pfSense vs OPNSense - Fanboy fued or real differences?
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
For home?
-
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
For home?
Yes
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
I thought I'd test out pihole as well
That's way simpler.
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
For home?
Yes
Put AV on the desktops, no reason to have it on the network layer.
SPAM filtering should be on the server, not on the IMAP link.
-
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
For home?
Yes
Put AV on the desktops, no reason to have it on the network layer.
SPAM filtering should be on the server, not on the IMAP link.
I'm taking notes
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
But do you need those things at home?
The wife and kid have clicked stupid many times. The firewall did catch it or at least reported that it did.
Are you running Sophos at all of those other family members homes as well? i.e. already have hardware there running it?
I have it running at 1 of my brothers house and at my parents. We setup a mesh VPN for support. Also, my brother uses the VPN to connect to his cameras at his house when he's out.
Yeah - frankly I think home users almost need UTM more than businesses do - OMG did I just say that.
Really - users are just users - they click anything and everything. A doctor here clicked a link yesterday and wound up on a page faking about having a norton virus alert. We don't use norton.
But a UTM as determined by many in ML-land is the wrong way to do this. Separating these functions out is the correct way, again, according to them.
You could of course install webfiltering software on each endpoint, then saving the users from themselves - but that's generally not free, and a hassle to manage each on their own - so a single server is generally better.
Same goes for AV.
you can use webfiltering like PiHole too.
The firewall component at the edge will be handled by pretty much anything called a firewall/router today, so that part is easy.
Onto VPN - huh - VPN access eh? Have you seen the threads around here about MeshCentral? that most likely would be a much better way to do remote support for your family - no VPN to worry about, and it works no matter where their computer is, as long as it's online.
-
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
For home?
Yes
Put AV on the desktops, no reason to have it on the network layer.
SPAM filtering should be on the server, not on the IMAP link.
Spam filtering is a real thing to consider. if you're email service doesn't have great spam filtering, consider switching to another one that does.
-
@Dashrender The VPN started out as a support convenience. Now, my brother and I are thinking of using it to store our backups to each other's server(s). Other than that, I really like the way Mesh Central looks and am going to pop that in as well. I'm actually considering that for our locations here.
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender The VPN started out as a support convenience. Now, my brother and I are thinking of using it to store our backups to each other's server(s). Other than that, I really like the way Mesh Central looks and am going to pop that in as well. I'm actually considering that for our locations here.
OK a static VPN could work for your backup solution... super easy to do with a pair of ER-Ls.
-
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender The VPN started out as a support convenience. Now, my brother and I are thinking of using it to store our backups to each other's server(s). Other than that, I really like the way Mesh Central looks and am going to pop that in as well. I'm actually considering that for our locations here.
OK a static VPN could work for your backup solution... super easy to do with a pair of ER-Ls.
OK, I'll bite....ER-Ls?
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender The VPN started out as a support convenience. Now, my brother and I are thinking of using it to store our backups to each other's server(s). Other than that, I really like the way Mesh Central looks and am going to pop that in as well. I'm actually considering that for our locations here.
Ubiquiti will do VPN really well, too, though.
-
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scottalanmiller said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@black3dynamite said in pfSense vs OPNSense - Fanboy fued or real differences?:
pfSense and OPNsense webui is pretty good when it comes to management. What other services were you using with Sophos?
IPS, Spam filtering, https proxy, antivirus. That's about it.
For home?
Yes
Put AV on the desktops, no reason to have it on the network layer.
SPAM filtering should be on the server, not on the IMAP link.
Spam filtering is a real thing to consider. if you're email service doesn't have great spam filtering, consider switching to another one that does.
Right, this should never happen at the firewall level. That means that you get filtered when home, but not when at the store, for example. That's a major weird problem.
-
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender The VPN started out as a support convenience. Now, my brother and I are thinking of using it to store our backups to each other's server(s). Other than that, I really like the way Mesh Central looks and am going to pop that in as well. I'm actually considering that for our locations here.
