Home Network Firewall Options
-
So without a UTM device how are you monitoring the network and locking down the traffic?
I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment
-
@NETS said:
So without a UTM device how are you monitoring the network and locking down the traffic?
I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment
Netflow on your router then another device (IDS/IPS) can look at traffic and modify to block it if needed. Ours is actually called a Network Behavior Anomaly Detection. There's open source ones too I'm sure.
-
@NETS said:
So without a UTM device how are you monitoring the network and locking down the traffic?
I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment
In the SMB, one idea floated is to move way from the LAN altogether to a LANless design. Don't trust the local or any network. Protecting people from the websites they visit is difficult at best and impossible at worst, it's a moving target, and normally good site can be hacked and and suddenly start dishing out bad stuff.
-
@NETS said:
So without a UTM device how are you monitoring the network and locking down the traffic?
- What is the actual need here? A firewall already monitors and locks down the traffic. Those are not UTM functions.
- With a UTM, how are you doing it?
-
@NETS said:
I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment
Sure, but a firewall is just as easy. So what's the benefit to the UTM? UTMs are costly and often introduce big bottlenecks to the network. In what way do you see them justifying their extra cost to purchase and maintain?
-
@Dashrender said:
@NETS said:
So without a UTM device how are you monitoring the network and locking down the traffic?
I know there are other methods but a UTM seems to provide an easy way to accomplish this in an SMB environment
In the SMB, one idea floated is to move way from the LAN altogether to a LANless design. Don't trust the local or any network. Protecting people from the websites they visit is difficult at best and impossible at worst, it's a moving target, and normally good site can be hacked and and suddenly start dishing out bad stuff.
Not just in the SMB, but the SMB will lead here but the nature of being easier to be agile.
-
@wirestyle22 I've managed to kit out my home network entirly with Meraki gear I've acquired through webinars and cheap eBay sales. Currently using an MX60 which I picked up for £40 that included a little less than 1yr of the Advanced Security license on it.
-
We had a UTM applicance that was excellent for web filtering and sucked big time for IPS.
I cut the IPS off and ran Snort / Suricata for a few years in-line so I could actively block the attacks and things like P2P It was awesome. Sadly, our Badnwidth outpaced the hardware and we had it converted to an IDS out of band so it just monitored.
I am a HUGE believer in knowing what is going on on your network. Get something in place, even if it can only see what is going on and alert you.
-
@dafyre said:
I am a HUGE believer in knowing what is going on on your network. Get something in place, even if it can only see what is going on and alert you.
This.
-
I've been playing with my ERX. It's pretty amazing for $60. Looking into purchasing their UAP-AC-LITE as per @JaredBusch
-
@wirestyle22 said:
I've been playing with my ERX. It's pretty amazing for $60. Looking into purchasing their UAP-AC-LITe as per @JaredBusch
I have one, it's awesome!
-
@Dashrender said:
@wirestyle22 said:
I've been playing with my ERX. It's pretty amazing for $60. Looking into purchasing their UAP-AC-LITe as per @JaredBusch
I have one, it's awesome!
I have a ERX/UAP-AC-LITE combo sitting net to me righ tnow to configure up this morning
-
I have been running an ERX for a couple of weeks and it really is great for the money. I also have a UAP-AC-LR that I am having some issues with in terms of devices losing connectivity. Most of my stuff is hard-wired. My phone loses connectivity from what I can tell about once a day but my WiFi thermostat disconnects and won't reconnect, making it all but useless for 75% of the time. I saw an update was released as of 2-29 but that didn't fix the issue. I am going to hit up support to see what they recommend.
-
try dialing the power output back on the UAP.
-
@Dashrender said:
try dialing the power output back on the UAP.
Thanks, I will try that. I have seen others having similar problems going back to the previous generation of APs but I couldn't identify any one thing in particular.
-
@wrx7m said:
@Dashrender said:
try dialing the power output back on the UAP.
Thanks, I will try that. I have seen others having similar problems going back to the previous generation of APs but I couldn't identify any one thing in particular.
All of the LR models are a horrible thing for anyone trying to use an AP. They are much too powerful and will overwhelm the radios in the gear around your house.
It is a very successful marketing gimmick
-
Well the idea of an LR model is for big open areas and such, not for home use, surely. More like warehouse use where you have to mount them pretty far from where anything will use them.
-
@JaredBusch I do understand that. I needed an AP and the regular version was out of stock in several places that I could get it from quickly enough.
I will also add that it isn't just the LR that I have seen reports/complaints of my issue. It was the other models, as well.
-
Receiving my Ubiquiti Edgeswitch ES-24-LITE, Open Frame Wall Mounted Rack, Patch Panel, Rack tray and mounted power sure strip. Any good recommendations for UPS solutions for A switch/Fios router/edgerouter?
-
@wirestyle22 said:
Receiving my Ubiquiti Edgeswitch ES-24-LITE, Open Frame Wall Mounted Rack, Patch Panel, Rack tray and mounted power sure strip. Any good recommendations for UPS solutions for A switch/Fios router/edgerouter?
I installed an Eaton 5S 1500 for my desktop - should be more than enough for your power load.
