Router/Firewall recommendations.

[justwantv]

I am currently using the ISPs gigabit wifi 6 all in one. The performance is fantastic however I want more control over my devices like firewall rules and time limits for my kids, better segregation of my IoT devices etc. And why not a pretty GUI while we are at it. I'd also like to see where all my traffic is coming and going from.

A fork of PFsense, Opnsense/sensei has some really cool graphs and maps to log all this. Connected to google maps you can find exactly where your traffic is going. It has awesome firewall rules to weed a lot of garbage out so kids devices can't stumble across things. It seems like a perfect solution. Problem is Opnsense is over my head. I just don't have the networking background, time or patience to make changes or do much without lots of trail and error. I can set it up and play with it but I am not comfortable switching over my whole network to Opnsense. My Opnsense box is built from 90% recycled parts so if I need to cut my losses I can. I don't mind buying software but don't want to do any dang subscription garbage.

So I've been looking at ASUS and and TP link Gaming type mega routers and such also.

What are you guys using? I'd love some feedback or to know how your set ups are.

Should I cut my losses with Opnsense?
Should I buck up and just push through Opnsense til I get past the learning curve? Have you and was it worth it?
Should I get some all in one deal that is ready to role from TP link ASUS? EASY button but maybe not as much control.
Are there some monitoring services I should use and keep my ISP device working as is?

Thanks for the help.

 

[biggen]

I don't have any experience with OPNsense and I'm not really into building routers. I want a small AIO "appliance" that I can stick in a rack or closet and forget about it.

I use Peplink devices. Their Balance 20X specifically at my home and in a few others mixed with Balance 30 LTEs. They aren't cheap however. I use Unifi APs for the wifi coverage.

 

[Teken]

I am currently using the ISPs gigabit wifi 6 all in one. The performance is fantastic however I want more control over my devices like firewall rules and time limits for my kids, better segregation of my IoT devices etc. And why not a pretty GUI while we are at it. I'd also like to see where all my traffic is coming and going from.

A fork of PFsense, Opnsense/sensei has some really cool graphs and maps to log all this. Connected to google maps you can find exactly where your traffic is going. It has awesome firewall rules to weed a lot of garbage out so kids devices can't stumble across things. It seems like a perfect solution. Problem is Opnsense is over my head. I just don't have the networking background, time or patience to make changes or do much without lots of trail and error. I can set it up and play with it but I am not comfortable switching over my whole network to Opnsense. My Opnsense box is built from 90% recycled parts so if I need to cut my losses I can. I don't mind buying software but don't want to do any dang subscription garbage.

So I've been looking at ASUS and and TP link Gaming type mega routers and such also.

What are you guys using? I'd love some feedback or to know how your set ups are.

Should I cut my losses with Opnsense?
Should I buck up and just push through Opnsense til I get past the learning curve? Have you and was it worth it?
Should I get some all in one deal that is ready to role from TP link ASUS? EASY button but maybe not as much control.
Are there some monitoring services I should use and keep my ISP device working as is?

Thanks for the help.

I believe each offers out of the box operations and really comes down to installing and configuring each package service to achieve your end goal. The internet has hundreds of videos and forum posts about setting up every feature / service.

It really comes down to setting aside time and resources to get everything setup and fine tuned!

I built four dedicated pfSense boxes as there are four networks in my home. Two are designed and built to provide 10 / 40 GB network traffic and staged to support 100 GB once hardware comes down in price.

They are mirrored to provide 2N + 1 operations to allow complete fail over and redundancy.

The other two networks are completely physically separated and isolated from anything else in the home (closed loop) and one of them has no Internet access. The forth network is designed to come on line if there is a terminal failure of the other three systems and is part of a micro network that is linked to other PtP bridges across the city, province, and country.

Communications comes the way of dual cellular from different providers, fibre, cable, DSL, and now satellite.

The PtP Bridge is literally the last line of communication which can be toggled to use SDR to send and receive as low tech as CB, GMRS, UHF / VHF, etc.

Personally I don’t see connecting to Google to provide graphing / charting or anyone else not in your direct control as being very security secure.

There are lots of boxes that can be flashed with Tomato / Other. All of these custom firmware all offer more features but always fall on their face in terms of horse power when IDS / IPS or any serious filtering is involved.

None of them can provide the same level of VPN performance when multiple connections are present and moving GB of data. The same is true when any serious logging and metric charting needs to be reviewed or drilled into.

Nothing wrong with a all in one box from a major vendor. But there are limits and compromises that have to be accepted by the same!

Cheers!

 

[justwantv]

You have two that are mirrored??? Whoa that set up is intense!!
See reading this makes me think well maybe I should just chip away til I figure things out. My ultimate goal was to slowly switch over from my current set up to Opnsense bits at a time. So my smart home stuff first, then my security cams, then wired devices and so on. I thought I was pretty primed and was going to wipe everything and start with a fresh config. I have been plaqued with issues since which makes me nervous I can't fix it quickly if things go south once it's my main network.

 

[Teken]

You have two that are mirrored??? Whoa that set up is intense!!
See reading this makes me think well maybe I should just chip away til I figure things out. My ultimate goal was to slowly switch over from my current set up to Opnsense bits at a time. So my smart home stuff first, then my security cams, then wired devices and so on. I thought I was pretty primed and was going to wipe everything and start with a fresh config. I have been plaqued with issues since which makes me nervous I can't fix it quickly if things go south once it's my main network.

Just take your time learning and building that firewall. Build a small independent network and test cause and effect. You break something no worries it’s as simple as loading that base (backup / Restore).

After a few months of burn in and getting different services up and running you make a decision to cut in. Nothing stopping you from running both in parallel to see how things operate and once things are solid you commit.

Remember, don’t seek for perfection - work toward progress.

 

[wannabe]

Linksys MR8300 is a good wi-fi router

 

[The Automation Guy]

I will say that there are plenty of tutorials around for pfSense (on Youtube and other places). Personally I use pfSense, but as you mentioned OPNsense is a fork of pfSense. If you can't find similar tutorials for OPNsense, I bet you could watch pfSense ones and learn about the basic features and setup. The GUI is different, but the underlying architecture and settings are the same between the two versions.

I didn't know anything about firewalls and got a pfSense box set up without too much effort. My recommendations is to take it slow. Get the firewall set up with a basic/safe set of rules and features. Then you can learn how to add add in additional features like VLANs, VPNs, ad blocking, etc one at a time and at your own pace. Don't try to set the box up with all the optional features "out of the gate" because this will lead to frustration and issues.

 

[Holbs]

I started off with a Asus WiFi router (with 8 of those antennae's). But it lacked more sophisticated networking structure such as a good number of VLAN subnets, more options for firewall rules, etc.
Ended up going for a Ubiquiti UDM router which I have come to love, though I'm sure it's not for everyone. It has an internal AP in the router itself, internal Radius VPN server (I used OpenVPN on the old ASUS), can do a great many multitude VLAN and subnets, pretty sweet firewall rules, and it talks to adjoining Ubiquiti equipment (AP's, managed switches, etc).
The more you go down the rabbit hole of "I need this...I need that", the more complicated things get. That's the nature of computers & networking. Sure, some folks are fine using only Putty & SSH to get things done. I do not have the time to learn EVERYTHING (sadly) so met in the middle with Ubiquiti UDM GUI method which works for me. Would love to learn and setup pFsense. Would also love to learn how to construct a fantastic heirloom wood working bench chisel from a block of iron. But no time so I end up with Stanley Sweetheart chisels