What About pfsense with AX asus router

[Asusrouterlover]

I would like to deploy pfsense with my Asus router for extra protection from trojan and IDS / IPS do I need to do this or Asus Router don't need this setup ?

 

[bbunge]

I rea

I would like to deploy pfsense with my Asus router for extra protection from trojan and IDS / IPS do I need to do this or Asus Router don't need this setup ?

I really do not feel that pfsense would give you any more security. An Asus router is pretty good the way it is. Install the Merlin firmware and there are a lot more things you can do. You need to ask yourself if it is worth the effort. You also need to stay away from dangerous browsing and networking habits.

 

[Asusrouterlover]

I rea

I really do not feel that pfsense would give you any more security. An Asus router is pretty good the way it is. Install the Merlin firmware and there are a lot more things you can do. You need to ask yourself if it is worth the effort. You also need to stay away from dangerous browsing and networking habits.

thanks for tip

 

[coxhaus]

If pfsenes' IDS / IPS works both inbound and outbound like Untangle's UTM does then maybe more security as I think ASUS would not. It takes more CPU cycles for outbound scanning.

Let me know if I am wrong.

 

[Asusrouterlover]

If pfsenes' IDS / IPS works both inbound and outbound like Untangle's UTM does then maybe more security as I think ASUS would not. It takes more CPU cycles for outbound scanning.

Let me know if I am wrong.

I am not sure but this process will make it more packet delay ?

 

[Tech9]

IDS/IPS is not very effective with today's encrypted traffic, unless you run network wide proxy on your firewall and with some associated with it complications. It can be done on pfSense or Untangle firewall, but not on Asus routers. For true Gigabit IDS/IPS x86 multi-core CPU is needed with multi-threaded package like Suricata. Home routers don't have required CPU processing power for this. In addition to Snort/Suricata some DNS/IP filtering (pfBlocker in pfSense) is an option. pfSense needs networking knowledge. Untangle is easier, but not free - $150/y home license. Powerful multi-option router OS or packages may break the network easily. Home routers are much cheaper and more user-friendly option.

 

[coxhaus]

Exactly, home routers cannot compete in the real firewall field. They are made as home routers.

 

[itpp20]

For godsake Jim, I am a basic router with an AP, not an advanced multi core firewall.

 

[Starrbuck]

I would have no problem using pfSense with an ASUS router, but I'd route with pfSense and just use the ASUS as an access point. No sense in both acting as routers.

 

[itpp20]

It isn't if you keep thing separate, here netgate(pfsense), managed switch+LA/vlans with asus among others.
A merc may by a nice car but when your driving in the desert a jeep would actually get you somewhere.
Use stuff what its made for, the all in one solutions are mostly not capable doing all in one.

 

[coxhaus]

IDS/IPS is not very effective with today's encrypted traffic, unless you run network wide proxy on your firewall and with some associated with it complications. It can be done on pfSense or Untangle firewall, but not on Asus routers. For true Gigabit IDS/IPS x86 multi-core CPU is needed with multi-threaded package like Suricata. Home routers don't have required CPU processing power for this. In addition to Snort/Suricata some DNS/IP filtering (pfBlocker in pfSense) is an option. pfSense needs networking knowledge. Untangle is easier, but not free - $150/y home license. Powerful multi-option router OS or packages may break the network easily. Home routers are much cheaper and more user-friendly option.

I got buy with the $50 license as I did not need the advance features for my home use.

 

[Tech9]

Untangle at Home $50/y license doesn't offer good to have features even in home environment:

NG Firewall at Home | Edge Threat Management - Arista

Run NG Firewall at Home

www.untangle.com

 

[Starrbuck]

Ridiculous waste of money!

 

[coxhaus]

It was enough for me back when I ran it.

It is cheaper than an ASUS router.

 

[Tech9]

It is cheaper than an ASUS router.

No, it's not. 5y x $50 in fees only = RT-AX86U

You have to calculate the cost of hardware too. Untangle needs x86 appliance. They don't come for free.

Ridiculous waste of money!

Not really, if you want "easy". Firewalla Gold is other option with no license fees and hardware included.

 

[coxhaus]

No, it's not. 5y x $50 in fees only = RT-AX86U

You have to calculate the cost of hardware too. Untangle needs x86 appliance. They don't come for free.



Not really, if you want "easy". Firewalla Gold is other option with no license fees and hardware included.

The majority of people do not run 1 ASUS router for 5 years. They upgrade more often which is what ASUS wants.

I ran my Untangle on a left-over Xeon server motherboard in my rack. Most of the time I ran it as a UTM device in transparent bridge mode behind my Cisco small business router so I had 2 levels of security to go through to get to my LAN.
You can't use your router for routing as all your traffic will be scanned and slowed down for local LAN traffic. You only want outbound traffic scanned, not local traffic. I used a Cisco layer 3 switch for local LAN traffic. Inbound traffic works normal.

 

[Tech9]

I ran my Untangle on a left-over Xeon server motherboard in my rack.

How many people have left-over Xeon server in their racks? Most need to purchase hardware to run Untangle. It doesn't come for free.

You can't use your router for routing as all your traffic will be scanned and slowed down for local LAN traffic.

Not clear what are you talking about. My home router is a Netgate firewall, for example. It scans/filters only the traffic I want to be scanned/filtered.

 

[coxhaus]

How many people have left-over Xeon server in their racks? Most need to purchase hardware to run Untangle. It doesn't come for free.



Not clear what are you talking about. My home router is a Netgate firewall, for example. It scans/filters only the traffic I want to be scanned/filtered.

ASUS and Netgate don't scan outbound traffic. I am not sure pfsense does, but I don't know for sure. When I ran it, it did not scan outbound traffic. Untangle is a higher-level firewall. This would probability be true for all enterprise level firewalls.

 

[Tech9]

ASUS and Netgate don't scan outbound traffic.

For your information:
TrendMicro AiProtection in Asus routers has Two-Way IPS option. Netgate runs pfSense and you can do whatever you want with it.

 

[coxhaus]

Here is some info.

Firewall Comparison: Untangle VS pfsense - YouTube

Untangle Firewall Review - YouTube