I have an Asus AC68u, very happy with it, except I'd like a more robust firewall solution. I'd like to use Sophos UTM, which I've been trailing at home for a while.
What I have is the following :
FTTC-> TP->VDSL modem (PPoE)-> AC68u ------ LAN
.........................................-- WLAN
.........................................-- WLAN Guest
I have a few small webservers doing LAMP duty for home automation etc, IoT before the term became popular.
Now what I'd like to do is the following :
VDSL modem (PPoE)-> AC68u -- Sophos UTM -- AC68u --------- WLAN
.................................................--------- WLAN Guest
.................................................--------- IoT DMZ WLAN
.................................................-- IoT DMZ
.................................................-- LAN
I need the AC68u to do the PPoE, as there are issues with passing PPoE to the Sophos UTM (it's in a VM instance in ESXi 6).
Ideally I can segment the AC68u's switch at the back into different VLANs to achieve this, I'll put the UTM in between and pipe the UTM back into AC68u to connect back to the 2.4 and 5GHz radios. It'll be good to retain the AC68u firewall for specific VLANs, like the guest WLAN or even better, have a failover mechanism, so that if the UTM is offline, the traffic will get piped through the internal firewall.
Technically it's possible; is there a custom firmware that'll let me do that ?
Any ideas ? Any alternatives ?
What I have is the following :
FTTC-> TP->VDSL modem (PPoE)-> AC68u ------ LAN
.........................................-- WLAN
.........................................-- WLAN Guest
I have a few small webservers doing LAMP duty for home automation etc, IoT before the term became popular.
Now what I'd like to do is the following :
VDSL modem (PPoE)-> AC68u -- Sophos UTM -- AC68u --------- WLAN
.................................................--------- WLAN Guest
.................................................--------- IoT DMZ WLAN
.................................................-- IoT DMZ
.................................................-- LAN
I need the AC68u to do the PPoE, as there are issues with passing PPoE to the Sophos UTM (it's in a VM instance in ESXi 6).
Ideally I can segment the AC68u's switch at the back into different VLANs to achieve this, I'll put the UTM in between and pipe the UTM back into AC68u to connect back to the 2.4 and 5GHz radios. It'll be good to retain the AC68u firewall for specific VLANs, like the guest WLAN or even better, have a failover mechanism, so that if the UTM is offline, the traffic will get piped through the internal firewall.
Technically it's possible; is there a custom firmware that'll let me do that ?
Any ideas ? Any alternatives ?