Spec me a home/soho firewall (2 x WAN connections)

zeegy

zeegy

zeegy

Associate
Joined
7 Oct 2003
Posts
674
Location
Bournemouth
Hi all, using an Asus router at the moment, it works fine but working from home with myself, the wife and daughter using a myriad of voice apps etc im struggling to get a decent service.

QOS is configured, but I want a bit more.

Am taking the plunge and ordering a second internet connection, What firewalls would you suggest to help me with WAN Balancing? I want to be able to grind down fairly deep into the rules so that some traffic (or nodes) use a primary and secondary gateway (this are likely to differ based on rule), while others can only go out only through one gateway.

not overly interested in additional features like IPS/DPS, Logging, Reports etc. I use a HTML5 gateway for RAS, so SSLVPN isnt a necessity - I have no issues in investing in a USG if my requirements above are met, although i don't think I will use many of the other features.

any recommendations? what have you guys installed?
 
Last edited:
If you’re willing to really get your hands dirty then a Mikrotik RB4011 should be high on your shopping list. If you want to be involved but with less learning curve a Netgate SG3100 could be your answer and if you want all the functionality beautifully laid out in a GUI then you want a Qotom mini-PC running Untangle.
 
WJA96 said:
If you’re willing to really get your hands dirty then a Mikrotik RB4011 should be high on your shopping list. If you want to be involved but with less learning curve a Netgate SG3100 could be your answer and if you want all the functionality beautifully laid out in a GUI then you want a Qotom mini-PC running Untangle.
Click to expand...

Very much appreciate the response, the the mini-pc was very much what i was initially thinking, although i havent touched untangle in years. so i may have to see if its moved on. pfsense was another option, so the mini pc may allow me to play with a few solutions. there is also the Sophos UTM which I can dabble with.

WJA96 has given me some great direction, has anyone else had any positive experiences?
 
zeegy said:
Very much appreciate the response, the the mini-pc was very much what i was initially thinking, although i havent touched untangle in years. so i may have to see if its moved on. pfsense was another option, so the mini pc may allow me to play with a few solutions. there is also the Sophos UTM which I can dabble with.

WJA96 has given me some great direction, has anyone else had any positive experiences?
Click to expand...

To be blunt, if you just want a REALLY good firewall, the pfSense is an extravagance. The Mikrotik is a VERY good firewall with every option you could possibly want, and quite a few you don’t.
 
Looks like it, guessing the 'OPT' port can be configured as a second wan.

"Flexible configuration and support for multi-WAN, high availability, VPN, load balancing, reporting and monitoring, etc."
 
Janesy B said:
Looks like it, guessing the 'OPT' port can be configured as a second wan.

"Flexible configuration and support for multi-WAN, high availability, VPN, load balancing, reporting and monitoring, etc."
Click to expand...

I think that’s a cut&paste - there’s no high availability version of the SG1100 etc.
 
CARP and settings sync is just done in software, though, so there's no reason why an SG1100 wouldn't be able to do it. You might run out of physical interfaces but a switch that supports VLANs can fix that.
 
Caged said:
CARP and settings sync is just done in software, though, so there's no reason why an SG1100 wouldn't be able to do it. You might run out of physical interfaces but a switch that supports VLANs can fix that.
Click to expand...

So potentially not without additional hardware?
 
Depends if you wanted two WAN connections at the same time really. If you feel you need/want HA then it's likely that you have a managed switch already.
 
The HA was simply to point out that the product description related to pfSense, not to the SG-1100 per se.

So, my question remains - can the OPT port on the SG-1100 be configured as a second WAN port as I was under the impression that it couldn't because of the switch-chip used in the box. If it can, then it's a good shout because it's half the price of the SG-3100.
 
Caged said:
The small Netgate boxes have all the interfaces on a switch and then run VLANs internally with an uplink to the SoC so all the interfaces are equal and can be used for whatever you want to use them for.

http://wiki.espressobin.net/tiki-index.php?page=Block+diagram

This does obviously limit the total routing capacity to whatever can fit on a 1Gbps link, but it's £150 so what do you want.
Click to expand...

Personally, for that sort of money, a Mikrotik RB4011. Given that it has a 10Gb Master switch chip and the 10 ports are split into two routed banks of 5 switched ports so you can have genuine dual WAN with 4 devices off each WAN port and a 10GbE uplink to a NAS.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom