Home firewall poll

Discussion in 'Networking' started by cheezehead, Feb 3, 2017.

?

What firewall do you run at home?

Poll closed Mar 5, 2017.
  1. pfSense

    56.3%
  2. Ubiquiti

    16.7%
  3. Sophos UTM

    15.6%
  4. Enterprise COTS (Cisco/Palo Alto/CheckPoint/Juniper/ect)

    10.4%
  5. SMB COTS (Sonicwall/Watchguard/ect)

    3.1%
  6. Netgear/Linksys/Belkin....what's cheap at the big box stores

    3.1%
  7. Straight IPTables/PF or bust!

    10.4%
Multiple votes are allowed.
  1. StammesOpfer

    StammesOpfer Active Member

    Joined:
    Mar 15, 2016
    Messages:
    378
    Likes Received:
    122
    So I found that my traffic patterns killed consumer grade devices. From the research that I have done (and the internet is never wrong) they are not designed for anywhere close to 100% duty cycle. So once you install something more powerful (also uses more resources) and then start hammering it with connections they burn out due to running hotter than they should long term. So after running highly rated consumer hardware and replacing it every 1-1.5yrs I moved to pfSense and recently a Ubiquiti USG.
     
    #21
  2. mstone

    mstone Active Member

    Joined:
    Mar 11, 2015
    Messages:
    505
    Likes Received:
    117
    I've never had a great experience going that route. First, stuff like OpenWRT doesn't tend to track the latest hardware so you're always chasing some old board that's been abandoned by the manufacturer. The wireless support is always flaky (and I'd rather have access points deployed independently of the router anyway). You've generally got limited RAM & storage. Stuff randomly breaks because nobody can test every "supported" platform. Bottom line, it can be made to work but it's not particularly fun and usually not worth the effort.
     
    #22
    tic226 likes this.
  3. ttabbal

    ttabbal Active Member

    Joined:
    Mar 10, 2016
    Messages:
    723
    Likes Received:
    193
    That was where I ended up with the *WRT method as well. When it worked, it often didn't work right with the newer radio hardware etc.. For the longest time no 5Ghz radios worked, or didn't work well, for example.

    The lack of firmware updates etc is less important when they are deployed as APs and aren't internet-facing. So I did pfSense as it looked like an easier to work with setup than my old iptables scripts. :)
     
    #23
  4. Cheddoleum

    Cheddoleum Member

    Joined:
    Feb 19, 2014
    Messages:
    82
    Likes Received:
    16
    Yeah, I can see where you're coming from. I don't run it anymore but I'm fond of OpenWRT, maybe because I last ran it on commodity hardware in the Aughties (Asus wl-500gP v1 with the replaceable MiniPCI card... I still love that stupid thing). Then ran it for a few years compiled from source for an Alix 2d13 and a succession of WiFi cards, but always Atheros-based so there was never a support issue. Only dumped that when the 100base-TX nics became hopelessly inadequate even bonded, and of course insufficient crypto support for full-bandwidth VPN.

    Still ran OpenWRT for a few months after that, built with paravirtualization and SMP switches in a KVM, but I got occasional kernel oopses on the host that I didn't think worth chasing so I finally gave it up. Still think it's a great little distro for small appliances though, particularly if you're prepared to build it yourself.
     
    #24
  5. nickscott18

    nickscott18 Member

    Joined:
    Mar 15, 2013
    Messages:
    77
    Likes Received:
    18
    Was Vyos, am now using Mikrotik - neither of which are on the list.
     
    #25
  6. azev

    azev Active Member

    Joined:
    Jan 18, 2013
    Messages:
    619
    Likes Received:
    157
    does anyone know of any open source or "affordable" L7 firewalls for the home ?
    Being able to allow or block application on the internet (facebook, youtube, etc) would be awesome.
     
    #26
  7. cheezehead

    cheezehead Active Member

    Joined:
    Sep 23, 2012
    Messages:
    697
    Likes Received:
    169
    pfSense use to have the code for this years ago but they pulled the ipfw-classifyd package :(after stability issues awhile back.

    Sophos UTM does have the functionality but beware the CPU requirements for handling L7 is significantly higher than a L4 firewall.
     
    #27
  8. azev

    azev Active Member

    Joined:
    Jan 18, 2013
    Messages:
    619
    Likes Received:
    157
    I have tried sophos UTM, they do have some L7 capability but nothing close to the like of palo alto.
     
    #28
  9. epicurean

    epicurean Member

    Joined:
    Sep 29, 2014
    Messages:
    543
    Likes Received:
    20
    Does anyone have experience with Opnsense , vis a vis pfSense?
     
    #29
  10. cheezehead

    cheezehead Active Member

    Joined:
    Sep 23, 2012
    Messages:
    697
    Likes Received:
    169
    That's like comparing a VW Golf to a Telsa lol.

    I don't know of any free solutions that come close to the capabilities of a Palo Alto.

    PA-2050's (which can handle gig links) can be picked up used for like $300ish...sometimes cheaper if you "need"/want that level of filtering.

    Keep in mind a lot of the advanced features are all subscription based.
     
    #30
Similar Threads: Home firewall
Forum Title Date
Networking Home Build of Firewall / Monitor Help Dec 27, 2017
Networking Help me pick a replacement home firewall/router Jan 30, 2016
Networking Firewall for home Jun 15, 2011
Networking Help with home 10GbE network (10Gbase-T and SFP+) Nov 19, 2019
Networking Home cabling Cat7/8 and or Fibre? Nov 10, 2019

Share This Page