ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Pfsense instead SonicWall ?

    IT Discussion
    sonicwall pfsense firewall
    13
    133
    48.9k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • gjacobseG
      gjacobse @dafyre
      last edited by

      @dafyre said:

      @scottalanmiller said:

      @iroal said:

      Company, at end, let me buy the Pfsense.

      I'm thinking in this model.

      https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

      Any other best option ?

      Answer is going to keep being the same, Ubiquiti is better than pfSense.

      Can the Ubiquiti handle failover from one to another?

      @iroal If the Ubiquiti has all the features you need, then the price will be significantly cheaper than the pfSense setup.

      Yes - Even the ERL I have with 3 ports can. you can set two ISP and one LAN, One ISP, LAN and WiFi or one ISP and two LAN..

      We actually have a client with two ISP and one LAN configured currently.

      scottalanmillerS 1 Reply Last reply Reply Quote 2
      • scottalanmillerS
        scottalanmiller @gjacobse
        last edited by

        @gjacobse said:

        @dafyre said:

        @scottalanmiller said:

        @iroal said:

        Company, at end, let me buy the Pfsense.

        I'm thinking in this model.

        https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

        Any other best option ?

        Answer is going to keep being the same, Ubiquiti is better than pfSense.

        Can the Ubiquiti handle failover from one to another?

        @iroal If the Ubiquiti has all the features you need, then the price will be significantly cheaper than the pfSense setup.

        Yes - Even the ERL I have with 3 ports can. you can set two ISP and one LAN, One ISP, LAN and WiFi or one ISP and two LAN..

        We actually have a client with two ISP and one LAN configured currently.

        That aspect is for WAN failover. He's looking for router failover - where you have two routers instead of just one. It does that too but I don't believe we have any clients doing it. It is a more complicated setup and carries complications from the fact that you can't have the ISP link going to both routers at once by default.

        wirestyle22W 1 Reply Last reply Reply Quote 1
        • wirestyle22W
          wirestyle22 @scottalanmiller
          last edited by

          @scottalanmiller said:

          @gjacobse said:

          @dafyre said:

          @scottalanmiller said:

          @iroal said:

          Company, at end, let me buy the Pfsense.

          I'm thinking in this model.

          https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

          Any other best option ?

          Answer is going to keep being the same, Ubiquiti is better than pfSense.

          Can the Ubiquiti handle failover from one to another?

          @iroal If the Ubiquiti has all the features you need, then the price will be significantly cheaper than the pfSense setup.

          Yes - Even the ERL I have with 3 ports can. you can set two ISP and one LAN, One ISP, LAN and WiFi or one ISP and two LAN..

          We actually have a client with two ISP and one LAN configured currently.

          That aspect is for WAN failover. He's looking for router failover - where you have two routers instead of just one. It does that too but I don't believe we have any clients doing it. It is a more complicated setup and carries complications from the fact that you can't have the ISP link going to both routers at once by default.

          Can't you do 4 routers, two for each ISP?

          scottalanmillerS coliverC 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @wirestyle22
            last edited by

            @wirestyle22 said:

            Can't you do 4 routers, two for each ISP?

            Why would you need four? Why not do two, each ISP into each? What's the benefit of four?

            wirestyle22W 1 Reply Last reply Reply Quote 1
            • coliverC
              coliver @wirestyle22
              last edited by

              @wirestyle22 said:

              @scottalanmiller said:

              @gjacobse said:

              @dafyre said:

              @scottalanmiller said:

              @iroal said:

              Company, at end, let me buy the Pfsense.

              I'm thinking in this model.

              https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

              Any other best option ?

              Answer is going to keep being the same, Ubiquiti is better than pfSense.

              Can the Ubiquiti handle failover from one to another?

              @iroal If the Ubiquiti has all the features you need, then the price will be significantly cheaper than the pfSense setup.

              Yes - Even the ERL I have with 3 ports can. you can set two ISP and one LAN, One ISP, LAN and WiFi or one ISP and two LAN..

              We actually have a client with two ISP and one LAN configured currently.

              That aspect is for WAN failover. He's looking for router failover - where you have two routers instead of just one. It does that too but I don't believe we have any clients doing it. It is a more complicated setup and carries complications from the fact that you can't have the ISP link going to both routers at once by default.

              Can't you do 4 routers, two for each ISP?

              Look at VRRP. It is a protocol that allows for hardware failure. You would just need two routers not four.

              wirestyle22W 1 Reply Last reply Reply Quote 1
              • wirestyle22W
                wirestyle22 @scottalanmiller
                last edited by

                @scottalanmiller said:

                @wirestyle22 said:

                Can't you do 4 routers, two for each ISP?

                Why would you need four? Why not do two, each ISP into each? What's the benefit of four?

                Never mind. I saw the 'by default' portion of your post now and realized there is no point

                1 Reply Last reply Reply Quote 0
                • wirestyle22W
                  wirestyle22 @coliver
                  last edited by

                  @coliver said:

                  @wirestyle22 said:

                  @scottalanmiller said:

                  @gjacobse said:

                  @dafyre said:

                  @scottalanmiller said:

                  @iroal said:

                  Company, at end, let me buy the Pfsense.

