SG5100 + Protonvpn + NIDS/DPI
Hi, sorry for a basic question, I have been out of the recent network protection for a while.
My goal is to protect my home office traffic and increase privacy.
The idea was to use protonvpn (openvpn), also it sadly caps at 100 mbps, where my broadband is 1 gbps.
Does it make sense to add NIDS/DPI like snort, I am not sure how it will be able to look inside of the IPSEC traffic.
Are those things mutually exclusive?
Would be interested to hear how others are using SG5100/protect their home networks.
They are not exclusive, you can run Snort (or Suricata) in combination with a VPN WAN.
If it's IPSec you can't run it on the tunnel directly but for home/soho use you would probably want to run it on the LAN interface anyway. That gives much better visibility as you can see internal private IPs .
Thank you for the prompt response!
I am a bit reluctant regarding sending the traffic via VPN due to the performance downgrade, only 100 mbps. Setting up my own proxy seems to be an overkill for a home office setup, maybe a cloud proxy.
How is the community utilizing netgate products in consumer space?
I assume you mean the VPN provider is capped at 100Mbps? The SG-5100 should be capable of far more than that.
It is VPN capping for sure, I wonder how to overcome this limitation without losing privacy and security.
Use a different VPN provider?
Use multiple VPN connections and load-balance them? That would require routed IPSec or OpenVPN.
I tried the plus package for a week. 100 mbps seem to be the average also if you compare to other providers like NordVPN, etc. I think I‘ll need to give up the idea of using the VPN for all traffic and maybe just use a reliable and privacy aware DNS service for the start. What is the recommendation there - is anyone using 22.214.171.124/Cloudfare instead of the ISPs DNS settings?
I’m suggesting use the standard servers instead of secure core. Nord? Yuck stick with proton
I’ve used alternate dns servers for over a decade