Firewalla Gold

[coxhaus]

When I last ran pfsense you do not get any real firewall scanning like firewalla unless you load one of the extra firewall packages on pfsense. Does a Netgate device come loaded with like SNORT or Suricata?

 

[JJay03]

When I last ran pfsense you do not get any real firewall scanning like firewalla unless you load one of the extra firewall packages on pfsense. Does a Netgate device come loaded with like SNORT or Suricata?

I think snort is around $30 dollars a year.

 

[coxhaus]

I think snort is around $30 dollars a year.

So for $30 per year more the Netgate comes with SNORT loaded? I wonder what Suricata costs?

Suricata comes loaded and running in the Untangle firewall. It cost $50 to use per year for home use. I did not pay for the advance features in Untangle.

 

[avtella]

You don’t pay for Snort or Suricata in pfsense, they are free to download in package manager as far as I remember. Unless you need to use some specific paid feeds if I’m not mistaken. I’d assume similar in OPNSense.

 

[coxhaus]

You don’t pay for Snort or Suricata in pfsense, they are free to download in package manager as far as I remember. Unless you need to use some specific paid feeds if I’m not mistaken. I’d assume similar in OPNSense.

So, if Netgate does not ship with Snort or Suricata then I would assume all of Netgate's specs are based on running just the router mode without real firewall scanning.

The $50 for Untangle is for home use including Suricata. If you want advanced Untangle features for home use then it will cost $150 which includes Suricata. There is no running Untangle without Suricata as it is built-in to the base system.

I believe Firewalla has firewall scanning built-in like Untangle but I have never owned one.

 

[avtella]

I’m not sure to be honest in regards to spec tests.

Firewalls also seems pretty compelling from what I’ve seen and read….

 

[Tech9]

Netgate units come with pre-installed pfSense Plus and not configured. First boot starts the basic configuration screens - LAN IP, user, pass. With business class firewalls no sysadmin expects anything different. Below is available packages lists. They are free to install and run - few clicks in GUI.

Packages — Package List | pfSense Documentation

docs.netgate.com

From this point on it's sysadmin's decision how to configure the firewall and what to run on it, with free community support or paid subscriptions to security companies of choice. The total throughput depends on what runs on the firewall and what it does. I've seen people inspecting their own home LAN traffic, just to mention. My home Netgate 5100 unit can do >800Mbps on multi-core IPS/IDS with HTTPS interception. It has up to Gigabit ports anyway. Also, I don't run it this way. 3x new Netgate 6100 units are coming in 2 weeks. They have similar CPU/RAM, but multi-gigabit ports this time.

Firewalla products are consumer oriented and some things may come pre-configured. Not with pfSense though.

 

[coxhaus]

Netgate units come with pre-installed pfSense Plus and not configured. First boot starts the basic configuration screens - LAN IP, user, pass. With business class firewalls no sysadmin expects anything different. Below is available packages lists. They are free to install and run - few clicks in GUI.

Netgate sounds just like a pfsense install which I have done many times before in the old days.. A very manual process with no firewall scanning until you install an additional package. When Untangle installs you don't even know when Suricata is installed. Suricata is installed and running with the base Untangle install not like pfsense. A much smoother process.

I spent a week on setting up SNORT package on pfsense back in the old days. I was never happy with it as it required too much maintenance. Untangle just worked after the base install including firewall scanning both inbound and outbound traffic.

I have not run Firewalla. I posted something out on Reddit to see if anybody has run with a L3 switch.

 

[Tech9]

Netgate sounds just like a pfsense install

Netgate hardware purchase gives you pfSense Plus and guarantees hardware compatibility.

When Untangle installs you don't even know when Suricata is installed.

What if someone prefers Snort with Cisco Talos commercial subscription? pfSense gives you the choice.

 

[coxhaus]

If I wanted to run Snort I would buy Cisco. I did not like running Snort on pfsense. Cisco has the power to make Snort better. We will see if they change it to a multi-threaded app and make it better.
If you like he man installs then you are going to really like Cisco command line. You have a blank slate every time you start new. I can do it but it takes time which I am not getting paid for. Cisco's enterprise firewall is on my list. I have to decide whether I really want to work that hard.

PS
In a router using multi-cores I am not sure how you control packet sequencing. With TCP not a problem but with UDP I am not sure how it works. I guess you have to control conversations to 1 core.

 

[Tech9]

We will see if they change it to a multi-threaded app and make it better.

Read below. And sound like last time you have run Snort on pfSense was many, many years ago. Configuration is few clicks now.

Snort Rules and IDS Software Download

most powerful IPS in the world, setting the standard for intrusion detection.

www.snort.org

Cisco has the power to make Snort better.

No idea what are you talking about. If it's about the hardware, @avtella server hardware can do IPS/IDS for your entire neighborhood.

 

[Tech9]

If you like he man installs then you are going to really like Cisco command line.

Just the opposite - I like GUI. Never needed to write on command line in pfSense for my setups. It's there, but I don't use it. The GUI has enough configuration options. This applies to packages too. All popular Snort, Suricata, pfBlockerNG are all GUI configuration. Very easy in never versions.

 

[coxhaus]

Configuration is few clicks now.

I am not sure this correct. Don't you have to load another package for IPS outbound to work? And then you have to tie them together.

This all works with Untangle in the base system install because Untangle is a true UTM device.

 

[Tech9]

First you choose what package you prefer, Snort or Suricata. Then you choose what rules you want to use, free community or paid subscription to your preferred security company. Then you choose what interface and traffic you want to apply the rules to. It’s all GUI configuration. You have to know what are you doing. For beginners I recommend warn mode only with no blocking or automatic configuration in Snort.

 

[coxhaus]

The problem using pfsense is it takes lots of time to train your Snort. I spent a week and I think I could of spent another couple of weeks. This is a lot of work. Using Untangle it comes setup and ready to go. I only added a hand full of items over the 3 years I ran it. Nothing like trying to use pfsense.

The way you are talking I don't think you Tech9, have really run Snort or Suricata for any length of time. It seems like you only spit out marketing terms with very little understanding. Can you tell me how outbound traffic is blocked automatically in IPS mode? I think it has changed with the new Snort but I am not sure.

 

[Tech9]

Just to remind you @coxhaus I run pfSense firewall for my home system. I’m trying to help you. Snort has one click automatic configuration rules now. You perhaps have missed a lot of development in recent years. Try it for yourself and make a decision. I’m not forcing you to buy specific hardware, nor use specific software. Everything is documented and easy to read and understand, especially if you already have some networking background.

 

[coxhaus]

Just to remind you @coxhaus I run pfSense firewall for my home system. I’m trying to help you. Snort has one click automatic configuration rules now. You perhaps have missed a lot of development in recent years. Try it for yourself and make a decision. I’m not forcing you to buy specific hardware, nor use specific software. Everything is documented and easy to read and understand, especially if you already have some networking background.

You have not told me how outbound scanning and blocking works for malware. Is it on automatically with your couple of clicks?

 

[Tech9]

Yes, it can be done in GUI for both Snort and Suricata. I can count the clicks, if it’s very important for you. You don’t need to scan outbound traffic, unless you don’t trust you own network.

 

[coxhaus]

Yes, it can be done in GUI for both Snort and Suricata. I can count the clicks, if it’s very important for you. You don’t need to scan outbound traffic, unless you don’t trust you own network.

I had a cousin come over with an infected laptop. Untangle shut it down from getting on the internet. I also had my music server infected when I had someone over to help with their problem laptop. It was the reason I added VLANs to protect my servers in the old days. I can't trust what is going to be on my LAN. People always need help with their PCs. I have a VLAN for untrusted computers devices until I can secure them. So yes, I don't think any network is secure as you never know what is going to show up. How about a hacked wireless? You hope it does not happen but over the years there it has happen with wireless security holes. You want your firewall to shut down out bound connections if they are sending spam or malware.

For a firewall not to have outbound scanning is a weakness. All enterprise firewalls have outbound scanning. Can I live without it, yes but I would prefer it. If the device supports it I will use it.

You still are trying not answer my question above or can't. More marketing as it can be done in the GUI????? pfsense runs with a GUI.... You should have an understanding if you have run it.

 

[Tech9]

Marketing of what, @coxhaus? You can run Snort and Suricata on multiple platforms. It doesn’t have to be pfSense. It’s just much easier there and GUI configurable. And yes, you can scan your outbound traffic, if you want to. You can scan that guest VLAN only, your choice.