Menu
What's new
By:
Filters Better Search

pfSense/ OPNsense help

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

T

Thomas01

Regular Contributor
For Pfsense/Opensense do can I just use the following hardware or do I need to buy a switch?

Netgear Cable Modem CM2050V

Asus GT-AX11000

Hunsn Firewall Appliance
 
from what i read, you can install pfSense or OPNsense on your Hunsn Firewall appliance. That would mean you have to degrade your Asus to an AP.
 
Thomas01 said:
For Pfsense/Opensense do can I just use the following hardware or do I need to buy a switch?
Click to expand...

You already have 4-port switch (5-port in AP Mode) on your All-in-One (router, switch, access point) GT-AX11000 "router". What you don't have is VLAN support. You need AP with VLAN support for isolated from main LAN/WLAN Guest Network with pfSense/OPNsense.
 
Tech9 said:
You already have 4-port switch (5-port in AP Mode) on your All-in-One (router, switch, access point) GT-AX11000 "router". What you don't have is VLAN support. You need AP with VLAN support for isolated from main LAN/WLAN Guest Network with pfSense/OPNsense.
Click to expand...

I'm not going to have a VLAN or guest network as of now so, I don't need to buy a switch?

ddaenen1 said:
from what i read, you can install pfSense or OPNsense on your Hunsn Firewall appliance. That would mean you have to degrade your Asus to an AP.
Click to expand...

How do I connect my Netgear CM2050v cable modem, Hunsn firewall and Asus GT-AX11000 AP? What do I connect to what?
 
Okay, back to the drawing board here. What is it that you are trying to achieve, it sounds to me as if you are intending to use the pfsense box as just a "transparent firewall" (there are videos on YouTube about doing this). For a home network, this seems overkill (you could run Skynet on the Asus router, and for a small business network you'd be better off using the pfsense box as router/firewall with APs!
 
Don't engage with negativity. Others will be able to help as you need.
 
Crimliar said:
Okay, back to the drawing board here. What is it that you are trying to achieve, it sounds to me as if you are intending to use the pfsense box as just a "transparent firewall" (there are videos on YouTube about doing this). For a home network, this seems overkill (you could run Skynet on the Asus router, and for a small business network you'd be better off using the pfsense box as router/firewall with APs!
Click to expand...

I am using for my home. I am intending to use the pfsense box as my router and firewall and the Asus as my AP.
 
So it's pretty simple:
Modem/ONT/PON > WAN : pfsense router/firewall : LAN > WAN : Asus router in AP mode.
Personally, I'd set the pfsense box up first before hooking up the Asus router.
 
Thomas01 said:
Unhelpful! I believe that I will be able to do it
Click to expand...

Just the opposite - I'm trying to save you the frustration. Your thread title is "Pfsense/Opensense help". Both are written incorrectly to begin with (pfSense/OPNsense). You don't need router/firewall OS help at the moment. You need basic connections between devices help. Good luck.
 
Tech9 said:
Just the opposite - I'm trying to save you the frustration. Your thread title is "Pfsense/Opensense help". Both are written incorrectly to begin with (pfSense/OPNsense). You don't need router/firewall OS help at the moment. You need basic connections between devices help. Good luck.
Click to expand...

I was trying to have a broad title since when I first started the thread I wanted to make sure that I was purchasing the right hardware and not purchasing stuff I didn't need. I just ordered the modem and the OPNsense box last night from Amazon and I am going to reuse my Asus GT-AX11000 as an AP. I also wanted to know how to connect them in advance so that way as soon as all the hardware arrives I can set it up.

1st reason for doing this is to get better internet and wifi performance. 2nd reason is more customization and control over my network.
 
Thomas01 said:
1st reason for doing this is to get better internet and wifi performance.
Click to expand...

You most likely won't get better Internet and Wi-Fi performance. The modem will provide what you have as ISP plan, nothing more. The Asus router will provide still the same Wi-Fi as before. It's the same Asus router after all.

Thomas01 said:
2nd reason is more customization and control over my network.
Click to expand...

What customization and control you are after? With no VLAN support AP and switch (your home router) network separation is out of question. Asuswrt on your Asus router has good for home router set of control tools and easy to use.
 
Tech9 said:
You most likely won't get better Internet and Wi-Fi performance. The modem will provide what you have as ISP plan, nothing more. The Asus router will provide still the same Wi-Fi as before. It's the same Asus router after all.
Click to expand...

I'm trying to get closer to my Comcast/Xfinity speed of 1.2 gig download. I got all of my 40mbps upload speed so download speed is my focus. I thought that the speed might be better since OPNsense box I am getting obviously has more powerful hardware. Should I buy a better Asus router to use as an AP? If I buy Another Asus router I could have mesh wifi system. I didn't buy because a new Asus router because I thought it would be fine to save money and repurpose my Asus GT-AX11000 router as an AP. I have had it for 2-3 years now, running Asuswrt Merlin.

Tech9 said:
What customization and control you are after? With no VLAN support AP and switch (your home router) network separation is out of question. Asuswrt on your Asus router has good for home router set of control tools and easy to use.
Click to expand...

I just want to explore more features than what Asus Merlin has. The feature I am interested in right now is the IPS with Suricata. I haven't looked into that too much or any other features yet since I'm focused on learning how to get internet up and running first so I can be prepared once everything arrives and not take too long to setup and be without internet.
 
Thomas01 said:
I'm trying to get closer to my Comcast/Xfinity speed of 1.2 gig download.
Click to expand...

Your Asus router can handle this ISP, but you can't push that speed over Wi-Fi unless you have AX clients with 160MHz wide channel support and 160MHz is actually working in your area. You gain speed, but lose coverage in this case. Your existing AX 80MHz capable clients and all AC/N clients will work in exactly the same way. In most cases no device will see >800Mbps on Wi-Fi and Gigabit wired.

Thomas01 said:
The feature I am interested in right now is the IPS with Suricata.
Click to expand...

Most of Internet communication today is encrypted and IDS/IPS (Suricata or Snort) will see nothing unless you run a SSL proxy Man In The Middle style (with Squid) with associated with it issues. If your idea is inspecting traffic with Suricata - forget about it, it won't work for most of your traffic. The same as AiProtection in Asuswrt it can react on URL rules, but won't see any encrypted data.
 
Tech9 said:
Your Asus router can handle this ISP, but you can't push that speed over Wi-Fi unless you have AX clients with 160MHz wide channel support and 160MHz is actually working in your area. You gain speed, but lose coverage in this case. Your existing AX 80MHz capable clients and all AC/N clients will work in exactly the same way. In most cases no device will see >800Mbps on Wi-Fi and Gigabit wired.
Click to expand...

So I won't benefit from buying a new router?


Tech9 said:
Most of Internet communication today is encrypted and IDS/IPS (Suricata or Snort) will see nothing unless you run a SSL proxy Man In The Middle style (with Squid) with associated with it issues. If your idea is inspecting traffic with Suricata - forget about it, it won't work for most of your traffic. The same as AiProtection in Asuswrt it can react on URL rules, but won't see any encrypted data.
Click to expand...

Zenarmor seems to be what I want just, found it!
 
@Thomas01

If you want more visibility ditch the sense idea and roll Linux. More options and robust software available. It's not good for be cookie cutter but, since all routers and switches run it anyway it's your foundation to build off of.

I don't know the specs of your box you're planning on using but, building from the ground up is what I did for different reasons. Taking a PC and turning it into a router or more gives you the options to do what you think you want to do. Since this sounds more like a hobby than practical need start with what you have and if you're more serious or have an actual need for a tin foil approach build something specific for the need.

There are plenty of homebrew tutorials on how to bend Linux to your will to do this sort of thing. Just keep in mind the more stuff you enable the slower your speeds will get with all of the triggers being processed.
 
Also, don't buy routers to be APs it's a waste of money and hardware. Buy a decent AP or two and hardwire them back to the new router you make yourself.
 
Thomas01 said:
So I won't benefit from buying a new router?
Click to expand...

I run multiple networks (3x business and 1x residential) with pfSense firewalls and one sentence is enough for me to understand who needs such hardware and software and who doesn't. You start with knowledge first and purchase hardware based on your needs after. Doing it in reverse is a mistake usually ending with frustration, disappointment and money spent on hardware you don't need and don't know what to do with. Some responders don't care how much money you are going to spend and will push you in a wrong direction based on your uninformed ideas.

From what I read so far - you'll have minimal or zero benefits from your x86 box. You definitely don't need a new home router and you don't need 3rd party involvement like Zeroarmor. Your Asus router already has optimized for home router hardware AiProtection with similar 3rd party involvement from TrendMicro. If you really want a good pfSense powered system you need not only x86 hardware (your Hunsn whatever it is), but also VLAN capable switch with PoE and VLAN capable business class access points with PoE plus required Ethernet infrastructure. For a good set you're looking at $1000 to start. For a good setup you're looking at lots of time in learning. Note: YouTube won't help with no understanding of what are you doing.

If you want really quick disappointment and this Hunsn on eBay - roll bare Linux with command line configuration. It's perfect for beginners. I'm out of this conversation and leaving you on helpful guys above. What you are going to do and now much money you are going to spend is your choice.
 
Last edited:
You must log in or register to reply here.

Similar threads

Q
Pfsense/opnsense box with AX88U Merlin firmware
2 3 4
Replies
67
Views
5K
Spud
Spud
P
DNS Director - Proprietary?
Replies
6
Views
534
Tech9
Tech9
Maverick009
Looking at purchasing a new WiFi7 AP. Deciding on brand to go with.
2
Replies
23
Views
4K
Tech9
Tech9
D
Solved Irqbalance in relation to Cakeqos
Replies
4
Views
403
DJones
D
GHammer
pfSense No More Without Paid Version?
4 5 6
Replies
116
Views
11K
ddaenen1
ddaenen1
Similar threads
Thread starter Title Forum Replies Date
C Pfsense wins awards Routers 34
R OPNsense + Omada SDN Proxmox container Routers 2
C Help me identify device - ARM, BCM4708, BCM4366, ASUS, LINKSYS, OR ??? Routers 3

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 819 (members: 13, guests: 806)
Top