reply on: Rebuilding My Home Network for the Future - Opnsense Firewall / Router \ stacker news ~security

pull down to refresh

85 sats \ 11 replies \ @nym 16 Jan \ on: Rebuilding My Home Network for the Future - Opnsense Firewall / Router security

Good post and buyer's guide. Doesn't quite fit your requirement, but these are recommended by some.

https://www.gl-inet.com/ https://www.gl-inet.com/products/gl-mt6000/ https://www.gl-inet.com/products/gl-axt1800/

11 sats \ 2 replies \ @kepford OP 16 Jan

I've actually had a few of their routers. Still have some for travel. They're great. I recommend them to friends and family.

The 10g thing is the requirement that might drive up my costs. I might need to build my own from a 1 liter PC to save some money. Its always time vs. money.

0 sats \ 1 reply \ @nym 16 Jan

Yea a spare laptop would be plenty powerful to run any router software stack.

11 sats \ 0 replies \ @kepford OP 16 Jan

Yeah... The issue is the network side and I don't want a laptop form factor. I have a server rack this will go into. My setup is super over-kill.

10 sats \ 7 replies \ @kepford OP 16 Jan

This might be the lowest cost that would for me from these guys at least.

124 sats \ 5 replies \ @ZezzebbulTheMysterious 16 Jan

Buying old cisco devices can be a pain to get the newest patched firmware. Cisco will gate this behind subscriptions and maintenance contracts.

I'm not familiar with the Protectli kit, but it does look decent hardware for a good price, with no software vendor lock in. I'd probably go the i7 core over the i3, and run several instances in a hypervisor, maybe up the ram.

10 sats \ 0 replies \ @kepford OP 16 Jan

Is there a good alternative switch manufacturer besides Cisco that doesn't have these subscription / licensing issues but also can be found used on eBay?

8 sats \ 3 replies \ @kepford OP 16 Jan

Good to know. I'm not a network guy but I dabble. Why run several instances?

412 sats \ 2 replies \ @ZezzebbulTheMysterious 16 Jan

Hypervisor on the metal vs running an network/firewall os on metal (pf/opn/openwrt/etc):

isolate/compartmentalize functionality within a VM (eg: run IDS and routing in a different instance context)
rip out and replace the core firewall / routing functionality (dont like pf, switch to opn VM, etc).
VM images can are portable between devices + easier maintenance and upgrades

disadvantages:

performance hit due to virtualization

18 sats \ 1 reply \ @kepford OP 16 Jan

Very helpful. Thanks.

94 sats \ 0 replies \ @ZezzebbulTheMysterious 16 Jan

Id add that https://vyos.io/ is another open source alternative Firewall OS that implements the cisco configuration language, if that's your thing.

I tend to prefer Linux firewalls over BSD based, but that's generally a preference in features over simplicity.

A hypervisor lets you try them all with as minimal effort in swapping them out.

0 sats \ 0 replies \ @nym 16 Jan

Thanks, I haven't seen this product before.