pfsense vs ????

Discussion in 'Networking & Security' started by AnIgnorantPerson, Feb 2, 2019.

  1. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    there was a high-quality router that was like PFsense that you could buy. I am having a brainfart on what the router was called.

    Blue? or something? It beat the Netgear and it was super high end. If you were not building a pf sense this was what you wanted to buy.
     
  2. tedych

    tedych Limp Gawd

    Messages:
    260
    Joined:
    Jan 18, 2013
    Mikrotik? Cisco? EdgeRouter?
    That said, your clues are too vague and broad.
     
    AnIgnorantPerson and FNtastic like this.
  3. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,171
    Joined:
    Jul 6, 2013
    Just go pfsense. I'm not aware of anything that competes that you don't need a commercial license for. Opnsense or Untangle, maybe.

    BLU is a phone company.

    Edit: Sophos?

    I think ubiquiti is what you want. No need to install anything. Essentially plug and play. Let me grab you my link for what router to get.

    https://hardforum.com/threads/guide-what-router-should-i-get.1965547/
     
    AnIgnorantPerson likes this.
  4. Cmustang87

    Cmustang87 [H]ardness Supreme

    Messages:
    4,348
    Joined:
    Oct 4, 2007
    Untangle
    Monowall
    Smoothwall
    Sophos
    IPCop
    pfSense
    iptables

    There was Blue Coat, but Symantec acquired them.

    The list can go on pretty long because Linux is everywhere and people have been open sourcing this stuff for a very long time.
     
    AnIgnorantPerson likes this.
  5. nekrosoft13

    nekrosoft13 [H]ard|Gawd

    Messages:
    1,447
    Joined:
    Jan 4, 2005
    i'm using OPNsence now, works great
     
    AnIgnorantPerson likes this.
  6. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    edge router thanks!

    I had a 10GbE mikrotik switch but it appears to have died actually.

    https://store.ui.com/products/edgeswitch-10x-1

    Would this be a good alternative?
     
  7. Dawizman

    Dawizman Gawd

    Messages:
    790
    Joined:
    Jul 9, 2003
  8. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
  9. vxspiritxv

    vxspiritxv [H]ard|Gawd

    Messages:
    1,452
    Joined:
    Feb 10, 2001
    Ebay, Cisco 4948E there under $200 now. I run one bought it few years ago at $1000. Not a single issue. Tho don't expect it to be quiet.
    If you need quiet MikroTik CRS305-1G-4S+IN is where it's at.

    As for router, I run a Cisco ASA 5515-X (I like anyconnect & have two internet connections, 1000/1000 + 400/25) I wouldn't suggest that to someone without good networking/Cisco background tho.
     
  10. tedych

    tedych Limp Gawd

    Messages:
    260
    Joined:
    Jan 18, 2013
    You might have had a bad luck with the mikrotik unit. You may consider it to be the same make, maybe another model?
     
    Last edited: Feb 4, 2019
  11. Dead Parrot

    Dead Parrot 2[H]4U

    Messages:
    2,260
    Joined:
    Mar 4, 2013
    You after a router or a firewall? Different gizmos although routers can usually do some firewall tasks and firewalls often include some routing ability.
     
  12. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    just need a switch.

    I had the CRS226-24G-2S+IN but I am having these weird connections issues. Like everything connected to the switch gets these random messed up IPs. If i do a shutdown and restart and renew all IPs it works but then it messes up again. I have it as only a switch and my R7000 assigns IP.

    I did a firmware update but that didnt help. It is really weird. It shouldn't do anything with IPs but the mikrotik and everything connected to it gets these weird IPs that make no sense.

    I went back to my Netgear prosafe or whatever switch and everything is fine.

    TThat 4 port looks decent but I need something so the server can feed out 1GbE to like 4-8 1GbE systems and also have main system to server at 10GbE, which is why the CRS226 was ideal but the weird IP issues I have no idea why or how it happens. It was working grand for like 1 year then just started doing that weird IP thing.


    This?
    https://www.ebay.com/itm/Cisco-Cata...AOSwo4VcTza5:sc:FedExHomeDelivery!60134!US!-1
     
  13. EniGmA1987

    EniGmA1987 Limp Gawd

    Messages:
    147
    Joined:
    May 2, 2017
    Sounds like DHCP Server is going down or deciding to no longer supply IPs. If devices ask for DHCP server and there isnt one or they cant get to it on the network then they give themselves an automatic private IP in the range of 169.254.x.x,, which is an automatic private subnet indicated there is a network issue.
     
