Spec my new network before I go mad...

DHR · 31 Dec 2023 at 11:02

It's kit to replace the BT SmartHub 2 with two wireless discs.

I've already got an opnsense firewall on the go but want to vlan and segregate WiFi traffic for easier management (long term)

Need a switch, 8-16 ports and access points capable of matching if not bettering the black BT discs.

I've pinged between Zyxel, Alta Labs, Ubiquiti, just need confidence money spent will be dropped wisely

ChrisD. · 31 Dec 2023 at 11:05

I use UniFi, I really like it. Have used OPNsense, Untangle etc in the past but for an all in one solution with switches, gateway, APs etc, and now with Protect, I find it really slick.

paradigm · 31 Dec 2023 at 11:40

ChrisD. said:
I use UniFi, I really like it. Have used OPNsense, Untangle etc in the past but for an all in one solution with switches, gateway, APs etc, and now with Protect, I find it really slick.

Agreed. I’m still not sold on Unifi for enterprise use, we tend to push Fortinet there, but for home and small office use Unifi is a great ecosystem.

The new Unifi Express would make a great starting point. Add a second AP and a PoE switch and you are done.

DHR · 31 Dec 2023 at 11:44

Firewall and IPS wise is it as good as opnsense?

Caged · 31 Dec 2023 at 12:08

It's a pretty rubbish firewall but what are you expecting to be detecting? Everything is HTTPS now and if you don't have any inbound ports open (ideally you shouldn't) there's really not much to do at the edge of the network other than perhaps detecting outbound connections to known C2 destinations.

The days of sitting a device at the edge of the network and having it inspect traffic in real-time to be able to perform virus scans are a long way in the past - connections are too fast to make it practical, everything is encrypted, and endpoints are much better places to do that sort of analysis.

DHR · 31 Dec 2023 at 12:11

I run Roon which frustratingly needs a NAT for Arc, outside of that, hikvision CCTV and a few cheap IP cameras.