Increased network security

[User_Deleted]

This is a really stupid question, but I just wanted some input on it. I have a Asus "Dark Knight" router, model RT-N66U. I also have a computer running Sophos UTM 9.3 that runs on a Asrock motherboard with a A8-3800 processor and 8GB of ram. My question is: Do I really need this device for the security of my home network? I would love to convert that computer over to something like a Plex server or perhaps something else. Thank you for your time.

[Haggis Veteran]

personally i would just use the routers firewall

[User_Deleted]

Thanks for your input!

[Haggis Veteran]

no problems

 

i used my router firewall for years

 

i now use pfsense

[+BudMan MVC]

Depends on what your wanting to do.. The firewall/NAT in your wifi router is going to prob be more than enough for pretty much any home.  Is only when you want to do more that you would need to run something else.  You have to know that there are features in your UTM that your little soho box is not going to be able to do.  For starters I doubt your wifi router runs a full proxy with web reporting, etc.  If you want/need that for your kids?

 

I doubt your router has vpn server support other than maybe outdated, deprecated  unsecure pptp?  The feature set of your wifi router is going to be very limited compared to a full firewall distro, IDS/IPS internet segment firewalling, vlans, etc.

 

But if all you have is one segment and wifi, and nobody you need to control with web filtering, then sure your soho will be fine.

 

What hardware are you running the utm on now?  Have you thought about running say esxi on it (free) and then running your utm as vm, then plex as vm, whatever else you want as vm?  I have like 5 VMs that run 24/7/365 only one of them is my router pfsense.  One is my NAS/Storage.. It servers up my video - I have popcorn that puts the video on my TV, I have no need for plex are any other transcoder, etc.

 

I am curious how your setup no..  What is your UTM protecting if you have your wifi on your router before it doing nat anyway?  How is the wifi behind your UTM?  Unless your just using that as a AP and have a "modem" in front of your utm giving your utm pubic IP?

[User_Deleted]

Okay, I still have the UTM up and running. The computer that the UTM is installed on is a custom built, AMD A8-3850 on a ASRock A75M with 8GB of ram, I believe I have a 250GB SSD installed. I have a 50/8 internet connection and I use the UTM to run a transparent proxy so I can filter whatever comes into the house, I also use the VPN connection into the house when I am at work. The Modem is connected directly to the UTM, which is connected to the router which is serving as a basic AP. Can I use ESXI to be able to install and run both a windows os (streaming plex) and the UTM be able to run without slowing down? Thanks for your help.

[+BudMan MVC]

I woutd think - give a try..  That is way more powerful than my little N40L

 

esxi is free, so your out nothing but a little setup time.  I just downloaded the UTM to give it a go again, it runs fine on my N40L -- I just big fan of pfsense, but they do have a pretty slick free utm there.

[User_Deleted]

I was just asking because I tried running the utm software through Hyper-V and it was crap, the internet connection was so slow. But I will check it out, thanks. 

[+BudMan MVC]

Hyper V is crap if you ask me hehehe  Let me boot up the UTM on my esxi setup and do a speed test, but last time I did I got my full internet 60/12

 

How much ram did you give the utm?  How did you have the networking setup in hyperv?

[binaryzero]

Budman, have you used SCVMM? That + Hyper V is pretty much your equivalent of vCenter + ESXi.

 

Hyper V aint bad once you use it with VMM, however I personally\professional use VMware.

[+BudMan MVC]

I have not tried out SCVMM, but will put it on my list - its not free thought either, same as vserver.  But esxi does everything I want, it runs good it supports usb passthru which I use, I can raw mount my disks to a VM.  The client does everything I need I really don't need vserver taking up resources on my host to do what exactly?  If I want to deploy a new vm, takes me all of 1.5 minutes to via a ova of my clean copy vms of the oses I normally use, clean ubuntu server base that I update ever few months so I don't have to update lots of packages once I deploy it, etc.

 

I have clean w7 image as well.  I keep meaning to give hyperv another shot, and when vmware put that nag in on the vclient about higher level vms not fully be editable via the vclient I almost jumped..  

 

So why do you use esxi vs hyper-v?  Why are you not on hyper-v if is so good  

[binaryzero]

Because my company is a VMware partner\I've got my VCP4, and most of the projects I consult on have been designed around VMware.

 

I've done my MCSE in Private Cloud which covers VMM and Hyper V, so does MCSE Server Infrastructure which I also have.

 

Plus I've been a VMware guy since 1.0. Soooo yeah, keep with what I know best.

 

I prefer to use VMware with vCenter - when it comes to enterprise you need it. Also the vclient is intended to keep legacy plugins happy until they've been updated for the web UI (which will continue to receive updates).