What firewall are you using?
- Thread starter TL1096r
- Start date
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
What are steps of setting up sophos and pfsense - has anyone here done a step by step guide with some GUI screen shots showing some features of each?
And do yo have it working with your asus router/openvpn setup?
Thanks
And do yo have it working with your asus router/openvpn setup?
Thanks
Last edited:
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
Thanks for sharing and making this your first post
That setup sounds great. Are you doing it with linux setup or can it be done with a windows10 comp?I was hoping to add detail myself as I learn from other sites how to setup pfSense.
I bought a used rack mountable server from eBay with pfsense already on it and that serves as the router/firewall.Thanks for sharing and making this your first post
I was hoping to add detail myself as I learn from other sites how to setup pfSense.
It's a little complicated to set up - you are probably better off with a standard Netgear/Linksys router and then if adding something like pihole to block malicious domains.
I am not sure running a 3rd party software firewall on your local machine makes a ton of sense - if you just use windows defender on your windows machine and use pihole or pfblockerng on the router and use a DNS resolver like adguard or quad9s it's going to be really hard for you to get a virus. Not impossible, but pretty hard. Filtering malicious domains/ips at the router/dns level is important imo.
IReallyLikePizza2
Known around here
You really should re-think this, and just do a fresh install of pfSense. There is some HUGE issues with people selling pre-loaded pfSense boxes with backdoors built in. Over on the pfSense forums there were several people that got bitten by this and had major problems down the line. Its so bad they they are even considering a DRM type solution for verifying the software load
Installing pfsense is very, very simple
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
Thanks. I've seen pihole discussions a lot. A lot there to look into to help create a more secure connection.
Thanks. It was my first question when seeing that it was purchased from 3rd party vs installed fresh. I feel anyone can insert something and activate it later down the line.
Side note: What are thoughts of something very easy out of box that has 1 step vpn setup and says it removes adware prior to getting to you - example:
Firewalla: Cybersecurity Firewall For Your Family and Business
That's what I did - this box has 6 ports, hot swappable HD,, etc and it was 4 years ago and was way easier than building my own. I think there are trusted dealers now selling smaller form factor hardware but at the time it was the easiest thing to do.
that thing is tiny and can't handle a very big load I wouldn't think. At the very least I would use securedns.eu, nextdns.io or some other malware blocking dns. That + windows defender with active updates is going to be pretty good and basically free.
pmcross
Pulling my weight
You should consider Untangle as well. I am a former Sophos user. I switched to Untangle 4 years ago and never looked back. I have Untangle appliances running at several of my customer sites as well as at my house and in my colo space (provided by my employer).
Sent from my iPhone using Tapatalk
I used untangle for a few years - They have subscriptions and some free stuff too. My main problem was the Java interface seemed clunky. It may be better now. Not sure what dns filtering capabilities it has but untangle has been in active development for a long time and should be pretty good. I just found the interface unbearable.
pmcross
Pulling my weight
The Untangle interface has gotten better in recent updates, namely with version 13. The free offerings have decreased, but are still good enough for basic UTM functions. They have a home offering for $50/year, which unlocks the full functionality.
Sent from my iPhone using Tapatalk
Agreed. Ideally you want to filter traffic where & when it enters home network at the router/entry level if possible. It adds your first layer of defence.
My set up uses ASUS router with Skynet firewall installed on the router. Cameras & Blue Iris PC blocked from having any internet access whatsoever, standard windows firewall, VPN Server on router. I can still remote in & view cameras.
It took awhile to get it working but it's worth it.
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
Sounds good. I am in process of trying to get something more secure and will report back. How did you set it up to know pc/bi has no internet access at all?
Testing it by trying to access internet with it ie using browser, pinging & more but also using router to monitor any possible network usage.
I use a PC that has full internet & camera access, but it's only turned on when I'm using it, configured to access the BI PC if/when required. There's probably other ways to do it though.
TL1096r
IPCT Contributor
- Joined
- Jan 28, 2017
- Messages
- 1,223
- Reaction score
- 465
With help here I was able to setup Dahua cams on 1 NIC so it should have no gateway internet access. Is there a way to test to make sure they are not accessing the internet at all?
pmcross
Pulling my weight
I believe that you can run a ping test from within the camera UI. I believe that it’s under the network portion. You can just ping 8.8.8.8 to see if it can get out to the internet. Conversely, you could also set up SMTP on the camera and use gmail or outlook.com to see if you can successfully send a test email.
Sent from my iPhone using Tapatalk