pfSense/ OPNsense help

[Thomas01]

For Pfsense/Opensense do can I just use the following hardware or do I need to buy a switch?

Netgear Cable Modem CM2050V

Asus GT-AX11000

Hunsn Firewall Appliance

 

[ddaenen1]

from what i read, you can install pfSense or OPNsense on your Hunsn Firewall appliance. That would mean you have to degrade your Asus to an AP.

 

[Tech9]

For Pfsense/Opensense do can I just use the following hardware or do I need to buy a switch?

You already have 4-port switch (5-port in AP Mode) on your All-in-One (router, switch, access point) GT-AX11000 "router". What you don't have is VLAN support. You need AP with VLAN support for isolated from main LAN/WLAN Guest Network with pfSense/OPNsense.

 

[Thomas01]

You already have 4-port switch (5-port in AP Mode) on your All-in-One (router, switch, access point) GT-AX11000 "router". What you don't have is VLAN support. You need AP with VLAN support for isolated from main LAN/WLAN Guest Network with pfSense/OPNsense.

I'm not going to have a VLAN or guest network as of now so, I don't need to buy a switch?

from what i read, you can install pfSense or OPNsense on your Hunsn Firewall appliance. That would mean you have to degrade your Asus to an AP.

How do I connect my Netgear CM2050v cable modem, Hunsn firewall and Asus GT-AX11000 AP? What do I connect to what?

 

[Tech9]

What do I connect to what?

If you are asking questions like this - pfSense/OPNsense firewall is not for you. The setup requires above average networking knowledge.

 

[Crimliar]

Okay, back to the drawing board here. What is it that you are trying to achieve, it sounds to me as if you are intending to use the pfsense box as just a "transparent firewall" (there are videos on YouTube about doing this). For a home network, this seems overkill (you could run Skynet on the Asus router, and for a small business network you'd be better off using the pfsense box as router/firewall with APs!

 

[Thomas01]

If you are asking questions like this - pfSense/OPNsense firewall is not for you. The setup requires above average networking knowledge.

Unhelpful! I believe that I will be able to do it

 

[L&LD]

Don't engage with negativity. Others will be able to help as you need.

 

[Thomas01]

Okay, back to the drawing board here. What is it that you are trying to achieve, it sounds to me as if you are intending to use the pfsense box as just a "transparent firewall" (there are videos on YouTube about doing this). For a home network, this seems overkill (you could run Skynet on the Asus router, and for a small business network you'd be better off using the pfsense box as router/firewall with APs!

I am using for my home. I am intending to use the pfsense box as my router and firewall and the Asus as my AP.

 

[Crimliar]

So it's pretty simple:
Modem/ONT/PON > WAN : pfsense router/firewall : LAN > WAN : Asus router in AP mode.
Personally, I'd set the pfsense box up first before hooking up the Asus router.

 

[Tech9]

Unhelpful! I believe that I will be able to do it

Just the opposite - I'm trying to save you the frustration. Your thread title is "Pfsense/Opensense help". Both are written incorrectly to begin with (pfSense/OPNsense). You don't need router/firewall OS help at the moment. You need basic connections between devices help. Good luck.

 

[Thomas01]

Just the opposite - I'm trying to save you the frustration. Your thread title is "Pfsense/Opensense help". Both are written incorrectly to begin with (pfSense/OPNsense). You don't need router/firewall OS help at the moment. You need basic connections between devices help. Good luck.

I was trying to have a broad title since when I first started the thread I wanted to make sure that I was purchasing the right hardware and not purchasing stuff I didn't need. I just ordered the modem and the OPNsense box last night from Amazon and I am going to reuse my Asus GT-AX11000 as an AP. I also wanted to know how to connect them in advance so that way as soon as all the hardware arrives I can set it up.

1st reason for doing this is to get better internet and wifi performance. 2nd reason is more customization and control over my network.

 

[Tech9]

1st reason for doing this is to get better internet and wifi performance.

You most likely won't get better Internet and Wi-Fi performance. The modem will provide what you have as ISP plan, nothing more. The Asus router will provide still the same Wi-Fi as before. It's the same Asus router after all.

2nd reason is more customization and control over my network.

What customization and control you are after? With no VLAN support AP and switch (your home router) network separation is out of question. Asuswrt on your Asus router has good for home router set of control tools and easy to use.

 

[Thomas01]

You most likely won't get better Internet and Wi-Fi performance. The modem will provide what you have as ISP plan, nothing more. The Asus router will provide still the same Wi-Fi as before. It's the same Asus router after all.