  14. vxspiritxv

    vxspiritxv [H]ard|Gawd

    Messages:
    1,452
    Joined:
    Feb 10, 2001
    You should get one with a power supply, actually they have dual power supplies, so it should have two (tho I think it only needs one).
    This seller seems to have a bunch under $200:
    https://www.ebay.com/itm/Cisco-Cata...gabit-Switch-4-x-10G-SFP-Dual-AC/263285654166

    Also I ran across this:
    https://www.ebay.com/itm/Cisco-N3K-...-4-10G-Switch-REVS-Airflow-2x-AC/292931766986
    These are newer & louder, and more difficult to configure (these won't work with a blank config, where the 4948e will) but their design makes them faster. Geek in me would rather buy the nexus, but for someone just getting into Cisco, 4948e is very simple to use. I use a Nexus 3064-X at work, had to call Cisco to help me get it working right (MTU issues right out of the box on a standard 1500 subnet!) so umm ya.

    -edit-
    Re-checked that link you posted, it was an item that ended and ebay sent me to a "similar" item, which was the correct silver color switch with missing PSU. I clicked the link to view orig item, and its the green one. The green ones are much older and don't have 10gbit SFP+ (fiber / twinax) ports.

    Here's a pic of mine in operation, pic is dated 3/31/15 almost 4 years now, no issues.
    3b.jpg
     
    Last edited: Feb 6, 2019
    AnIgnorantPerson likes this.
  15. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    what do you mean? Do you think it's my R7000? Since switching back to the old Netgear Pro 1GbE switch I have had zero issues. The mikrotik was giving itself a weird IP and bricking everything that was connected to it.

    If you want I can go back and replug it in and get better details. It was like a month or 2 ago that it started to happen so i dont recall the specifics.

    I just recall it giving itself a weird IP and the IP form its LCD screen wasn't accurate. IIRC like the LCD had what i wanted it to be but my PC and server saw it as a weird funky IP. I also tried a firmware update and several reboots and it would glitch out in like 2 mins when it used to work for like 15 before glitching. I also tried connecting with to it outside of my normal network for trouble shooting. I was using my laptop and it separately and it was still being weird.


    If you got some ideas I am all ears and willing to try somethings.


    This is way off topic. I can make a new thread but...I kinda just view making another thread as making clutter :D

    nice and I see a norco there too. I have 1 of those now.
     
  16. vxspiritxv

    vxspiritxv [H]ard|Gawd

    Messages:
    1,452
    Joined:
    Feb 10, 2001
    To your current issue with DHCP, It could be an ARP issue. If that switch that has the issue has a console where you can show ARP list, I bet every IP is heading to a single MAC which in reality isn't a DHCP issue but a IP conflict issue (I've seen this before with a bad NAT config on Cisco, but never on soho gear).

    Sold the Norco later that year... Now using a Dell T630, 18 bays for all my storage. I wanted iDrac out of band notifications. Much more reliable.
     
  17. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    so is it fixable? Why would that happen with the mikrotik but not the netgear?
     
  18. vxspiritxv

    vxspiritxv [H]ard|Gawd

    Messages:
    1,452
    Joined:
    Feb 10, 2001
    Them good questions, but without consoling into the device (if it has one) its hard to figure out the issue... maybe wireshark, but I don't know how to read that shit. ArpX is neat software too, tho dunno if that will help. I'm a Cisco guy and just sayin what I saw on Cisco once. In that specific case it was an ASA with NAT (any,any) command causing it, and it had a nice delayed to it as well (which was actually due to a network scanner).
    Could be a bug (or exploit), example: https://cxsecurity.com/issue/WLB-2017030029
     
    AnIgnorantPerson likes this.
  19. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    I guess when I get some time i'll rehook it up and make a post. If that fails i'll snag one of the routers above you mentioned
     
  20. acascianelli

    acascianelli [H]ardness Supreme

    Messages:
    6,768
    Joined:
    Feb 25, 2004
    AnIgnorantPerson likes this.
  21. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,649
    Joined:
    Dec 18, 2010
    Why is the Edge xg 16 more than the Unifi one? Its a hundred more?
     
  22. EniGmA1987

    EniGmA1987 Limp Gawd

    Messages:
    147
    Joined:
    May 2, 2017
    UniFi is home networking and is gigabit speed. The XG16 is a high end enterprise router with 16 cores and all 10gb network ports.
     
