Hardware of convenience
-
from how I understood the OP (first post) he looked at that untangle and said that "it seemed too intensive" and was looking to see if PF sence could do what he needed (which it can) with out any thing else
Yah, I saw that. But I still recommend both. Untangle does virus scan, intrusion detection, ads, IM and Internet "naughtys". That's more UTM territory.
-
ah ok I see now what your were going after….yea true point, but doesn't PFsense have the ability to UTM functions already? mine I have set up does the same things the OP seems to want similar if not the same things that I seem to be doing already with mine...sorry if I got confused...my bad.
-
Well then sir (or Ma'am) your inthe right place, your box sounds like it could work, however could you provide more info about its specs?
sir
512mb ram
athlon xp 2200+ @ 1.8 GHz
NICS: 2x Intel PWLA8391GT (http://www.newegg.com/Product/Product.aspx?Item=N82E16833106121)
HDD whatever old hard drive is in there. Probably some 250gb or so WD 7200rpm. I haven't looked in a while.To accomplish everything you mentioned (easily…) I recommend the one-two punch of pfSense and Untangle. It'll require two boxes though.
while I do like your one-two punch setup, the goal is to use my existing hardware. Reading about untangle, I would not be comfortable running it on anything less than an e5300 with 2gb rams. A system which would cost me around $370 to build and benchmarks around 4.62 times faster than my current xp2200+. The one two punch would still require this purchase. It's what I'm trying to avoid.
@OP: if I am misunderstanding your question can you clarify more for me so I can get a better idea for what you wanting then?
You've got it right. I know that untangle can do what I want, I just don't want to buy/build a new system to use it. I'm trying to find out if pfsense can do what I want on my existing hardware, and how well it will work. Also be nice to know what it can do that untangle can't and vice versa. I'm not exactly sure what each product's area of expertise is.
That's more UTM territory.
UTM?
Thanks,
tr3 -
UTM is short for "Unified Threat Management" system (IE firewall appliances, or other similar programs/devices meant to monitor your network for any thing unwanted and take action against such "threats" to either prevent them from causeing harm to your network or stop them from breaking into your network.
-
pfSense alone cannot do all the things you asked. That is the short version.
-
Which of my desires will pfsense be unable to satisfy?
Looks like the whole firewall/gateway/router and vpn/vlan setup will be just fine, fantastic even. QoS, check! Jaime says blocking nasties/ads can be done with a dns blacklist addon package (hopefully free). Snort supplies intrusion detection. Imspector takes care of protecting IMs.All that remains is virus scanning… If it means not having to buy new hardware, I can get by without it. I've got client anti-virus setup everywhere anyhow.
In the future perhaps I'll go with valnar's one-two punch to add virus scanning. Actually valnar, can you explain the one-two punch benefit for my scenario? As far as I can tell the only feature adding an untangle box adds for me is virus scanning... Also, excepting virus scanning, why not just have one or the other? Untangle has firewall/routing etc, why put pfsense in front of it? In one-two punch which tasks are delegated to which machine?
my understanding so far:
pfsense will do everything I want except virus scanning
pfsense will fulfill my needs on my xp2200+ machine without slowing down -> still uncertain
untangle does everything I want but requires new hardware
there must be something pfsense does that untangle doesn't but I don't know what it isthanks for inputs so far,
tr3 -
You can also do web access protection by using squid+squidGuard packages on pfSense, and there are some blacklists out there for that, but they are not free for commercial use (though they are for home, iirc) And if you have squid installed you can also use the HAVP antivirus package.
-
well IIRC you can put a virus scanner on the PFSense box…not sure how well it will work but I remember seeing something that looked to be a virus type scanner...unless thats the squid guard thing I am thinking of...
-
It sounds to me like pfsense and untangle do pretty much the same things. Why have two machines when you can just have one do it all?
tr3
-
It sounds to me like pfsense and untangle do pretty much the same things. Why have two machines when you can just have one do it all?
tr3
They don't really. Just keeping reading on both forums or try them both. pfSense is the better firewall. Untangle is a UTM but basic firewall. If you can just install one, pfSense is certainly it, but some functions either don't work as well as Untangle, or don't at all.
I can see you are trying to get everyone to agree with you or talk you into pfSense as the God product of all time, but that's not going to happen. They each have their strengths.
-
I can see you are trying to get everyone to agree with you or talk you into pfSense as the God product of all time, but that's not going to happen. They each have their strengths.
That's really not it at all. I've been trying to determine those strengths you mentioned! You pretty well summed it up there, just perfectly:
pfsense -> firewall
untangle -> UTMIt sounds like both dabble around in each others respective territories a bit, but both are better in their own area.
Now I know that I can get a little more into the pfsense stuff. Untangle probably seems to me to be more hardware intensive because UTM is naturally more hardware intensive than firewall. Makes perfect sense. So now I'm curious what exactly falls into the realm of firewall and what falls into the realm of UTM.
My original post intentions sum up to:
router/gateway
QoS
vpn
blocking nasties (content filtering)
blocking ads (also content filtering?)
IM logging
virus scanning/intrusion preventionWhich of these things should I be doing with pfsense, which with untangle?
tr3
