Anyone here use a standalone firewall?

[Chaotic42]

Because I'm a glutton for punishment, I'm thinking about reviving my old OpenBSD firewall system or maybe building a new one, doing some QoS and whatnot. I'm also really curious about what's happening between my devices and the wall, because I've been getting a lot of weird loading delays - something just feels "wrong".

Anyway, does anyone here use a standalone system as a firewall? What does your setup look like?

 

[XavierMace]

I've got a Sophos UTM running as a VM. So I've got one port on each host dedicated as a WAN interface then plugged into a switch with the Cable Modem. The WAN stuff is all on it's own VLAN.

 

[Red Squirrel]

I have a 1U server running pfsense. Would not want to go back to a standard SOHO router. Vlans are especially nice as you can split stuff up based on risk and only allow access to/from what you want. For example my wifi is separate from my main network.

 

[Skunk-Works]

because I've been getting a lot of weird loading delays - something just feels "wrong".

Run Autoruns and Freefixer. May want to check out Stream Armor as well.

 

[SmokinWaffle]

I have a 1U server running pfsense. Would not want to go back to a standard SOHO router. Vlans are especially nice as you can split stuff up based on risk and only allow access to/from what you want. For example my wifi is separate from my main network.

How easy would you say pfsense is from a beginner standpoint? Never run a standalone hardware firewall but am interested and PFSense is on my list of potential OS's.

 

[Red Squirrel]

How easy would you say pfsense is from a beginner standpoint? Never run a standalone hardware firewall but am interested and PFSense is on my list of potential OS's.

Depends how deep into the features you dive into. It can be fairly simple, or complicated. Like vlans will add a layer of complexity, but if you don't do vlans it's pretty much like a SOHO router but with more features. You can get really granular with firewall rules as well.

 

[Skunk-Works]

You can try PFsense in VMware Player and see how it works.

 

[iwajabitw]

I use Untangle Firewall set up on a old Dell Core2Duo with 6gigs of ram for almost 2 years. Its like PFsense. Its free, but you can purchase/subscribe for a few more features as well as support. Never has a problem and emails me a report everyday. I think they have there own router type setup if you want to do it that way.

https://www.untangle.com

 

[Skunk-Works]

I use Untangle Firewall set up on a old Dell Core2Duo with 6gigs of ram for almost 2 years. Its like PFsense. Its free, but you can purchase/subscribe for a few more features as well as support. Never has a problem and emails me a report everyday. I think they have there own router type setup if you want to do it that way.

https://www.untangle.com

Does Untangle support Snort by chance? I'm too lazy and short on time right now to research it.

 

[iwajabitw]

Yes, the Snort rules can be added or adjusted in the Intrusion Prevention module.
https://wiki.untangle.com/index.php/Intrusion_Prevention

The suite can be as simple or as complicated as you need it up to Enterprise and gov levels. The free version is overkill for most home users.

 

[XavierMace]

Sophos is the most user friendly of the above options. I used pfSense for years prior to Sophos. Sophos has a bit more CPU/memory overhead but it's a much more refined GUI.

 

[PliotronX]

Sophos is the most user friendly of the above options. I used pfSense for years prior to Sophos. Sophos has a bit more CPU/memory overhead but it's a much more refined GUI.

I agree! Holy crap I think it has the most logically laid out UTM interface I've ever had the pleasure of configuring! I am trying to set up a partnership at work with Sophos which has been a pure Sonicwall house up until the others realized how slow and overpriced the SOHO model is. The Sophos XG 85 slaughters it.

 

[Rifter]

I run Pfsense on dedicated hardware.

 

[sdifox]

I have pfsense running in vm.

 

[XavierMace]

I agree! Holy crap I think it has the most logically laid out UTM interface I've ever had the pleasure of configuring! I am trying to set up a partnership at work with Sophos which has been a pure Sonicwall house up until the others realized how slow and overpriced the SOHO model is. The Sophos XG 85 slaughters it.

Yeah, it makes me sad. 99% of our clients who are too cheap to buy an ASA default to Sonicwalls. We have like 2 customers with Sophos boxes. I want to ask them if they realized there's options besides Cisco and Dell.

 

[sonitravel09]

Its a very nice secure firewall

 

[PliotronX]

Yeah, it makes me sad. 99% of our clients who are too cheap to buy an ASA default to Sonicwalls. We have like 2 customers with Sophos boxes. I want to ask them if they realized there's options besides Cisco and Dell.

If they use a lot of ssl VPN clients, it would definitely tip in the Sophos' favor as they are not bound by $30/yr each licenses that the Sonicwall does. Got my coworkers excited about it and we are deploying three more this month that otherwise would have been sonicwalls! Finally!

 

[WhoBeDaPlaya]

Running DD-WRT x86 in a VirtualBox VM
Tried pfSense, but like the UI uniformity between my site (DD-WRT running in a VM on a 12c/24t HP Z600) and other sites (folks', etc. running DD-WRT on consumer routers).