1. Home
  2. Official Netgate® Hardware
  3. SG5100 + Protonvpn + NIDS/DPI

SG5100 + Protonvpn + NIDS/DPI

  • P

    Hi, sorry for a basic question, I have been out of the recent network protection for a while.
    My goal is to protect my home office traffic and increase privacy.
    The idea was to use protonvpn (openvpn), also it sadly caps at 100 mbps, where my broadband is 1 gbps.
    Does it make sense to add NIDS/DPI like snort, I am not sure how it will be able to look inside of the IPSEC traffic.
    Are those things mutually exclusive?
    Would be interested to hear how others are using SG5100/protect their home networks.
    Thanks

    0
  • stephenw10
    Netgate Administrator

    They are not exclusive, you can run Snort (or Suricata) in combination with a VPN WAN.
    If it's IPSec you can't run it on the tunnel directly but for home/soho use you would probably want to run it on the LAN interface anyway. That gives much better visibility as you can see internal private IPs .

    Steve

    0
  • P

    Thank you for the prompt response!
    I am a bit reluctant regarding sending the traffic via VPN due to the performance downgrade, only 100 mbps. Setting up my own proxy seems to be an overkill for a home office setup, maybe a cloud proxy.
    How is the community utilizing netgate products in consumer space?

    0
  • stephenw10
    Netgate Administrator

    I assume you mean the VPN provider is capped at 100Mbps? The SG-5100 should be capable of far more than that.

    Steve

    0
  • P

    It is VPN capping for sure, I wonder how to overcome this limitation without losing privacy and security.

    0 B 1 Reply
  • stephenw10
    Netgate Administrator

    Use a different VPN provider?

    Use multiple VPN connections and load-balance them? That would require routed IPSec or OpenVPN.

    0
  • B

    @paulch7780 said in SG5100 + Protonvpn + NIDS/DPI:

    It is VPN capping for sure, I wonder how to overcome this limitation without losing privacy and security.

    which plan do you have. are you connecting to the secure core servers? when i used them the secure core servers were extremely limiting

    0
  • P

    I tried the plus package for a week. 100 mbps seem to be the average also if you compare to other providers like NordVPN, etc. I think I‘ll need to give up the idea of using the VPN for all traffic and maybe just use a reliable and privacy aware DNS service for the start. What is the recommendation there - is anyone using 1.1.1.1/Cloudfare instead of the ISPs DNS settings?

    0
  • B

    I’m suggesting use the standard servers instead of secure core. Nord? Yuck stick with proton

    I’ve used alternate dns servers for over a decade

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy