Current: Inet->wan-AC68u (ipsec passthrough)-lan ->wan-AX11000gt
Hello all,
Firstly, I wish everyone safe and well during this time of global worry.
Please, could you kindly help me out,
I think I know what to do, however I don't want to sway advice with my inexperienced opinion.
After 8 months of struggling with Bitdefender Box 2 (great idea, stupidly hampered by no ipsec passthrough and they pulled the ability to change subnets...). I have now replaced it.
I have:-
Jon
Hello all,
Firstly, I wish everyone safe and well during this time of global worry.
Please, could you kindly help me out,
I think I know what to do, however I don't want to sway advice with my inexperienced opinion.
After 8 months of struggling with Bitdefender Box 2 (great idea, stupidly hampered by no ipsec passthrough and they pulled the ability to change subnets...). I have now replaced it.
- Replaced bitdefender box 2 for : ac-86u on merlin at gateway for 'guest wifi iot', 'guest wifi for guests' and 'standard wifi; owned devices not requiring local network'. IPSec passthrough. Running at 2.4ghz only.
- AX1100gt for local network: nas and devices that need access to it, 'guest wifi work network' and a 'standard wifi; network for local specific devices' to backup securely to cloud storage providers via qnap and independantly. Running at 5Ghz only.
To save messing around with switching either networks or disabling/re-enabling of vpn's via mac addressing,my current thinking is to have 2 seperate vpn's and understand that everything will just be a bit slower internetwise but be more secure the ax11000 local side.
- Where do I site IPS/IDS and DNSBlocker? i'm wishing to catch malicious etc. from all devices
- Which small form factor-NUC to use?
Dual nic, dual core celeron no aes-ni or
Single nic i7 with aes-ni using proxmox (I believe that should enable aes-ni via vm) and a Thunderbolt dock for the second nic Caldigit TS3 plus, currently giving me a headache.
Single nic i7 with aes-ni using proxmox (I believe that should enable aes-ni via vm) and a Thunderbolt dock for the second nic Caldigit TS3 plus, currently giving me a headache.
I have:-
Trialled a vm on qnap for pfsense, but you cant use aes-ni in that vm, thought that would be significant, also didn't have enough experience of vm's back then and didn't want to use our wantingly secured nas to handle edge features of pfsense.
Trialled a dual nic dual celeron nuc for pfsense, awesome but no aes-ni on cpu. Trialled as gateway and after bitdefender box2 (dual and triple nat issues)
Currently scratching head with i7 single onboard nic, no m.2 or variant of additional onboard connectors can get an additional nic going via adaptors , so have to go with a thunderbolt dock albeit i cant seem to get the ts3 working atm, but it does work without issues on a macbook.
3. Whilst I like PFSense, there may be extended periods, where I am not able to administrate it. I'm wondering if the ' implement and forget' nature of Clearos paid home user is a better idea for my wife to be able to use?
Thanks all and stay safe,Trialled a dual nic dual celeron nuc for pfsense, awesome but no aes-ni on cpu. Trialled as gateway and after bitdefender box2 (dual and triple nat issues)
Currently scratching head with i7 single onboard nic, no m.2 or variant of additional onboard connectors can get an additional nic going via adaptors , so have to go with a thunderbolt dock albeit i cant seem to get the ts3 working atm, but it does work without issues on a macbook.
3. Whilst I like PFSense, there may be extended periods, where I am not able to administrate it. I'm wondering if the ' implement and forget' nature of Clearos paid home user is a better idea for my wife to be able to use?
Jon
