Meraki MX64 or Sophos UTM9 or Pfsense

Discussion in 'Networking & Security' started by Burner27, May 16, 2017.

  1. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Currently at the 300/20 level for internet speeds from Spectrum. I would like to use the best possible router I can. I have the current hardware available to me:

    Cisco Meraki MX64 (Got this free for attending a webinar) Yes, I know it is limited to 250Mbps download. Comes with 3yr advanced license - meaning everything is enabled

    Or use pfsense or Sophos UTM9 on the following hardware (yes i know it is overkill)

    I7-6700K
    Gigabyte GA-Z170N Gaming 5 mobo
    16GB DDR4-2400
    256GB Intel 6 m.2 SSD (yes I know it is NVMe)

    I want to use content filtering/IPS/Application filtering (probably eliminates pfsense just on that), and country blocking

    I think it would be between Sophos and the MX64 based on the above criteria but not sure if it is a colossal waste of resources running it on that hardware or not.


    Opinions/advice are welcome.

    Thank you!
     
    Last edited: May 19, 2017
  2. Cmustang87

    Cmustang87 2[H]4U

    Messages:
    4,002
    Joined:
    Oct 4, 2007
    I would use the Meraki, in my opinion. It's going to be perfectly quiet and not use much power and the management is awesome.
     
  3. 6foot4geek

    6foot4geek [H]ard|Gawd

    Messages:
    1,257
    Joined:
    Apr 27, 2008
  4. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    I appreciate the votes but why the Meraki? The others arent good enough?
     
  5. 6foot4geek

    6foot4geek [H]ard|Gawd

    Messages:
    1,257
    Joined:
    Apr 27, 2008
    Because it will do what you are trying to do and do it well. The hardware you have is pretty overkill for a pfsense box and I think you'll run into things you want to do with a pfsense box that it 1. wont do 2. cant do very easily
    For Sophos, I just don't know too much about it. I have used Meraki for awhile so it's just a safe bet. All the things you want to do I know the Meraki does well.

    Also I'm assuming you wont miss that 50mbps too much :)
     
  6. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000

    I can hit 350Mbps with the Pfsense box though. So I'll be missing that 100Mbps........

    I agree with you regarding pfsense. Although very stable, if I want to do certain things--like you said, it cant do or wont do easily.

    If i could get Sophos to run on that HW that would be sweet....
     
  7. 6foot4geek

    6foot4geek [H]ard|Gawd

    Messages:
    1,257
    Joined:
    Apr 27, 2008
    but you only have 300mbps currently? or are you talking about throughput vs download speeds?

    I'd be willing to bet that Sophos will run on that hardware, I think they have a trial you can give a shot if you are that interested in checking it out. also something to consider, how much is the licensing for Sophos UTM?
     
  8. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Sorry, I meant download speeds. I exceed the rate i pay for. Sophos gets stuck at 66% on that hardware and never completes the install. It has to do with a VGA port not being present.
     
  9. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Did a test. Installed pfsense on the hardware I have above and i get 350 down/23 up.
    Installed the Meraki, and got 250 down/23 up.

    Default settings used for both. No content filter/bandwidth shaping/Application control was enabled.

    Overall experience so far......

    Family complained that Netflix and other channels on the Roku loaded steams slower when the Meraki was in place.
     
    Last edited: May 17, 2017
  10. Cmustang87

    Cmustang87 2[H]4U

    Messages:
    4,002
    Joined:
    Oct 4, 2007
    That wouldn't really make sense - 1080p streams on Netflix are 3mbps. If you had success with the pfSense and you are getting what you want out of it, then I would just run with that.
     
  11. VRT

    VRT Limp Gawd

    Messages:
    438
    Joined:
    Jul 15, 2016
    +1 for the Meraki, we use their products extensively and they perform flawlessly and you aren't going to have problems with it.
     
    Cmustang87 likes this.
  12. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000

    Let me clarify the Netflix comment. Family states it takes longer for Netflix to start up and movies to play using the Meraki vs using pfSense. I would continue to use pfSense, but am not sure if I could do better (Sophos UTM/Meraki)??
     
  13. sybreeder

    sybreeder Limp Gawd

    Messages:
    177
    Joined:
    Oct 24, 2010
    For Meraki to work you need always to have active subscription. If you decide no to pay - all your meraki devices will become useless.
    So..The technology is generally nice but if you want to have set it and forget it setup - it's not for you.

    You could use Sophos UTM 9 Home - free version. Lacks some settings. I've tested it myself. definitely more difficult to setup.
     
  14. Cmustang87

    Cmustang87 2[H]4U

    Messages:
    4,002
    Joined:
    Oct 4, 2007
    This is a fair, quick rundown.
     
  15. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    If I could get it to install on the hardware i listed above I'd be all over it. pfSense is the only one of those 2 that'll run on it. Perhaps the Sophos guys can update their code to make it work.
     
  16. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Version 9.5 of Sophos installed fine on the hardware I listed earlier, but it has many bugs still to work out. I am giving the Meraki a second chance. Why not use it for the 3 year subscription that came with it? Perhaps I can tweak it to play nice with Netflix.
     
    Last edited: Jul 2, 2017
  17. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    And the Meraki locked up 2 times since Saturday. After the second reboot, it wouldnt allow my ipad to connect without prompting me with the Meraki splash page (which isnt even enabled). Sigh.....
     
  18. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Called up Cisco and told them my issues. They agreed to replace my unit. Received it today and been good so far....fingers crossed!!
     
  19. NoOther

    NoOther [H]ardness Supreme

    Messages:
    4,846
    Joined:
    May 14, 2008
    Why choose to only use one? You could use both the Meraki and the Pfsense, just separate your network out. That way you can play around with things on the Pfsense for hobby related activities, and use the Meraki for all the other family related stuff.

    Honestly "best" is a personal preference. The Meraki is going to have good standard functions with some variability, but is closed. The Pfsense is going to have a lot of options and its open, so you can change a lot more around and add more stuff to it. The hardware is going to be the main difference, the MX64 is going to be designed specifically for networking/routing, and its software is going to be optimized for it. Whereas a home built box is not going to have the same hardware, it may be slower in some functionality, but more powerful in others. Ultimately the home built box will have more options, but not be as efficient power/size wise.
     
  20. Meeho

    Meeho 2[H]4U

    Messages:
    2,762
    Joined:
    Aug 16, 2010
    A Cloud based security device screams all kinds of wrong to me.
     
  21. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Yeah, I hear you. One of the things I don't like. That, and the 250Mbps limit.
     
  22. MikeTrike

    MikeTrike [H]ardness Supreme

    Messages:
    5,871
    Joined:
    Nov 16, 2005
    This is the likely reason why people vote for Meraki...

    [​IMG]
     
  23. Burner27

    Burner27 [H]ardness Supreme

    Messages:
    5,951
    Joined:
    Oct 23, 2000
    Does anyone think pfsense has a 'backdoor' that can allow 'big brother' in?