Which Netgate device should I get for my homenetwork?
-
Setup:
Broadband: 350/350
Devices: 30 wireless/wiredPlan:
- SPAN port to a VM Splunk
Services planned:
- Run suricata/snort/zeek - not decided on what
- Wireguard
- Nmap probably
- pfblocker
*squid
*squidguard?
Would the 2100 with 4GB ram and an extra drive i.e a 120GB or 256 gb m.2 ssd 2242 work fine, or should I look at building my own i.e. teklager or something? From what I can see all of my needs are CE version, even wireguard while openvpn and ipsec wizards would require plus?
I'm also looking at https://teklager.se/en/products/routers/tlsense-i3-4000U which would be the same price. Problem in Norway is that getting a 2100 MAX is "impossible" as only base is sold here. I could import, but that adds extra charges vat, surcharge for vat, shipping etc.
-
@christians86 said in Which Netgate device should I get for my homenetwork?:
with 4GB
Not with "suricata/snort ... squid/squidguard" in mind.
But, you'll see, if you have only to filter yourself, just stop going to the nasty places, and you need no tools what so ever to surf the net.
A minimal pfblockerng setup to sink hole some or more of the publicity, and you'll be fine.
pfblockerng shows you where you, and the 29 others go, so you can have a nice little chat with the other 29 if you see something in the list that doesn't please you. This is the best filtering : no maintenance, no huge learning process needed.You could considering trying things out first without any big hardware needs : if you have a device that's called a desktop PC, and memory to share (16 GB is the sweet spot these days) you can fire up a VM, and make it a router. The only extra hardware will be a second NIC (no USB NIC !).
If not, I advise you not to go for "less then the MAX", because the day you actually manage to have the packages sites above to work for you, you will need the memory. Routers work from memory = RAM. Files stored on disk will always be to slow.edit : the MAX has also only 4 GB. Perfect for a SoHO setup, that is : routing, firewalling, VPN in our out. Some DNSBLling Less for real time 'IDS/IPS'. I write this with 'IMHO' in mind, as I do not own a 2100.
@christians86 said in Which Netgate device should I get for my homenetwork?:
wireguard while openvpn and ipsec wizards would require plus?
Noop.
Wiregaurd is a pfSense package, available for everybody.
"OpenVPN" is build in - the pfSense OpenVPN export package is available for everybody.@christians86 said in Which Netgate device should I get for my homenetwork?:
Nmap probably
Only to port scan your own LAN's right ? (and why would you do that ? )
(ab)using nmap over the net is a good way to have your WAN IP being refused all over the planet.Btw : I'm a happy CE version user, on a converted ex-desktop device.
-
@gertjan thanks for your reply
So - a 4Gb would not be enough for my use, would i.e a
https://www.aliexpress.com/item/32970672528.html?spm=a2g01.12616982.tplist001.9.56f1601coaBTP6&pdp_ext_f=%7B%22sku_id%22:%2212000024755335113%22,%22ship_from%22:%22%22%7D&gps-id=5950812&scm=1007.23961.125497.0&scm_id=1007.23961.125497.0&scm-url=1007.23961.125497.0&pvid=2230b3e6-ebc0-4dbe-a534-57a83d19f66e
with 8 or 16GB be enough? Seems to be way cheaper to?
"This is the best filtering : no maintenance, no huge learning process needed." - part of the reason I'm moving from Unifi dream machine is a wish to learn more, advance much more and it's also a part of my studies on security certifications etc.
as with nmap its just because I'm curious, and that can be handled with my laptop on my network instead.
-
I would say you definitely could do that in 4GB without Squid. Both Snort and pfBlocker can use a lot of RAM but don't have to. If you load enough lists you could exhaust it but you'd have to try quite hard.
You would be limited by the processor in the 2100 using Wireguard on a 350Mbps connection though.Steve
-
@stephenw10 thanks
I have started to save for this with 8GB and 120GB ram
https://www.kettopshop.com/kettop-home-office-firewall-mi8250l8-with-8-intel-lancore-i5-8250u-processor-aes-ni-dual-core-fanless-mini-pc-advanced-routerfirewall-p3461205.html
I think it should be enough? Costwise I would end up a 100 USD approx above what the SG-2100 would cost me in norway inc vat, but it will serve probably much longer than the SG-2100 and give more possibilities.
-
Yes, that will do that easily for 350Mbps.
-
@stephenw10 Thanks, will it also be able to hold the apps I'm planning for and be quite future-proof?
-
I mean I've hardware never tested that but I would expect it to.
