Should I sell my Ubiquiti EdgeRouter Lite and go with pfSense?



  • I'm currently using a Ubiquiti EdgeRouter Lite:

    http://www.ubnt.com/edgemax/edgerouter-lite/

    It's quite powerful and it's almost certainly overkill for my home needs.  It's also small, silent and power-efficient.

    I'm selling off items from an old hobby so I have extra money to put towards a project.  Having used some of that money to make a FreeNAS server, I started thinking about pfSense (which I strongly considered back when I got the ERL).

    I'm sure you're all biased ;D but does pfSense offer anything my ERL can't handle?  I'm thinking specifically of advanced firewall capabilities.  The ERL is more of a router and less of a firewall appliance.  However I do have one key setting, I'm blocking all uninitiated WAN packets.  I see in a thread here there may not be much more I need to do:

    https://forum.pfsense.org/index.php?topic=82455.msg455285#msg455285

    @haleakalas:

    Unless you're running home based servers you should have any and all WAN initiated traffic blocked, in which case you don't need snort. Similarly squid web proxy doesn't do anything for home users. (Run it for a while and check the logs to convince yourself) So all the extra processing power on your pfSense router to accommodate snort and squid is a waste in home use environment. Snort will not protect you better and Squid will not increase your network performance.

    I was considering the Supermicro A1SAI-2750F (with that phenomenal 8-core C2750 Atom) as a powerful, silent, power-efficient board.  With conventional CPUs, looks like I won't be able to beat its performance until I get to a Xeon E3-1230 v3.

    I love playing with new hardware.  I'm fairly familiar with Linux and I'm getting familiar with BSD through my FreeNAS server.  I might want to do it for that reason - to learn, just for something different and just for fun, but…beyond simply blocking WAN packets, what more can pfSense offer?

    I'm trying to find out myself but am having problems getting pfSense running in a VM without letting it entirely take over as a router.  Will pfSense give me more security?

    Thank you for all responses.


  • Netgate Administrator

    Third option: keep the edge router lite and wait for the pfSense port.  :D

    No promises on a release date though.

    @gonzopancho:

    I've already committed to pfSense on the Edge Router Lite after 2.2 ships.

    Steve



  • ;D ;D ;D ;D

    Wow!  I eagerly await!


  • Netgate

    However I do have one key setting, I'm blocking all uninitiated WAN packets.

    Yeah.  That's pretty much what you get "out-of-the-box" with pfSense.


  • Netgate Administrator

    I should point out that I don't think Jim or anyone else from ESF has said how they plan to release the port. There are many ways they could go with this some of which may not allow easy installation onto existing hardware.
    Anyone from ESF care to comment?

    Steve



  • @Fraoch:

    I'm sure you're all biased ;D but does pfSense offer anything my ERL can't handle?

    Anybody not using pfSense should always ditch the current machine and go for pfSense (and donate for the good cause  ;D ).

    I have Ubiquity WAP's myself, and I highly recommend them, I am a fan of the brand when it comes to WAP's.

    To answer your question: pfSense can do around a zillion things the ERL can't do  :P