Networking question

[G+_Jason Perry]

Networking question.

 

I feel that I have too many plans for my firewall, and I don't want to off load additional tasks on my NAS. I am looking at updating my hardware in the futrue.

 

Here are my plans.

put in a pfSense firewall with two NICs, and use it for just that. At most run wireshark on it to monitor traffic.

Install a second box running ClearOS or Mikro Tik and a minimum of 4 NICs to manage the rest of the network.

 

I have also thought about just putting more interfaces in my pfSense box and getting an Intel NUC and running a VM for any service I have on my network.

 

Other thought is to throw a SharkTap box between the firewall and the router, and let the firewall run OpenVPN.

 

Well I seem to have a lot of thoughts. What are yours? What is your current setup? What direction do you want to go with your setup?

[G+_Travis Hershberger]

Honestly, running a pfSense box will cost you more in power than buying a Ubiquiti ER-X router. If you really want a software based router, I can't recommend VyOS enough, but it is much "harder" to use as it lacks any gui management at all.

 

The rest of the network, I like AlienVaults OSSIM. IPS/IDS and it does work, but does mean you have to roll out it's client software to any computers you want to monitor with it (SNMP it can monitor without the agent.)

 

If you have something else to run a VPN, security and such besides the firewall, it's generally a good thing to separate them as much as you can.

 

I like where you're going with this. Really quite close to what I'm doing, just different software tools used to do it.

[G+_Jason Perry]

Travis Hershberger?, I have been looking at the ER-X router as well. Thanks for the reminder. I am going to also look into VyOS, do you have a rundown of your pros and cons?

 

If I end up using pfSense it will be a custom built box and not some old machine (still probably more power Hungry than the ubiquity router)

[G+_Travis Hershberger]

I'm actually using an ER-POE at home and VyOS for the hosted home lab server I use. Both are actually very similar to manage via a command line. The VyOS guide is all I've ever needed to get everything configured with VyOS that I've wanted to. wiki.vyos.net - User Guide - VyOS Wiki The ER-X of course also offers a web page GUI management screen, which exposes most, but not all, of the features available to them. The ER-X also has very nice performance monitoring tools via the GUI that are just harder to visualize on a command line.

[G+_Jason Perry]

One of my big goals is to setup my devices to connect to an OpenVPN server when they are not on the physical network.

 

I am guessing I would be better off using VyOS over pfSense to host the VPN server?

[G+_Travis Hershberger]

If you want VPN, you really can't go wrong with ZeroTier.com

[G+_J Miller]

Just curious as to why someone would go to all of this trouble?

I feel preety safe behind my store bought roughter. Am i kidding myself or am i not anyones target?

Commercial? Personal use?

[G+_Jason Perry]

J Miller?, it's simple, the trouble is a hobby. Getting it working the way you want is very satisfying. My father in law feels that I have enough network cable in my house to provide the entire city with internet. It's like gardening, 3D printing, or prepping.

[G+_Travis Hershberger]

J Miller in my case it's because I'm in IT, and need to maintain a home network that any of my clients would be jealous of.