Full 1gig IPS/IDS single box?

[SecurityMan]

Is there anything available right now sub $500 with passive cooling that handle this? It would also be running pfsense and routing regular traffic so I'm not asking for a separate inline IPS box.

Thanks

 

[coxhaus]

Untangle is your best bet if you are talking running at home. The problem is you don't need pfsense or you need to run a separate UTM box. With pfsense it would probably be more of a hinderance than helping with split boxes. pfsense does not play well with others. I think a router>UTM>L3 switch works very well for a structure.
You can get by with Untangle> L3 switch. Trying to go without a L3 switch is a problem for outbound traffic. You don't want all your local traffic running through your UTM only real outbound traffic. Small consumer routers don't check outbound traffic so running a real UTM is different.

 

[SecurityMan]

Untangle is your best bet if you are talking running at home. The problem is you don't need pfsense or you need to run a separate UTM box. With pfsense it would probably be more of a hinderance than helping with split boxes. pfsense does not play well with others. I think a router>UTM>L3 switch works very well for a structure.
You can get by with Untangle> L3 switch. Trying to go without a L3 switch is a problem for outbound traffic. You don't want all your local traffic running through your UTM only real outbound traffic. Small consumer routers don't check outbound traffic so running a real UTM is different.

Thanks for the reply. Do you know what hardware requirements I should be looking at?

 

[Tech9]

Better stick to pfSense. Untangle is less popular, community support is limited and it's not free. You don't need L3 switch. Netgate SG-5100 can do Gigabit IDS/IPS (multi-threaded - Suricata, Snort 3.0), but it's more expensive - $700. Comes with pfSense Plus license, guaranteed to work and power efficient. If you can stretch your budget a bit, it's a good ready to go appliance. You can order Qotom/Protecli x86 box with the fastest CPU that fits your budget and 4-8GB RAM. You can also build your own box using SFF business PC from HP/Dell/Lenovo. They come cheap on eBay. It won't be fanless and not the most power efficient, but for $500 you can get much faster desktop CPU and NIC's with 2.5Gb ports. By the way, IPS/IDS is not that effective anymore.

 

[John Davis]

Better stick to pfSense. Untangle is less popular, community support is limited and it's not free. You don't need L3 switch. Netgate SG-5100 can do Gigabit IDS/IPS (multi-threaded - Suricata, Snort 3.0), but it's more expensive - $700. Comes with pfSense Plus license, guaranteed to work and power efficient. If you can stretch your budget a bit, it's a good ready to go appliance. You can order Qotom/Protecli x86 box with the fastest CPU that fits your budget and 4-8GB RAM. You can also build your own box using SFF business PC from HP/Dell/Lenovo. They come cheap on eBay. It won't be fanless and not the most power efficient, but for $500 you can get much faster desktop CPU and NIC's with 2.5Gb ports. By the way, IPS/IDS is not that effective anymore.

I’d definitely go with the used or new SFF pc - more grunt/$, and less hassles in terms on maintenance ( going to faster fibre, no prob, just chuck a cheap intel 10gbe card in it) and easy access to parts

I’m running opnsense+zenarmor on an old HP elitedesk (i7-6700) which was headed to e-waste, heaps of cpu to spare and can’t beat the price

 

[Tech9]

I’d definitely go with the used or new SFF pc

I agree, the best price/performance and the easiest to upgrade. Not fanless though. I used to play a lot with servers, SFF's, USDT's, Mini PC's - many options for DIY and some may come for free indeed. Currently using Netgate appliance - it kills the urge to tinker with it. It just works and I have more free time.

 

[coxhaus]

Better stick to pfSense. Untangle is less popular, community support is limited and it's not free. You don't need L3 switch. Netgate SG-5100 can do Gigabit IDS/IPS (multi-threaded - Suricata, Snort 3.0), but it's more expensive - $700. Comes with pfSense Plus license, guaranteed to work and power efficient. If you can stretch your budget a bit, it's a good ready to go appliance. You can order Qotom/Protecli x86 box with the fastest CPU that fits your budget and 4-8GB RAM. You can also build your own box using SFF business PC from HP/Dell/Lenovo. They come cheap on eBay. It won't be fanless and not the most power efficient, but for $500 you can get much faster desktop CPU and NIC's with 2.5Gb ports. By the way, IPS/IDS is not that effective anymore.

So, the question becomes does Suricata or Snort 3.0 filter outbound traffic? If yes then you will not want your local router in front of your UTM. Think about it. If you start routing lots of local data then you can overload your UTM. Plus, it clutters up your firewall logs with local traffic. The layer 3 switch solves this problem. Logs are hard enough to read without making them bigger. Filtering 1 gig full duplex of data takes resources which you will not want to waste.

