![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
I've been a long-time Untangle user, and recently switched to Sophos to try it out. I am very impressed with Sophos, but it's not without its issues. Neither platform is quite "perfect". For several reasons, I am looking into an alternative, perhaps roll-your-own setup. I've been thinking about moving to a more "appliance" level firewall/router/maybe VPN and having my file server handle proxy/IDS.
What is out there for options? I've been looking at using Suricata or Bro instead of Snort, and probably Squid with some manner of plugins. ClamAV is not very well regarded, and now owned by Cisco; are there any less-expensive alternatives for a home proxy? Kaspersky's proxy AV appears to be about $400/year, and I run paid Kaspersky on the Windows machines at home. Can you leverage a single-device AV on a proxy somehow without buying Enterprise stuff? Untangle runs ClamAV on the free edition, but Sophos uses their engine with Avira--and they are both top-rated AV's on AV-Comparatives. Avira is leaving the Sophos platform in June or July.
As far as blocking goes, are there things I should be looking into for proxy plugins, etc? I know on the Ubiquity forums they have a thread using EmergingThreats' blocking lists to provide more protection on EdgeMax units. I'd like the proxy to have application detection/blocking as well as country blocking (which I believe that can just be done via firewall).
I also definitely want to have ad blocking. Untangle did a fantastic job with ad blocking, Sophos not so much. Sophos blocks the ads just fine, but a lot of times replaces the ad with the Sophos block page--so now my web pages are filled with little Sophos block pages. That's *almost* as annoying as the ads--but not quite.
I've actually considered running a separate box with Untangle in front of Sophos, but that's probably kind of ridiculous--and I'm looking to reduce power and noise.
If I roll my own, can it be set up to update itself through cron and the likes, or will it just turn into a management nightmare?
I'm open to all ideas. My file server runs native FreeBSD, so I should have a lot of options.
What is out there for options? I've been looking at using Suricata or Bro instead of Snort, and probably Squid with some manner of plugins. ClamAV is not very well regarded, and now owned by Cisco; are there any less-expensive alternatives for a home proxy? Kaspersky's proxy AV appears to be about $400/year, and I run paid Kaspersky on the Windows machines at home. Can you leverage a single-device AV on a proxy somehow without buying Enterprise stuff? Untangle runs ClamAV on the free edition, but Sophos uses their engine with Avira--and they are both top-rated AV's on AV-Comparatives. Avira is leaving the Sophos platform in June or July.
As far as blocking goes, are there things I should be looking into for proxy plugins, etc? I know on the Ubiquity forums they have a thread using EmergingThreats' blocking lists to provide more protection on EdgeMax units. I'd like the proxy to have application detection/blocking as well as country blocking (which I believe that can just be done via firewall).
I also definitely want to have ad blocking. Untangle did a fantastic job with ad blocking, Sophos not so much. Sophos blocks the ads just fine, but a lot of times replaces the ad with the Sophos block page--so now my web pages are filled with little Sophos block pages. That's *almost* as annoying as the ads--but not quite.
I've actually considered running a separate box with Untangle in front of Sophos, but that's probably kind of ridiculous--and I'm looking to reduce power and noise.
If I roll my own, can it be set up to update itself through cron and the likes, or will it just turn into a management nightmare?
I'm open to all ideas. My file server runs native FreeBSD, so I should have a lot of options.