A question about ISP Box Routers & pf-sense



  • My simple question was will a standard ISP Box provide less, the same or more protection than pf-sense set-up on a dedicated server .

    If I have pf-sense installed on my rack being version 2.4.2 because my rack does not support encryption I believe.

    I read that the newer builds need AES Encryption somewere for the CPU to use the pf-sense software.

    I was thinking about taking out my Rack and using it for something else and wiping pf-sense off it, and just going back to the standard ISP Box ..

    What do you guys think.

    Is running 2.4.2 a good idea or should I go back to the ISP Router and is an ISP Router less or just as good for a domestic home user.

    Thanks.



  • I don't think there's a simple black and white answer to this question, because in terms of security, no one knows what vulnerabilities exist that have not yet been publicly disclosed. That said, pfSense and FreeBSD are open source, and there is a compelling argument that open source projects are more secure by virtue of more eyeballs scrutinizing them for any vulnerabilities. If you are not using any of the features or functionality of pfSense beyond what you get from your ISP router, though, and are a home user, I'm not sure there's a strong argument for you to use pfSense instead of the ISP router.



  • Aes encryption where? If you are using a vpn terminated on pf, then yes, but aes is no magic wand for anything.
    pf does aes in software in all situations when needed. Doing it in hardware is just faster.
    In more general terms, is a Mercedes better than a bike for visits to the grocery store across the street?
    Well, if it rains and if there is parking slots available, sure is, but your mileage may vary.

    On the other hand if one is clueless on the features and capabilities of a firewall, then he will be better off at the hands of the isp.
    A badly administered firewall can be far worse than a simple isp router with default settings.



  • I don't use pf-sense beyond what the dafault settings are and when setting up the firewall threw the inital configuration wizard the only thing I changed was the DNS as I selected to use my own.

    I dont have to much knowledge in particular about pf-sense and everytime I have made changes you can guarantee I have borked my set-up .

    When I installed it, I was curious about the home lab aspects of it and it works don't get me wrong and I use it daily when I'm using my systems as my servers up most of the time.