Jump to content
RESET Forums (homeservershow.com)

Ad Blockers


Recommended Posts

  • Replies 33
  • Created
  • Last Reply

Top Posters In This Topic

  • Drashna Jaelre

    9

  • Poppapete

    8

  • oj88

    6

  • ikon

    6

Top Posters In This Topic

Popular Posts

Wife's computer, tablet, phone, Your computer, tablet, phone, Son's computer, tablet, phone, Daughter's computer, tablet, phone, Xbox, PS3, PS4, HTPC, server, TV, Baby monitor, router, printer,

Wife's computer, tablet, phone,

Your computer, tablet, phone,

Son's computer, tablet, phone,

Daughter's computer, tablet, phone,

Xbox, PS3, PS4,

HTPC, server, TV,

Baby monitor, router, printer,

2 to 8 surveillance cameras,

NVR, 2 wireless APs.

 

That's up to 32 already. More children means even more IPs. More than 1 printer. A second, or third TV. Set Top Boxes. It's not hard these days to get up to 50.

Pretty much what I have going, except make that 6 adults, each owning an average of 4 to 6 devices, 2 children with up to 3 devices each, and misc. other network elements like the one you mentioned (Smart TV, Roku 3's, IP cams, etc.)... But also add 4 access points, 3 routers, a managed switch, server, NAS... and a partridge in a pear tree.

 

Using Fing (iOS app) and depending on time of day, I have at most 56 IP addresses on the network during peak times.

 

Now, will I be violating anything if I try circumventing the 50-IP limit by re-designing my perimeter network as such?

 

Internet -> [VM Host (Sophos UTM VM) -> (pfSense VM)] -> LAN

 

The pfSense VM would be doing NAT, transparent proxy, DHCP, DNS and some basic firewalling while the Sophos does everything else.

Link to post
Share on other sites
Poppapete

My situation not much different but half the stuff does not need to be on the LAN being controlled by Sophos in fact it is better if it is not. The Phones and Cameras for instance. This is assuming your Internet Provider allows you to use a second WAN for free or for cheap.

Link to post
Share on other sites

I know this question is a bit late in the game but, how does Sophos actually keep track or control the number of IP addresses it will support?

 

DHCP? Ie. It will only give out 50 IP addresses no matter what? Or, will it only allow the first 50 IP addresses that connects to the internet even if you have a hundred users (hypothetically)?

Link to post
Share on other sites

My situation not much different but half the stuff does not need to be on the LAN being controlled by Sophos in fact it is better if it is not. The Phones and Cameras for instance. This is assuming your Internet Provider allows you to use a second WAN for free or for cheap.

 

You're in a pretty unique situation. I presume because of the relatively low population of OZ it's not a big deal for the ISPs to give out 2 WAN IPs. In most countries you either can't get a second IP at all for residential service, or you have to pay an exorbitant fee for it, or you have to buy business service. In fact, my ISP won't even let me have business class service, even if I'm willing to pay for it. They say the infrastructure in my neighbourhood won't support business class.

Link to post
Share on other sites
Poppapete

DHCP? Ie. It will only give out 50 IP addresses no matter what? Or, will it only allow the first 50 IP addresses that connects to the internet even if you have a hundred users (hypothetically)?

Pretty sure it's the latter. It may give out over 50 but allow only 50 connections at any one time.

You're in a pretty unique situation. I presume because of the relatively low population of OZ it's not a big deal for the ISPs to give out 2 WAN IPs. In most countries you either can't get a second IP at all for residential service, or you have to pay an exorbitant fee for it, or you have to buy business service. In fact, my ISP won't even let me have business class service, even if I'm willing to pay for it. They say the infrastructure in my neighbourhood won't support business class.

That is a turn up. It is us in OZ who are usually getting screwed by ISP's and foreign providers (software especially).

Link to post
Share on other sites

Yeah. Mind you, I can understand some of the extra Internet costs. After all, making thousands of miles of undersea fibre optic cable, laying that cable across the Pacific ocean, and then maintaining that cable is very expensive. OZ has 2 issues with international communications that I can see: it's a long way from North America and Europe, and it has a small population to spread the costs over.

Link to post
Share on other sites
Drashna Jaelre

I know this question is a bit late in the game but, how does Sophos actually keep track or control the number of IP addresses it will support?

 

DHCP? Ie. It will only give out 50 IP addresses no matter what? Or, will it only allow the first 50 IP addresses that connects to the internet even if you have a hundred users (hypothetically)?

I ran into this setting up Sophos for a friend.

 

It will let you run up to 55 IP addresses (this is not done by DHCP, but by active IP addresses in the network, not counting NATed devices such as behind a wireless router) After that, it starts blocking the devices. But it will give you warnings that you've exceeded the license.

 

So it does give you a "grace buffer" which is nice. 

Link to post
Share on other sites

That's good to know. Thanks Drashna.

 

Right now, I'm close to jump ship and run Sophos UTM. I just updated my pfSense from v2.1.5 to 2.2 last night and boy was it a mistake. HAVP/ClamAV, SquidGuard3 and IPSec VPN stopped working post-update. I'll try to do a clean install or a rollback tonight and see if I can get everything back to working order. Otherwise, I've just been given a very good reason to try out Sophos.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...