SMB firewall options
- 
 @zuphzuph said in SMB firewall options: Untangle.  You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense... 
- 
 @coliver said in SMB firewall options: @brianlittlejohn said in SMB firewall options: I like to filter by DNS. I use DYN's internet guide. Filtering by DNS is good too. You could setup an internal proxy with something like Squid or Snort to block specific things. For inbound filtering by country: https://doc.pfsense.org/index.php/Pfblocker Reduces port scanning and such by a huge amount 
- 
 When building our own, for the lab, we use VyOS on enterprise server hardware. Basically a massive EdgeRouter. 
- 
 @BBigford said in SMB firewall options: @zuphzuph said in SMB firewall options: Untangle.  You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense... pfSense got both, client and server. 
- 
 @BBigford said in SMB firewall options: @zuphzuph said in SMB firewall options: Untangle.  You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense... OpenVPN is on nearly everything. 
- 
 @scottalanmiller said in SMB firewall options: @BBigford said in SMB firewall options: @zuphzuph said in SMB firewall options: Untangle.  You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense... OpenVPN is on nearly everything. Then maybe I'm thinking of both.  
- 
 @BBigford said in SMB firewall options: @scottalanmiller said in SMB firewall options: @BBigford said in SMB firewall options: @zuphzuph said in SMB firewall options: Untangle.  You've gotten to mess with that more than I have. Have you checked out the content filtering and such? Does it have a VPN client? I couldn't remember if OpenVPN is available on that or if I'm thinking of pfSense... OpenVPN is on nearly everything. Then maybe I'm thinking of both.  EdgeOS and VyOS have it too. 
- 
 @BBigford and FFS you still have not answer this quesiton. @coliver said in SMB firewall options: So... are you looking for a firewall or a UTM? 
- 
 Because your title only says firewall. but you are talking about UTM stuff in your post. 
- 
 @JaredBusch said in SMB firewall options: Because your title only says firewall. but you are talking about UTM stuff in your post. Fixed. I know it's kind of apples to oranges since one includes the other and drives up the price substantially. 
- 
 @BBigford said in SMB firewall/UTM options: @JaredBusch said in SMB firewall options: Because your title only says firewall. but you are talking about UTM stuff in your post. Fixed. I know it's kind of apples to oranges since one includes the other and drives up the price substantially. And generally we don't recommend UTMs. High cost, low results. 
- 
 @BBigford said in SMB firewall/UTM options: @JaredBusch said in SMB firewall options: Because your title only says firewall. but you are talking about UTM stuff in your post. Fixed. I know it's kind of apples to oranges since one includes the other and drives up the price substantially. More like apples to bushels. They aren't different things, one is a big thing made up of the other. 
- 
 @scottalanmiller said in SMB firewall options: @BBigford said in SMB firewall/UTM options: @JaredBusch said in SMB firewall options: Because your title only says firewall. but you are talking about UTM stuff in your post. Fixed. I know it's kind of apples to oranges since one includes the other and drives up the price substantially. And generally we don't recommend UTMs. High cost, low results. Fixed again. I'll just leave UTM out of it. I was talking with someone today about breaking out services since most UTMs I've used try to do everything in each category the best within one device, but seem to end up being mediocre in every area. Instead of just breaking out the services and focusing on one thing, and doing that one thing really well. Until we got up into the +$20k UTMs. Then they were okay. 
- 
 @BBigford said in SMB firewall options: @scottalanmiller said in SMB firewall options: @BBigford said in SMB firewall/UTM options: @JaredBusch said in SMB firewall options: Because your title only says firewall. but you are talking about UTM stuff in your post. Fixed. I know it's kind of apples to oranges since one includes the other and drives up the price substantially. And generally we don't recommend UTMs. High cost, low results. Fixed again. I'll just leave UTM out of it. I was talking with someone today about breaking out services since most UTMs I've used try to do everything in each category the best within one device, but seem to end up being mediocre in every area. Instead of just breaking out the services and focusing on one thing, and doing that one thing really well. Without UTM, only Ubiquiti would be on my radar today. 
- 
 @BBigford said in SMB firewall options: @scottalanmiller said in SMB firewall options: @BBigford said in SMB firewall/UTM options: @JaredBusch said in SMB firewall options: Because your title only says firewall. but you are talking about UTM stuff in your post. Fixed. I know it's kind of apples to oranges since one includes the other and drives up the price substantially. And generally we don't recommend UTMs. High cost, low results. Fixed again. I'll just leave UTM out of it. I was talking with someone today about breaking out services since most UTMs I've used try to do everything in each category the best within one device, but seem to end up being mediocre in every area. Instead of just breaking out the services and focusing on one thing, and doing that one thing really well. Until we got up into the +$20k UTMs. Then they were okay. Then if you are looking for a router only, go with EdgeMax as a baseline. If those features are lacking move on from there. 
- 
 @zuphzuph said in SMB firewall options: Untangle.  There was a time that I would have suggested UT,.. and I have used it at two Non Profits without any issues. @scottalanmiller has pointed me at laying off the UT bus and point more towards they true FW and I have installed a UBNT ERLite at home now. I've not spent a lot of time with it,.. but when my exposure with it in the Client field, the ER and ERL line work well. And as mentioned - OpenVPN is on nearly everything. Even the ER line. 
- 
 Untangle is fine if you want a massive AIO beast. I hate those though. 
- 
 
- 
 @JaredBusch said in SMB firewall options: Untangle is fine if you want a massive AIO beast. I hate those though. Just out of curiosity, why? 
- 
 @zuphzuph said in SMB firewall options: @JaredBusch said in SMB firewall options: Untangle is fine if you want a massive AIO beast. I hate those though. Just out of curiosity, why? AIO are just bad in general. If you have 4 tasks that you need to do, separate them out unless there is a good benefit to keeping them AIO. 






