Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Should I sell my Ubiquiti EdgeRouter Lite and go with pfSense?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    6 Posts 4 Posters 11.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      Fraoch
      last edited by

      I'm currently using a Ubiquiti EdgeRouter Lite:

      http://www.ubnt.com/edgemax/edgerouter-lite/

      It's quite powerful and it's almost certainly overkill for my home needs.  It's also small, silent and power-efficient.

      I'm selling off items from an old hobby so I have extra money to put towards a project.  Having used some of that money to make a FreeNAS server, I started thinking about pfSense (which I strongly considered back when I got the ERL).

      I'm sure you're all biased ;D but does pfSense offer anything my ERL can't handle?  I'm thinking specifically of advanced firewall capabilities.  The ERL is more of a router and less of a firewall appliance.  However I do have one key setting, I'm blocking all uninitiated WAN packets.  I see in a thread here there may not be much more I need to do:

      https://forum.pfsense.org/index.php?topic=82455.msg455285#msg455285

      @haleakalas:

      Unless you're running home based servers you should have any and all WAN initiated traffic blocked, in which case you don't need snort. Similarly squid web proxy doesn't do anything for home users. (Run it for a while and check the logs to convince yourself) So all the extra processing power on your pfSense router to accommodate snort and squid is a waste in home use environment. Snort will not protect you better and Squid will not increase your network performance.

      I was considering the Supermicro A1SAI-2750F (with that phenomenal 8-core C2750 Atom) as a powerful, silent, power-efficient board.  With conventional CPUs, looks like I won't be able to beat its performance until I get to a Xeon E3-1230 v3.

      I love playing with new hardware.  I'm fairly familiar with Linux and I'm getting familiar with BSD through my FreeNAS server.  I might want to do it for that reason - to learn, just for something different and just for fun, but…beyond simply blocking WAN packets, what more can pfSense offer?

      I'm trying to find out myself but am having problems getting pfSense running in a VM without letting it entirely take over as a router.  Will pfSense give me more security?

      Thank you for all responses.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Third option: keep the edge router lite and wait for the pfSense port.  :D

        No promises on a release date though.

        @gonzopancho:

        I've already committed to pfSense on the Edge Router Lite after 2.2 ships.

        Steve

        1 Reply Last reply Reply Quote 0
        • F
          Fraoch
          last edited by

          ;D ;D ;D ;D

          Wow!  I eagerly await!

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            However I do have one key setting, I'm blocking all uninitiated WAN packets.

            Yeah.  That's pretty much what you get "out-of-the-box" with pfSense.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I should point out that I don't think Jim or anyone else from ESF has said how they plan to release the port. There are many ways they could go with this some of which may not allow easy installation onto existing hardware.
              Anyone from ESF care to comment?

              Steve

              1 Reply Last reply Reply Quote 0
              • M
                Mr. Jingles
                last edited by

                @Fraoch:

                I'm sure you're all biased ;D but does pfSense offer anything my ERL can't handle?

                Anybody not using pfSense should always ditch the current machine and go for pfSense (and donate for the good cause  ;D ).

                I have Ubiquity WAP's myself, and I highly recommend them, I am a fan of the brand when it comes to WAP's.

                To answer your question: pfSense can do around a zillion things the ERL can't do  :P

                6 and a half billion people know that they are stupid, agressive, lower life forms.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.