Options to replace FiOS router

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Geran

Active Member
Oct 25, 2016
332
91
28
39
Hi,

I am about to upgrade my internet to FiOS "gigabit" in the next couple weeks and I want to get rid of the supplied router from Verizon and I have a couple options to pick from. I would like to run full "gigabit" while also doing IDS and/or IPS.
Option 1: Unifi USG Pro 4 with a Security Onion device to handle IDS
Option 2: Build a pfSense router (CPU would be a E3-1270v2 or RX-427BB) and run IDS/IPS on that as an all in one.
The rest of my network is a Unifi POE 48 switch, nanoHD, a few unifi cameras.

Any insight/input would be greatly appreciated!
 

Geran

Active Member
Oct 25, 2016
332
91
28
39

TS440

New Member
May 6, 2019
8
2
3
So based on those links, the USG Pro is out of the question.

Looks like I'm building a pfSense box with either the 1270v2 or the RX-427BB.
I run pfSense on my gigabit FiOS line. I have an i3-4130 with a quad Intel i350 adapter, running multiple VLANs, snort on all interfaces (except the VLAN I use for streaming and limited rules on WAN), pfBlocker, ntopng, and have IPSEC VPN set up. I can get full gigabit through put on this i3, using < 12% CPU - the RX-427BB should be adequate, the E3 will be massive overkill :).
 
  • Like
Reactions: Geran

Geran

Active Member
Oct 25, 2016
332
91
28
39
I also highly doubt that i3 could really run 1g speed with Suricata even in default config
Why do you doubt that? I need to purchase things this week and get them tested for the 18th of June since that's when my cutover is.
 

BoredSysadmin

Not affiliated with Maxell
Mar 2, 2019
1,050
437
83
Why do you doubt that? I need to purchase things this week and get them tested for the 18th of June since that's when my cutover is.
My advice, get in contact with Ubiquiti and Netgate pre-sales and grill them on performance with all IDS/IPS or in case of Ubiquiti, DPI, enabled. Then you'll have a better idea on what sort of hardware you want vs your budget limitations.
In the same vein, I'd also call www.firewalls.com/contact
They sell tons of firewalls and may have a better idea on their IDS performance.