Solved | Wanted to install Sophos home Firewall in Unraid


gacpac

38 posts in this topic Last Reply

Recommended Posts

I just wanted to pop in this thread and thank you all for posting all your trial and error issues/solutions. I installed Sophos a few days ago after reading this thread, and after a little learning curve with setting up NAT and a few other settings I needed (from my pfsense install) I have a near perfectly running install (just have to setup Nat reflection, but not a big deal)

 

Thanks!

Link to post
  • 1 month later...

Question: how much ram are you all using? Anytime I go over 2GB the web gui will freeze within a few minutes and lan network goes down (though, the ssl vpn server still operates normally) Thanks

Link to post
10 minutes ago, 1812 said:

Question: how much ram are you all using? Anytime I go over 2GB the web gui will freeze within a few minutes and lan network goes down (though, the ssl vpn server still operates normally) Thanks

I'm using 2GB, but my VM is just for testing.

Are you using bridge for the LAN segment? I  have seen sometimes using bridge it's causing issues and the whole network goes down.

Try using 2 hardware ports, one for LAN and one for WAN...

Link to post
10 minutes ago, thomas said:

I'm using 2GB, but my VM is just for testing.

Are you using bridge for the LAN segment? I  have seen sometimes using bridge it's causing issues and the whole network goes down.

Try using 2 hardware ports, one for LAN and one for WAN...

It has a quad port nic, so it has fully independent real ports.

Edited by 1812
Link to post
6 minutes ago, thomas said:

How is your network wired? Are you using a switch in-between LAN port and unraid?

yup. I'm going to try a fresh install with 6gb from the start and see how that goes.

Edited by 1812
Link to post
12 minutes ago, thomas said:

you can bridge the free ports on the quad for LAN (3 ports switch total) and connect unraid directly and the existing switch will be used for the rest of network...

yes, I am aware, but I still need a switch there to provide the backbone to the main house switch, considering they are in separate rooms.

 

also, that doesn't solve my "assigning more than 2gb locks up the webadmin and tanks the lan"  problem. I've just completed making a new vm with 6gb and applied a backup/restore to it.. waiting to see what happens.

Edited by 1812
Link to post

as an update, the new image created using 6GB ram and restored with the file from the 2GB img has been up for over 10 hours without issue. It seems to be a little bit snappier too, but that may also be a placebo. 

Link to post
  • 11 months later...
Quote

<interface type='bridge'>
      <mac address='52:54:00:16:2d:cf'/>
      <source bridge='br0'/>
      <target dev='vnet1'/>
      <model type='e1000-82545em'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <interface type='bridge'>
      <mac address='52:54:00:2e:b6:24'/>
      <source bridge='br0'/>
      <target dev='vnet2'/>
      <model type='e1000-82545em'/>
      <alias name='net1'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>

I am confused about this.  Why would both of these be bridged with br0?  Doesn't the firewall need to be between unraid and the router?  Doesn't this allow the firewall to just be a passive observer of the incoming data?

Link to post
49 minutes ago, gacpac said:

Which one would you rather use?

Right now I don't use any of them, I just have a Netgear Orbi router with some DNS filtering. It has also an option to enable Armor which is made by Bitdefender, if I really want to have some extra protection.

My Sophos VM had a issue with the registration not being updated and I was supposed to reinstall it, but I was too lazy...

I did a few trial runs for pfsense, but it wasn't really my taste. Too much configuration for very little outcome and the web interface was horrible.

In the end, without a good IDS&IPS no firewall is very helpful and I think the best ones are the commercial ones if you really need that type of protection; plus you need to invest time to actually check the logs and fix all the small issues that seems to occur almost weekly, if not daily.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.