  23. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,649
    Joined:
    Dec 18, 2010
    No the XG16 unifi version is full 10gbit as well and is not for home, although you can use it at home.
    the XG16 in both Edge and Unifi models do not have 16 cores processors. They have mips processors which are not 16 cores, probably 2 at most, maybe even 1. It doesn't take a lot of cpu power to run a layer 2 device even at 10gig .

    They both have 16 ports, 8 of which are SFP+ and 4 of which are Ethernet. All ports are 10Gbit capable.

    My question is why is the Edge so much more than the Unifi.

    Both are made for the enterprise. But there is nothing that says you can't use them at home.

    I am thinking that Ubnt is charging extra for the Edge because it has built in CLI and doesn't rely on the unifi central management suite.

    Enigma, something tells me you may have been crossing ideas with the USG-16XG which is an 8 port Firewall that has a Mips 16 core Processor @ 1.8ghz per core and that is a true router, layer3 device.

    The Ubiquiti switches are layer 2 only that I am aware of.

    All good.. Unifi uses too close of a naming convention across their eco system.
     
  24. EniGmA1987

    EniGmA1987 Limp Gawd

    Messages:
    147
    Joined:
    May 2, 2017
    Ya I got it confused with the router model. Didnt realize Ubiquiti released switch models already. The routers are also XG's in the name.
     
  25. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,649
    Joined:
    Dec 18, 2010
    Yeah I posted all that, not to refute what you were saying or argue or show disrespect. I did it more or less incase some one else was reading and may have gotten confused and made an error purchase. That is one nice firewall I agree. But at the cost of 2000+ dollars wowsers not worth it for almost any home user unless they have some serious cash to blow. If it were say $1000 I would buy it because of the value of getting a fast firewall with a really fast switch but they are charging way too much imo.

    I could build a DREAM pFsense Overkill router that would devour anything that XG16 can do, still have a Unifi 16 port 10gig switch and still have money left over.
     
  26. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    is there a retard guide and if there was....how long would it take for someone who is new and slow at this to repurpose an old rig for this?
     
  27. pek

    pek prairie dog

    Messages:
    782
    Joined:
    Nov 7, 2005
    It's hard sometimes to remember there are newbs out there and adjust responses, I've been doing firewalls since iptables days.

    I'd google terms like "home network security for beginners" (or dummies if that doesn't offend). There are lot's of resources out there to get you to the basics, then look at reviews of equipment. A good resource is "Network World", it's still on-line, it's oriented more to network pros, but it has informative articles. It used to be one of those free weekly magazines who sold your name to mailing lists, it's was a pretty good source of information, haven't looked at it for a while, going to have to start looking at it again to see how it is now that it's online.
     
  28. AnIgnorantPerson

    AnIgnorantPerson n00b

    Messages:
    42
    Joined:
    Jan 10, 2019
    no one has done a decent pfsense guide?
     
  29. pek

    pek prairie dog

    Messages:
    782
    Joined:
    Nov 7, 2005
    I don't know, I use an edgerouter myself (and before that a cisco firewall) at home, you might try their (ubnt) forums for a setup guide from their techs.
     
    AnIgnorantPerson likes this.
  30. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,649
    Joined:
    Dec 18, 2010
    There is a ton of documentation out there and if you start a new thread and ask how to build and setup a pfsense you'll get alot of replies.

    A core I3 as long as a newer model with AES-ni and 8gb of ram will absolutely blaze as a firewall CPU.

    You need 2 network cards. 1 for wan 1 for lan. Imo pfsense routing on a stick is horrible.

    I recommend a 128GB ssd if you want to squid cache large files (super optional).

    Download and install PFsense
    Install a plugin called PFBlocker for spam/IPS filtering.

    Have fun with an incredible piece of software that should cost $500 minimum but is free.

    Remember even a router with dedicated ASICs etc... for encryption etc... is in many cases is not as powerful as a dual or quad core modern desktop CPU with all of its hardware extension already in the CPU.

    I even ran my pfsense in a freenas bhyve VM on a 7 year old Xeon SandyBridge quad core and it absolutely hauled ass.

    Ecc is not needed because any data committed to ram gets uncommitted just as fast due to the nature of packet data moving to and fro.
     
    Last edited: Feb 18, 2019 at 2:09 PM
    AnIgnorantPerson likes this.