Arg! The money spent the month before I stated here.
-
Sorry to hear that man! I don't know which industry are you in but that usually is the determination of what you need.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
I run a Sophos SG-210 here (for the past 2.5 years) and am gun shy on updates because I have seen them break more than they fix. I am seriously considering moving to ubnt next year. The interface on the 9.x UTM version is really easy to learn and use. I really only use a few features. Namely, the routing/firewall, gateway AV, proxy and IDS. I tried application control (for throttling Youtube) but it never worked correctly and that was when we only had a 10/10 Mbps connection. Now we have 150/150 so it is less of an issue.
This is what I keep hearing... slow, expensive, and fragile.
-
@scottalanmiller - Do the Ubiquiti Edge Routers have the network, host and service definitions approach to ACLs, like SonicWall, Sophos, etc?
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@scottalanmiller - Do the Ubiquiti Edge Routers have the network, host and service definitions approach to ACLs, like SonicWall, Sophos, etc?
NO, because it is not a IDS/IPS/UTM device.
-
@jaredbusch - I didn't think that those key features made the difference in terms of user interface and usability.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch - I didn't think that those key features made the difference in terms of user interface and usability.
Key features? What key features? Those are fairly useless feature IMO.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch - I didn't think that those key features made the difference in terms of user interface and usability.
Sure - but the definitions you listed do make a difference.
i.e. Edge OS calls out ports and IPs, that's all.
-
@jaredbusch said in Arg! The money spent the month before I stated here.:
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch - I didn't think that those key features made the difference in terms of user interface and usability.
Key features? What key features? Those are fairly useless feature IMO.
Only key in that you mentioned them, specifically, in response to my question.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch said in Arg! The money spent the month before I stated here.:
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch - I didn't think that those key features made the difference in terms of user interface and usability.
Key features? What key features? Those are fairly useless feature IMO.
Only key in that you mentioned them, specifically, in response to my question.
You named IDS/IPS/UTM devices and asked if Ubiquiti was feature parity. I said no.
-
@jaredbusch Right but my question was related to ACLs, not IDS/IPS.
-
@jaredbusch said in Arg! The money spent the month before I stated here.:
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch - I didn't think that those key features made the difference in terms of user interface and usability.
Key features? What key features? Those are fairly useless feature IMO.
Those features were popular in older devices right but not really needed in modern ones correct?
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch Right but my question was related to ACLs, not IDS/IPS.
Did they have compliance requirements that would drive IDS/IPS? Honestly, I wouldn't deploy an office network without some sort of layer 7 edge inspection. Users are just too dumb...
-
@storageninja I don't have compliance requirements and I just asking about the definitions-based ACL because it makes sense and I prefer it over lines of IPs and networks.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch Right but my question was related to ACLs, not IDS/IPS.
Then you need to define what you are after. Of course the firewall uses rules. There is not a firewall in existence that does not.
Here are the firewall rules currently in my ERL at home.
jbusch@jared# show firewall all-ping enable broadcast-ping disable group { address-group Strongarm.io { address 54.174.40.213 address 52.3.100.184 description "" } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name LAN_IN { default-action accept description "Wired and Wireless LAN to Internet" rule 2 { action reject description "Block Port 25" destination { port 25 } log enable protocol tcp } } name LAN_LOCAL { default-action accept description "Wired and Wireless LAN to Router" } name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept state { established enable related enable } } rule 20 { action drop log enable state { invalid enable } } rule 30 { action accept description "Allow Pings to Router" limit { burst 1 rate 62/minute } log enable protocol icmp } rule 40 { action accept description "Allow IPSEC" ipsec { match-ipsec } log disable protocol all state { established disable invalid disable new enable related disable } } } name WAN_OUT { default-action accept description "" rule 1 { action accept description "Allows Strongarm.io DNS" destination { group { address-group Strongarm.io } port 53 } log disable protocol udp state { established enable invalid disable new enable related disable } } rule 2 { action drop description "Block all DNS" destination { port 53 } log enable protocol udp state { established enable invalid enable new enable related enable } } }
-
@jaredbusch I know firewalls use rules. In Sophos and Sonicwall and others, I'm sure, you can define a host, network and service and call it something like ServerA and drag and drop the hosts/ip address, services and networks to create the rules.
-
@storageninja said in Arg! The money spent the month before I stated here.:
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch Right but my question was related to ACLs, not IDS/IPS.
Did they have compliance requirements that would drive IDS/IPS? Honestly, I wouldn't deploy an office network without some sort of layer 7 edge inspection. Users are just too dumb...
The modern argument against proxy and IDS/IPS is that you have to set it up so that your proxy device is the man in the middle and decrypts and encrypts everything again.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@storageninja said in Arg! The money spent the month before I stated here.:
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch Right but my question was related to ACLs, not IDS/IPS.
Did they have compliance requirements that would drive IDS/IPS? Honestly, I wouldn't deploy an office network without some sort of layer 7 edge inspection. Users are just too dumb...
The modern argument against proxy and IDS/IPS is that you have to set it up so that your proxy device is the man in the middle and decrypts and encrypts everything again.
That was an old argument, too
-
@scottalanmiller Right, but now almost everything is HTTPS.
-
@storageninja said in Arg! The money spent the month before I stated here.:
@wrx7m said in Arg! The money spent the month before I stated here.:
@jaredbusch Right but my question was related to ACLs, not IDS/IPS.
Did they have compliance requirements that would drive IDS/IPS? Honestly, I wouldn't deploy an office network without some sort of layer 7 edge inspection. Users are just too dumb...
No compliance related things, yet at least.
-
@wrx7m said in Arg! The money spent the month before I stated here.:
@scottalanmiller Right, but now almost everything is HTTPS.
Oh, I see what you mean.