recommend a NEXT GEN FIREWALL / ROUTER Distro for Home Use

[OneAboveAll]

Can some kind soul please recommend a Next Generation Firewall / Router Distro for Home Use ?

Particular things I am looking at are :

1) Intruder Prevention System
2) Intruder Detection System
3) Choice of Antivirus for Scanning "ALL Traffic that Goes in and out" of the Firewall / Router
4) Fine Gran Control over Packet Monitoring, Filtering and Control

Hope to hear from you soon.

Thank you very much for your time and kind help.

Warm Regards as Always !!!

One Above All

 

[Deepcuts]

PFsense or IPFire

offtopic:
"Warm Regards as Always !!!" ) when first post
No need for your nickname in the signature. It can be seen to the left of your post

 

[abailey]

I use Untangle for my house and have been extremely pleased.
https://www.untangle.com/
Here is an online demo: http://demo.untangle.com/auth/login?url=/setup/welcome.do&realm=Administrator

Unlike some other distros, Untangle (for the full version) cost money. For home use it is $50 per year.
You can download it and try it for 14 days free.

 

[sfx2000]

Also consider SophosUTM...

 

[YeOldeStonecat]

Can some kind soul please recommend a Next Generation Firewall / Router Distro for Home Use ?

Particular things I am looking at are :

1) Intruder Prevention System
2) Intruder Detection System
3) Choice of Antivirus for Scanning "ALL Traffic that Goes in and out" of the Firewall / Router
4) Fine Gran Control over Packet Monitoring, Filtering and Control

Hope to hear from you soon.

Thank you very much for your time and kind help.

Warm Regards as Always !!!

One Above All

In addition to Untangle (my favorite), I also recommend checking out SophosUTM, and ClearOS.
Untangle does have a free "Lite" version BTW.
With "free" versions of UTMs...you won't have a choice of antivirus (as you request if your OP)...they all use ClamAV for the basic "free" one. The more professional UTMs have pay for versions, which will add a second AV...of a much better engine. Such as BitDefender, or Kaspersky.

 

[sfx2000]

ClearOS

ClearOS, if it's the same one I'm thinking of, is a bit "edgy"....

With the x86 stuff - most are available in ISO format, so one can install VirtualBox and play around with them to see what fits...

 

[System Error Message]

i suggest going with x86 as you have the choice of pfsense and other OSes dedicated to being a UTM.

I was reading up on clamAV, apparently they are one of the worst available antivirus and are only good for checking mail. Its not just the detection quality but also the performance of clamAV. I wouldnt vouch for kaspersky as i have seen firsthand many viruses getting by them. So for network AV i think the only choice for an effective one is paid. Anti virus for networking only works best for checking files so you may want to implement domain and traffic filters instead to block malware traffic and hosts instead. To use an AV in a UTM effectively you will need to proxy your traffic such as with squid and squid can also apply filters on SSL traffic too. So far i have been having issues with squid3 recently being super slow.

 

[sfx2000]

ClamAV is ok, just consider what it is, and what it does - it's not a real-time scanner...

Snort is a great line of defense - and if one is running an email server (not likely at home, but consider small biz), then SpamAssassin is always a good option.

With UTM, end-points are always going to be the most up to date, and let's not forget about wetware behind the screen/keyboard - education is very important, as they are the true firewall, no matter what we put between them and the internet.

 

[Wolf_666]

pfSense with Suricata,,pfBlockerNG could be a good start.


Sent from my iPad using Tapatalk