Need to upgrade my firewall and internal wireless at my house.

T

The Cobra

2[H]4U
Joined
Jun 19, 2003
Messages
3,182
So I want to upgrade my wired/wireless network at home. My current config is a Linksys WRT32x with some Linksys RE6700s wireless extenders that seem to cover. I plugged an old Windows 7 laptop directly into my Verizon FIOS router and ran wireshark for a few hours. The external part of the interface is getting hammered with all sorts of pings and hits from all over the world. I wanted to upgrade to a professional based firewall. Been looking into either Fortigate small appliance with a wireless controller whenre I could order a few Fortinet WAPs and would mesh them together. I saw Sophos in action at a friends company and came away really impressed. The softweare interface is easy to manage and you get 15 licenses for Sophos Central AV. The total price I am willing to go is around $750.

Any suggestions? I am more of a server/desktop guy at my job and usually have a network engineer on contract that comes in here to handle the bigger aspects of the network portion of my schools network.

Thx!!!
 
On the inexpensive end: https://hardforum.com/threads/guide-what-router-should-i-get.1965547/ or pfsense (running on hardware you already own)

On the now expensive end, it looks like you already found a couple.

My recommendation is to find a nice piece of hardware (pcengines or polywell make nice fan less hardware. pcengines APU2 is compatible with AES-NI requirements of pfsense direction. I'm not sure on the polywell, so do your research. Although, opnsense is a fork of pfsense and doesn't have the AES-NI requirements being added to the software) to be your main firewall with multiple gigabit (or greater ports), and run pfsense to handle all that hammering on the WAN side. Get a managed switch of your choice (same well-known brands) as this will allow you Vlans, in addition to other stuff. And, grab a Unifi AP based on your needs. That'll keep you in your price range, give you enterprise capabilities, including VLAN per SSID for your Wi-Fi devices too.
 
What are your future plans? My normal recommendation is to have zones for: WAN, LAN, WiFi, IOT. Possibly a Guest WiFi as well. And to have the WiFi separate from the firewall. Easier if your firewall appliance can support more then the three traditional zones of WAN, LAN, DMZ. You can fake it with with VLANs but then your switch gear has to support VLANs and you have to configure and update each switch.

Why have WiFi separate from firewall? WiFi standards change rapidly. More so then firewall standards. If you were an early buyer of the Ubiquiti Edgerouter Lite, it is still a good firewall appliance. But there have been several updates to WiFi standards, both hardware and software. Why be in the position of having to ditch a perfectly good firewall setup just because you might want to move to WPA3? Far easier to swap in the new WiFi gizmo setup in AP mode connected to the WiFi zone then replace the Firewall/WiFi combo unit and have to recreate all your firewall rules.

In your case, if you don't need the extra Zones, just buy a true firewall gizmo and demote your Linksys WRT32x to AP mode since it and the extenders seem to be doing the job now. Buy new WiFi as needed to handle new WiFi gizmos in your household.

I still have a Juniper SSG5 as my firewall. EOL but still does the job and still far more capable then most of the consumer stuff. And plenty fast enough for the 12Mb DSL in the rural location. On my second or third WiFi appliance.
 
Currently using Fortigate, Fortiswitch and 2x FortiAP at home. The switch, 448D, was gotten from ebay and turned out to be pre-production hardware but it has been rock solid. I use the fw to load balance between spectrum and att fiber. I'm not running on the latest 6.0.x code but rather the latest 5.6.x line. It is rock solid and I can't say a bad thing about it.

I will add that I would start with 1x fortiap. I've got one mounted fairly central to the first floor of my house and get decent coverage on first and second floor as well as the basement. I brought second online just because I had of two them. If I had it to do over I would have only bought one.
 
Last edited:
I'd recommend ubiquiti equipment. Reasonably priced and was always ridiculously reliable in my home environment.
 
So I went ahead and purchased a Sophos SG 105w firewall with wireless AC and a Sophos AP 55c because the 105w has a built-in wireless blade to support a few access points. I found the company on Newegg and emailed a sales person and they bundled reverything together with 5 licenses for Sophos with Intercept X for $850 for a 2 year license. After the base install of both items my wireless coverage has sudenly no dead zones and such. SO far so good.
 
noremacyug said:
I'd recommend ubiquiti equipment. Reasonably priced and was always ridiculously reliable in my home environment.
Click to expand...
for the wireless yes but on the router and switch side of things I wouldn't. The router stuff specifically was very lacking then very buggy as features rolled out. I'm on pfsense presently and will never touch a ubiquiti router again. I'm a programmer so not somebody who knows the crazy details of a firewall. pfsense isn't really consumer ready but if you're on [H] you can figure out what you need to know. The community support is great. On first boot you select which is your WAN and which is your LAN and it defaults to more locked down than any home would really want. I had to split things like the nintendo switches off into basically their own network so I have a subnet that is just game devices. (3 N switches with another coming for xmas) One ubiquiti saucer covers my whole house but I'm going to get a couple mesh pieces soon to just extend the coverage to the front porch and some other places.
 
mkrohn said:
for the wireless yes but on the router and switch side of things I wouldn't. The router stuff specifically was very lacking then very buggy as features rolled out. I'm on pfsense presently and will never touch a ubiquiti router again. I'm a programmer so not somebody who knows the crazy details of a firewall. pfsense isn't really consumer ready but if you're on [H] you can figure out what you need to know. The community support is great. On first boot you select which is your WAN and which is your LAN and it defaults to more locked down than any home would really want. I had to split things like the nintendo switches off into basically their own network so I have a subnet that is just game devices. (3 N switches with another coming for xmas) One ubiquiti saucer covers my whole house but I'm going to get a couple mesh pieces soon to just extend the coverage to the front porch and some other places.
Click to expand...
I love my pfsense. However, now that I'm needing QoS for non-VoIP stuff, I'm not liking it as much. I've seen people with much more experience with pfsense than me stating that they've never seen QoS working as it should, or as one desires. On the other hand, I've seen some configurations that do work. What I don't want to do is split my bandwidth evenly between devices, which seems to be the only way I can find that works reliably. So, on that note, where you want traditional QoS for non-VoIP devices (say you want your gaming traffic to take priority over all the YouTube streaming on your network and not have to split your bandwidth between devices), I wouldn't recommend it. Yet.
 
FNtastic said:
I love my pfsense. However, now that I'm needing QoS for non-VoIP stuff, I'm not liking it as much. I've seen people with much more experience with pfsense than me stating that they've never seen QoS working as it should, or as one desires. On the other hand, I've seen some configurations that do work. What I don't want to do is split my bandwidth evenly between devices, which seems to be the only way I can find that works reliably. So, on that note, where you want traditional QoS for non-VoIP devices (say you want your gaming traffic to take priority over all the YouTube streaming on your network and not have to split your bandwidth between devices), I wouldn't recommend it. Yet.
Click to expand...
I haven't done anything with QoS yet. Haven't had a need to really. None of them seem capable of really draining the connection yet. Only the tvs watching 4k content really seem to use a ton. I have a fairly large Plex setup so a lot of what they watch is internal. The ones that really watch a lot of youtube are on devices which I throttle using the unifi setup.
 
You must log in or register to reply here.
Back
Top