I ran Snort on pfsense for maybe 6 weeks or so. It was a high maintenance item. I was on almost every day having to decide what to do stuff. I did not want to have to spend the time it required to run it at home so I took it off.

Untangle handles most of the stuff for home use. It is kind of set and forget about it. Untangle will take care of it for you. Untangle is $50 for home use. It will be much more expensive for business use.

 

[Tech9]

In pfSense you can run whatever you want, even if it doesn’t make sense. Quad-core x86 CPU can route multi-Gigabit. Most x86 appliances are limited by Gigabit ports only. L3 switch on a small/home network is a waste of time, money and electricity. When you have extra resources available, better find a way to use them. Like upgrading to 2.5/5/10Gb ports, for example. Firewalls with 2.5Gb ports are hard to find and expensive. Not for DIY people.

 

[coxhaus]

In pfSense you can run whatever you want, even if it doesn’t make sense. Quad-core x86 CPU can route multi-Gigabit. Most x86 appliances are limited by Gigabit ports only. L3 switch on a small/home network is a waste of time, money and electricity. When you have extra resources available, better find a way to use them. Like upgrading to 2.5/5/10Gb ports, for example. Firewalls with 2.5Gb ports are hard to find and expensive. Not for DIY people.

I am sorry you don't understand the structure. Learn more networking.

 

[Tech9]

No. You had to save resources on routers you worked with 20 years ago, before you retired. It’s not needed now. Today’s x86 firewalls have enough processing power to run full-fledged OS like Windows and make circles around networking equipment you remember. Sorry, technology is moving forward.

 

[coxhaus]

No. You had to save resources on routers you worked with 20 years ago, before you retired. It’s not needed now. Today’s x86 firewalls have enough processing power to run full-fledged OS like Windows and make circles around networking equipment you remember. Sorry, technology is moving forward.

It is still networking it is just bigger and faster. You need to learn networking. Running an x86 box does not make you a network person. Work on a network with 600 or 6000 PCs and an x86 box will not save you.

 

[Tech9]

This forum is part of Small Network Builder website. Pay attention on Small. No one here runs 600 or 6000 wired PC’s. No one here needs an L3 switch. Cut the personal attacks. If you need help with Snort or Suricata, let me know. Act fast before I send you to Steve Gibson, in my ignore list.

 

[John Davis]

Untangle handles most of the stuff for home use. It is kind of set and forget about it. Untangle will take care of it for you. Untangle is $50 for home use. It will be much more expensive for business use.

Untangle Basic is $50/yr - but is extremely limited in function. If you want something more akin to a full UTM you’re looking at Home Protect Plus with is $150/yr

I trialled untangle and it being written entirely in java means it needs a LOT of resources to handle a 1gig wan connection - for $50/year less you can get a zenarmor subscription, and it’s a LOT friendlier for handling outbound traffic and more resource efficient ( and with opnsense finally rolling out rss support zenarmor is meant to being move to being properly multi-threaded which will help even more)

 

[Tech9]

Like upgrading to 2.5/5/10Gb ports, for example.

Here, @jsmiddleton4 is playing with DIY 2.5Gb NIC's router/firewall already:

Simple names for USB attached drive?

I have a USB drive attached to an ASUS AX-86U. I've had the drive attached to previous routers as well. Easy way to have network drive and it is very easy to Eject, move to a laptop, update video files, etc., pop it back in the router. If I check "Simple Share Naming" I can't find the...

www.snbforums.com

Desktop quad-core i5 CPU can route 10Gb traffic and do 2.5Gb IPS/IDS multi-threaded.

 

[sfx2000]

Is there anything available right now sub $500 with passive cooling that handle this? It would also be running pfsense and routing regular traffic so I'm not asking for a separate inline IPS box.

Quick question - why run an IPS/IDS for a home network?

It's overkill for the the most part, unless one's life is dedicated to monitor and update the rulesets/profiles/signatures...

I've got better things to do, so I don't run these things at home - even though I have the HW and resources to run them -- I just don't have the time or need to run them - I don't run a web server, inbound VPN endpoint, etc, so my external service threat profile doesn't merit the time needed.

A stateful packet firewall is pretty much all that is needed...

 

[coxhaus]

Quick question - why run an IPS/IDS for a home network?

It's overkill for the the most part, unless one's life is dedicated to monitor and update the rulesets/profiles/signatures...

I've got better things to do, so I don't run these things at home - even though I have the HW and resources to run them -- I just don't have the time or need to run them - I don't run a web server, inbound VPN endpoint, etc, so my external service threat profile doesn't merit the time needed.

A stateful packet firewall is pretty much all that is needed...

This is why I quit running a UTM device at home though Untangle is the easiest. Hacking has evolved.