                  I'm thinking in this model.

                  https://store.pfsense.org/HIGH-AVAILABILITY-SG-4860-1U-pfSense-Systems-P47.aspx

                  Any other best option ?

                  Answer is going to keep being the same, Ubiquiti is better than pfSense.

                  Can the Ubiquiti handle failover from one to another?

                  @iroal If the Ubiquiti has all the features you need, then the price will be significantly cheaper than the pfSense setup.

                  Yes - Even the ERL I have with 3 ports can. you can set two ISP and one LAN, One ISP, LAN and WiFi or one ISP and two LAN..

                  We actually have a client with two ISP and one LAN configured currently.

                  That aspect is for WAN failover. He's looking for router failover - where you have two routers instead of just one. It does that too but I don't believe we have any clients doing it. It is a more complicated setup and carries complications from the fact that you can't have the ISP link going to both routers at once by default.

                  Can't you do 4 routers, two for each ISP?

                  Look at VRRP. It is a protocol that allows for hardware failure. You would just need two routers not four.

                  Yeah I was thinking simplistically. My bad

                  1 Reply Last reply Reply Quote 0
                  • wrx7mW
                    wrx7m
                    last edited by

                    Let's say you set up an EdgeRouter, what would you guys recommend for the additional services that a UTM platform would normally provide?

                    coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • coliverC
                      coliver @wrx7m
                      last edited by

                      @wrx7m said:

                      Let's say you set up an EdgeRouter, what would you guys recommend for the additional services that a UTM platform would normally provide?

                      Like what?

                      Proxy/web filtering could easily be done via Squid.

                      1 Reply Last reply Reply Quote 1
                      • coliverC
                        coliver
                        last edited by

                        The ER series has a client VPN built in. I think it will do OpenVPN as well.

                        1 Reply Last reply Reply Quote 0
                        • wrx7mW
                          wrx7m
                          last edited by

                          Gateway AV, DPI, IDS, IPS

                          coliverC 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @wrx7m
                            last edited by

                            @wrx7m said:

                            Let's say you set up an EdgeRouter, what would you guys recommend for the additional services that a UTM platform would normally provide?

                            Standard recommendation is that those things don't belong on a firewall and should be either handled by another device or should not exist at all (much of the time they are negatives and sold via hype... most have their place but are not very commonly recommended.)

                            wrx7mW 1 Reply Last reply Reply Quote 0
                            • coliverC
                              coliver @wrx7m
                              last edited by

                              @wrx7m said:

                              Gateway AV, DPI, IDS, IPS

                              I've never seen Gateway AV work... but I Squid can also do this with some addons.

                              DashrenderD 1 Reply Last reply Reply Quote 0
                              • wrx7mW
                                wrx7m @scottalanmiller
                                last edited by

                                @scottalanmiller Interesting. So you would just go with endpoint protection after the router/firewall?

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @wrx7m
                                  last edited by

                                  @wrx7m said:

                                  @scottalanmiller Interesting. So you would just go with endpoint protection after the router/firewall?

                                  Yes, in nearly all cases. AV on the firewall means huge network delays or tons of processing power needed at the end and it is rarely effective. If you are investing tens of thousands in Palo Alto gear, that's different. But other than that, I wouldn't even consider it.

                                  wrx7mW 1 Reply Last reply Reply Quote 2
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    I'm a big believer that the UTM concept is hype. I want my router to be a router, not be an all in one device like I'm a home user. All functionality should be broken out and should be determined discretely if needed. UTMs are sold almost exclusively based on marketing, not a need driving a search for a solution.

                                    1 Reply Last reply Reply Quote 0
                                    • wrx7mW
                                      wrx7m @scottalanmiller
                                      last edited by

                                      @scottalanmiller Thanks for the info. What about use of a proxy/application control?

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • DashrenderD
                                        Dashrender @coliver
                                        last edited by

                                        @coliver said:

                                        @wrx7m said:

                                        Gateway AV, DPI, IDS, IPS

                                        I've never seen Gateway AV work... but I Squid can also do this with some addons.

                                        You haven't? I have. Both good and bad. I've seen it block bad things and also have false positives. I definitely like the thought behind it.. not sold one way or the other in practice though.

                                        scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender
                                          last edited by

                                          Plus Scott is a big believer in the LANless approach. Don't trust the network you're own.. create your own security through other means, like endpoint to server SSL, etc.

                                          1 Reply Last reply Reply Quote 1
                                          • scottalanmillerS
                                            scottalanmiller @wrx7m
                                            last edited by

                                            @wrx7m said:

                                            @scottalanmiller Thanks for the info. What about use of a proxy/application control?

                                            Proxies have their place, and I was using one at home even in the 1990s. Proxying itself is pretty much useless for 95% of businesses, but some need it. But a proxy requires a lot of horsepower and should never be combined with routing. For proxy and cache functions I would also turn to Squid for normal stuff and if you feel that you need to control access (which I generally think is a horrible idea and you should fire everyone if you think you need this) I would use Websense as nothing else even pretends to actually do anything.

                                            wrx7mW 2 Replies Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 4 / 7
                                            • First post
                                              Last post