OK a static VPN could work for your backup solution... super easy to do with a pair of ER-Ls.
OK, I'll bite....ER-Ls?
EdgeRouter Lite https://www.ubnt.com/edgemax/edgerouter-lite/
-
@coliver said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Dashrender The VPN started out as a support convenience. Now, my brother and I are thinking of using it to store our backups to each other's server(s). Other than that, I really like the way Mesh Central looks and am going to pop that in as well. I'm actually considering that for our locations here.
OK a static VPN could work for your backup solution... super easy to do with a pair of ER-Ls.
OK, I'll bite....ER-Ls?
EdgeRouter Lite https://www.ubnt.com/edgemax/edgerouter-lite/
Ah.
-
pfSense or OPNSense makes it easy to setup and manage squid proxy.
-
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
When you think about hardware and low power, there are alot of alterantives better than those 2 and cheaper, netgate provides PFsense but for 200$ ad the idea of desktop machine acting as router and using alot of power does not make sense to me.
However pi3 or better makes perfect sense, but guess what neither PFsense or OPN runs on ARM
-
@Emad-R said in pfSense vs OPNSense - Fanboy fued or real differences?:
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
WUT? How is the hypervisor handicapping the solution?
-
@Emad-R said in pfSense vs OPNSense - Fanboy fued or real differences?:
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
When you think about hardware and low power, there are alot of alterantives better than those 2 and cheaper, netgate provides PFsense but for 200$ ad the idea of desktop machine acting as router and using alot of power does not make sense to me.
However pi3 or better makes perfect sense, but guess what neither PFsense or OPN runs on ARM
After my lab, I'm planning to load it up on an HP Elite 8300 SFF i5 quad core with 8 GB RAM and an addin dual Intel NIC. It's what I'm running Sophos on now. I don't experience any issues with this setup.
I picked it up for $100 during a desktop refresh.
EDIT: I'm also planning retire my spinning drive. -
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Emad-R said in pfSense vs OPNSense - Fanboy fued or real differences?:
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
When you think about hardware and low power, there are alot of alterantives better than those 2 and cheaper, netgate provides PFsense but for 200$ ad the idea of desktop machine acting as router and using alot of power does not make sense to me.
However pi3 or better makes perfect sense, but guess what neither PFsense or OPN runs on ARM
After my lab, I'm planning to load it up on an HP Elite 8300 SFF i5 quad core with 8 GB RAM and an addin dual Intel NIC. It's what I'm running Sophos on now. I don't experience any issues with this setup.
I picked it up for $100 during a desktop refresh.
EDIT: I'm also planning retire my spinning drive.For home use - a desktop class machine is totally fine.
Not sure an SSD will make any difference in the performance of the firewall though. -
@Dashrender said in pfSense vs OPNSense - Fanboy fued or real differences?:
@scotth said in pfSense vs OPNSense - Fanboy fued or real differences?:
@Emad-R said in pfSense vs OPNSense - Fanboy fued or real differences?:
They are both great, but when you want to scale you want them on hardware and not VM that will handicap your hypervisor.
When you think about hardware and low power, there are alot of alterantives better than those 2 and cheaper, netgate provides PFsense but for 200$ ad the idea of desktop machine acting as router and using alot of power does not make sense to me.
However pi3 or better makes perfect sense, but guess what neither PFsense or OPN runs on ARM
After my lab, I'm planning to load it up on an HP Elite 8300 SFF i5 quad core with 8 GB RAM and an addin dual Intel NIC. It's what I'm running Sophos on now. I don't experience any issues with this setup.
I picked it up for $100 during a desktop refresh.
EDIT: I'm also planning retire my spinning drive.For home use - a desktop class machine is totally fine.
Not sure an SSD will make any difference in the performance of the firewall though.SSD will help squid proxy cache.