What are people using for a firewall


Recommended Posts

If you are talking about software firewalls, you will need a minimum of two nics, one for the internet and one for your local network, you could use one network card and an integrated network card if there is one built into the motherboard.

 

Personally I prefer hardware based firewalls, I use the Ubiquity Edge router X and I love it.

  • Like 1
Link to comment
6 minutes ago, 1812 said:

Have run pfsense a bunch, also opnsense for a bit.

 

ive been on Sophos utm 9 for about 6 months or so and really like it. Going to setup failover on a small fanless pc in a month or two that will take over automatically if the virtualized firewall goes down 

 

Same here. Been using Sophos UTM for about 5 years or so. Fantastic product and pretty amazing what you get for the free license.

 

It does have a learning curve though. I've had it running on an i3 with 8gb of ram and it hardly uses any resources with my config. I also run a pi-hole along side it and the combo is fantastic.

Link to comment
37 minutes ago, 1812 said:

I use to think that way, until I didn't.

Yes, but I will always keep a hardware pfsense box ready to spin up when it's needed. It's so easy to back up and restore, and my server has so much more horsepower it seemed like a waste to keep the hardware pfsense spun up all the time.

 

Virtualized pfsense for the win.

  • Like 1
Link to comment
1 minute ago, jonathanm said:

Yes, but I will always keep a hardware pfsense box ready to spin up when it's needed. It's so easy to back up and restore, and my server has so much more horsepower it seemed like a waste to keep the hardware pfsense spun up all the time.

 

Virtualized pfsense for the win.

exactly. I have a main server and a backup server, each running a firewall vm. easy to change over if the main goes down. I had issues getting sophos auto-failover working when I messed with it a few months ago but hopefully I'll get it setup soon and have automatic backup going, whether that way or in tandem with a mini pc.

Link to comment

I've added a dual intel nic to unraid so I can play about pfsense VM. I've split the iommu group using vfio-pci.ids=8086:105e

but when I start up the VM getting this error:

 

internal error: qemu unexpectedly closed the monitor: 2019-08-16T17:30:46.702102Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

 

Any suggestions as to what I am doing wrong? Thanks

Link to comment
1 hour ago, gadgethome said:

I've added a dual intel nic to unraid so I can play about pfsense VM. I've split the iommu group using vfio-pci.ids=8086:105e

but when I start up the VM getting this error:

 

internal error: qemu unexpectedly closed the monitor: 2019-08-16T17:30:46.702102Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

 

Any suggestions as to what I am doing wrong? Thanks

Is it perhaps a HP server? In that case use the HP patched bzimage

Link to comment
48 minutes ago, langelus said:

Is it perhaps a HP server? In that case use the HP patched bzimage

Thanks. Yes it is a HP Z600.

 

I replaced the bzimage with the 6.7.2 one. Rebooted and still getting this error:

 

Execution error

internal error: qemu unexpectedly closed the monitor: 2019-08-16T19:29:11.942433Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

Link to comment
5 minutes ago, gadgethome said:

Thanks. Yes it is a HP Z600.

 

I replaced the bzimage with the 6.7.2 one. Rebooted and still getting this error:

 

Execution error

internal error: qemu unexpectedly closed the monitor: 2019-08-16T19:29:11.942433Z qemu-system-x86_64: -device vfio-pci,host=03:00.0,id=hostdev0,bus=pci.0,addr=0x6: vfio 0000:03:00.0: failed to setup container for group 14: failed to set iommu for container: Operation not permitted

I might be wrong but I thought that 6.7.0 was the latest patched version?

Link to comment

Running a Mikrotik hEX Router https://mikrotik.com/product/RB750Gr3

Its quite a bit of a learning curve for people coming from "point-n-click routers" but should be fairly straightforward for most technical users.

What I really like about it is the QoS (quite a challenge) capability, and the support for VPN options (though still missing OpenVPN in UDP mode)

There are some rough spots still like the built in DNS server only supporting A/AAAA records (but has regex matching)

It also has builtin AP management (these need to be Mikrotik AP though) so new APs just need to be plugged in to the network and told to look for the head unit.

The main feature I've loved about it until my ISP started placing users on CGNAT is how easy it is to create a site-to-site VPN between routers, just plug in the public IP on both ends and you are done.

  • Like 1
Link to comment
  • 4 years later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.