Firewall for home

Hap

New Member
May 14, 2011
7
1
0
Western Md
Using a Cisco RVS4000, tho I did add a enermax fan on top to keep some of the parts cooler inside, and again wondering if others might be using this small business security router
 
  • Like
Reactions: Mike Bailey

drake3

New Member
Feb 11, 2011
14
2
3
I am using the WRVS4400N at home for an access point. The router is feature packed, although I could never get the second SSID/VLAN segmentation to work. It does generate a lot of heat. However, I use Astaro (now Sophos) products for my firewall at work and home.
 

apnar

Member
Mar 5, 2011
109
17
18
I used to use a Linksys e3000 with a modified dd-wrt on it, but I've recently moved over to using pfSense in a virtual machine on my all-in-one NAS/ESXi box. I've been very happy with it so far. I pass through a physical ethernet card to it with VT-d which I use to connect to my ISP. It also has a virtual interface on my internal network. It does a great job handling all my firewalling, routing, VPNs, etc.

Even on a commodity standalone box I'd suggest taking a look at pfSense.
 

Patrick

Administrator
Staff member
Dec 21, 2010
11,965
4,925
113
Just wondering, how is the latency on your pfsense box, and what hardware are you running on it? I am thinking of converting an Atom machine or two over.
 

apnar

Member
Mar 5, 2011
109
17
18
I haven't noticed much in the way of latency, but all my traffic passing through it is hitting slower networks (cable modem and a couple wireless links). I'm running it as a VM on ESXi 4.1 with 1 processor and 1 gig of RAM assigned to it and the VM is barely using any of it unless I'm pushing the VPN. The underlying physical proc is a Xeon E5620.

I've been running the latest 2.0 x64 release candidates with the ipv6 repo overlay. So far it's been working great and my VPN performance is much improved over what the e3000 could handle (now my bandwidth is the limiting factor). I suspect an Atom would do ok assuming you aren't putting a lot of encryption/decryption load on it.
 

damarious25

New Member
Jan 29, 2012
1
0
1
Canada
I'm running pFsense on an old PIII with 756 ddr I found for free in a local add. The NICs are only 10/100 but I have 6 months until fiber optic internet is available in my neighbourhood so for home network use it's fine.
 

zicoz

Member
Jan 7, 2011
140
0
16
Anyone tried Astaro Securoty Gateway Home and know how it does compared to PFSense?
 

dswartz

Active Member
Jul 14, 2011
426
37
28
I am using it instead of pfsense now. They are both good, but ASG has a number of features that pfsense doesn't (such as an spam/virus filter that sits in front of my mail server - has a web quarantine, etc...)
 

_Adrian_

Member
Jun 25, 2012
41
1
8
Leduc, AB
Ummm...
pf does have a mail scanner package.
But for me the most important is the HAVP antivirus Package
Antivirus: HAVP (HTTP Antivirus Proxy) is a proxy with a ClamAV anti-virus scanner. The main aims are continuous, non-blocking downloads and smooth scanning of dynamic and password protected HTTP traffic. Havp antivirus proxy has a parent and transparent proxy mode. It can be used with squid or standalone. And File Scanner for local files.

Here's a quick run down on the mail package...
mailscanner-dev Services beta
4.83.5 pkg v.0.2.1
platform: 2.0
MailScanner is an e-mail security and anti-spam package for e-mail gateway systems. This is a level3 mail scanning tool with high CPU load.
MORE INFO HERE

BTW, im running this on a "retired" DL360 G4 with Mellanox card and NC340T
 
Last edited:

dswartz

Active Member
Jul 14, 2011
426
37
28
ASG has all of that too, and it's (IMO of course) better integrated. I've seen a lot of problems with the way addon packages work with pfsense. If it works for you, that's the important thing.
 

_Adrian_

Member
Jun 25, 2012
41
1
8
Leduc, AB
Over the past few years it stopped a lot of attempts which otherwise would have ended otherwise...
 
Last edited:

dswartz

Active Member
Jul 14, 2011
426
37
28
Well, good (seriously), but I was never saying otherwise. I just think external package integration in pfsense is fragile, due to how it works. I think the devs have done wonders with it, it's just inherent.
 

_Adrian_

Member
Jun 25, 2012
41
1
8
Leduc, AB
I'm on the new 2.1 Beta and have no issues to speak of.
Everything works perfect even though I'm on the daily builds.

OpenVPN, IPv6 Tunnel, and my Default IPv4 gateway from my provider works flawlessly !
And not even mentioning the other packages that have been added in and running in the background.
But then again... I'm running quite powerful machine for what it is...

Latency you ask ?
+2->4ms over your default gateways latency
 

ehorn

Active Member
Jun 21, 2012
342
52
28
I am using it instead of pfsense now. They are both good, but ASG has a number of features that pfsense doesn't (such as an spam/virus filter that sits in front of my mail server - has a web quarantine, etc...)
Interesting...

Would be nice to see some comparative reviews of these two:

Sophos UTM (aka. ASG)
vs
pfSense w/Snort, etc...

Features, performance, hardware requirements, etc...
 

ehorn

Active Member
Jun 21, 2012
342
52
28
Just wondering, how is the latency on your pfsense box, and what hardware are you running on it? I am thinking of converting an Atom machine or two over.
Hi Patrick, Did you ever get around to playing with this?

The guys over at pfSense say max throughput ~ 550Mb/s on the newer atoms (without add-in packages). I don't recall latency measurements though... They seem to be suggesting the low-power pentiums with pico PSU's for Gb speeds and some left over for packages (if intended)...

I am considering a UTM/pcap setup... Currently looking at a DQ77KB platform... I saw Aluminum (member here) had a similar setup. With a pcap build as well. If he stumbles along this thread, I would love to here his experience with this setup.

I am wondering how an ESXI setup might work for this purpose: VM1 for firewall/router and VM2 (sitting inside for pcap)...

Any thoughts/ideas?
 

ehorn

Active Member
Jun 21, 2012
342
52
28
I did. Here is a bit on the Supermicro X7SPE-HF-D525 and pfsense. Bottom line, I rebooted the machine once in the last 11 months. I only put WAN traffic through the pfsense box though and I do not have a 550mbps home connection :)
Thanks for the link. I forgot I actually read that some time ago... At my age, "CRS" is becoming a problem...

Yeah, not sure too many folks would stress that BW from a home. hehe... :)

However, add in some packages and/or a few VPN connections (with IPSec/Encryption) might bring that throughput number down considerably. I have not seen many metrics (CPU/BW) for the atoms under those conditions.

Have you done any VPN with it or are you running any IDS/pcap/etc... packages on top?