JROrtiz
      I've been banging my head for a few days now trying to figure this out and I've run out of ideas. Hoping the very intelligent crew here can help me out.
       
      I have a Drobo 5N and a Synology RS816 on my network, both of which have been working without issue for quite some time now. I've always connected to both via Windows Explorer by simply going to the network address i.e., \\N5 and \\SYN (sample names). 
       
      I recently got a new desktop which is where the issues are coming up. When I try to go to \\N5, it results in a message saying it cannot find that location. However, \\SYN works just fine. What's strange is that I can see and manage the Drobo through the Drobo Dashboard software. What could be preventing Windows from seeing the Drobo on the network? 
       
      I've already enabled the SMB 1.x protocol, ensured the workgroup names are the same, rebooted both the machine and the Drobo, made sure network sharing is enabled, and even did a fresh install to ensure that some program I installed didn't cause the issue. Every other machine I have can access the Drobo without issue. It's just this new desktop, and everything is running Windows 10.
       
      Another strange phenomenon that I discovered is that if I go to "\\DROBO" (verbatim, not a sample name) it leads me to the Synology. Where is Windows getting the mapping from that it is directing that address to the Synology?
       
      This is driving me nuts so any advice would be greatly appreciated.
    • Jason
      By Jason
      Have been running a Windows DHCP server on home WSE12R2 box for quite some time behind my Sophos UTM firewall. Also allowed me to seamlessly run Windows Deployment Services at home. WDS just worked.
       
      But if I needed to make a particular LAN IP address exception on the firewall, I had to 1.) create a Windows DHCP server reservations AND 2.) create a network definition for that IP on the Sophos UTM box. 2 steps. Not very efficient; was sure I was doing something incorrectly...
       
      Tried to migrate to Sophos UTM running the DHCP Server, but now WDS doesn't work. LAN devices can no longer PXE boot. Seems possible. Many guides. None have proven especially successful.
       
      Is it possible to run a Windows DHCP server and have Sophos UTM import DHCP reservations instead of maintaining 2 unique entries for each IP reservation (one in Windows DHCP, another on Sophos UTM box)?
       
      What is best practice?
       
       
      Sent from my iPhone using Tapatalk
    • donschmidt
      By donschmidt
      Good morning.  I've just  purchased a home still under construction and plan to have CAT6 installed throughout the living areas. I'm hoping that someone can advise me as to the specific quality/specs of cable that I should use.
      Thanks and Happy New Year.
    • Joe_Miner
      By Joe_Miner
      I've been looking at the Intel Compute Stick BOXSTK1AW32SC and was wondering if anyone here has experience with that and if the Intel AC 7265 built into it is backwardly compatible with older N and A,B wifi?
    • heavy21
      By heavy21
      I want to optimize the performance and security of my home network of servers, PCs, laptops printers, smartphones, TVs, etc.  Current network appliances include layer 2 and 3 switches (Cisco small business) and Linksys router.  I’m looking to replace the Linksys with a security (pfSense) router appliance (w/OpenVPN).  I will also be adding security cameras and a NVR to the network.
       
      The gigabit network is straightforward in structure with all Ethernet connections hanging off the24 port switch connected to the cable modem and router except a cascaded 8 port switch in a room to provide 4 Ethernet connections in a room with only one data port.  Wireless connections presently come off the Linksys but will eventually come off the to-be-purchased security/router appliance with a wireless card.  I don’t see more than 100 devices in total for the whole network.  No VLANS and no sub-netting.  All hardware supports IPv6.
       
      Hardware line up is:
      Dual Zeon server w/RAID 10 of 24 TB of storage, 64GB memory
      Cisco managed switches layer 2 and 3
      HPEX495 server
      Workstations, Desktops, Laptops, Tablets, iPads
      Printers
       
      Software line up is:
      Windows Server Essentials 2012 R2, single domain controller, storage and file server duties
      Windows 10 Pro all non-server Intel computing devices
      PLEX server for streaming audio and video to display units
      Office 365
       
      From what I’ve read so far, it appears that I need to incorporate an IP addressing scheme for clients and servers on the network.  It would also appear that I need to implement VLANS and/or sub-netting to protect access to certain files and security footage, provide guest networking with future consideration for electronic door locks and some sort of server based media distribution to various display devices,
      What are best practices on assigning client and server devices to IP ranges, fixed or dynamic IP addresses?  Do I need to assign clients or servers to IP ranges?  What are the considerations in establishing sub-nets over VLANS or vice versa?  I’m pretty sure I want to restrict access to cameras and their security footage and personal files on my workstation.
       
      Thanks for any resources and advice provided.
       


×
×
  • Create New...