I'm trying to get closer to my Comcast/Xfinity speed of 1.2 gig download. I got all of my 40mbps upload speed so download speed is my focus. I thought that the speed might be better since OPNsense box I am getting obviously has more powerful hardware. Should I buy a better Asus router to use as an AP? If I buy Another Asus router I could have mesh wifi system. I didn't buy because a new Asus router because I thought it would be fine to save money and repurpose my Asus GT-AX11000 router as an AP. I have had it for 2-3 years now, running Asuswrt Merlin.

What customization and control you are after? With no VLAN support AP and switch (your home router) network separation is out of question. Asuswrt on your Asus router has good for home router set of control tools and easy to use.

I just want to explore more features than what Asus Merlin has. The feature I am interested in right now is the IPS with Suricata. I haven't looked into that too much or any other features yet since I'm focused on learning how to get internet up and running first so I can be prepared once everything arrives and not take too long to setup and be without internet.

 

[Tech9]

I'm trying to get closer to my Comcast/Xfinity speed of 1.2 gig download.

Your Asus router can handle this ISP, but you can't push that speed over Wi-Fi unless you have AX clients with 160MHz wide channel support and 160MHz is actually working in your area. You gain speed, but lose coverage in this case. Your existing AX 80MHz capable clients and all AC/N clients will work in exactly the same way. In most cases no device will see >800Mbps on Wi-Fi and Gigabit wired.

The feature I am interested in right now is the IPS with Suricata.

Most of Internet communication today is encrypted and IDS/IPS (Suricata or Snort) will see nothing unless you run a SSL proxy Man In The Middle style (with Squid) with associated with it issues. If your idea is inspecting traffic with Suricata - forget about it, it won't work for most of your traffic. The same as AiProtection in Asuswrt it can react on URL rules, but won't see any encrypted data.

 

[Thomas01]

Your Asus router can handle this ISP, but you can't push that speed over Wi-Fi unless you have AX clients with 160MHz wide channel support and 160MHz is actually working in your area. You gain speed, but lose coverage in this case. Your existing AX 80MHz capable clients and all AC/N clients will work in exactly the same way. In most cases no device will see >800Mbps on Wi-Fi and Gigabit wired.

So I won't benefit from buying a new router?

Most of Internet communication today is encrypted and IDS/IPS (Suricata or Snort) will see nothing unless you run a SSL proxy Man In The Middle style (with Squid) with associated with it issues. If your idea is inspecting traffic with Suricata - forget about it, it won't work for most of your traffic. The same as AiProtection in Asuswrt it can react on URL rules, but won't see any encrypted data.

Zenarmor seems to be what I want just, found it!

 

[Tech Junky]

@Thomas01

If you want more visibility ditch the sense idea and roll Linux. More options and robust software available. It's not good for be cookie cutter but, since all routers and switches run it anyway it's your foundation to build off of.

I don't know the specs of your box you're planning on using but, building from the ground up is what I did for different reasons. Taking a PC and turning it into a router or more gives you the options to do what you think you want to do. Since this sounds more like a hobby than practical need start with what you have and if you're more serious or have an actual need for a tin foil approach build something specific for the need.

There are plenty of homebrew tutorials on how to bend Linux to your will to do this sort of thing. Just keep in mind the more stuff you enable the slower your speeds will get with all of the triggers being processed.

 

[Tech Junky]

Also, don't buy routers to be APs it's a waste of money and hardware. Buy a decent AP or two and hardwire them back to the new router you make yourself.

 

[Tech9]

So I won't benefit from buying a new router?

I run multiple networks (3x business and 1x residential) with pfSense firewalls and one sentence is enough for me to understand who needs such hardware and software and who doesn't. You start with knowledge first and purchase hardware based on your needs after. Doing it in reverse is a mistake usually ending with frustration, disappointment and money spent on hardware you don't need and don't know what to do with. Some responders don't care how much money you are going to spend and will push you in a wrong direction based on your uninformed ideas.

From what I read so far - you'll have minimal or zero benefits from your x86 box. You definitely don't need a new home router and you don't need 3rd party involvement like Zeroarmor. Your Asus router already has optimized for home router hardware AiProtection with similar 3rd party involvement from TrendMicro. If you really want a good pfSense powered system you need not only x86 hardware (your Hunsn whatever it is), but also VLAN capable switch with PoE and VLAN capable business class access points with PoE plus required Ethernet infrastructure. For a good set you're looking at $1000 to start. For a good setup you're looking at lots of time in learning. Note: YouTube won't help with no understanding of what are you doing.

If you want really quick disappointment and this Hunsn on eBay - roll bare Linux with command line configuration. It's perfect for beginners. I'm out of this conversation and leaving you on helpful guys above. What you are going to do and now much money you are going to spend is your choice.

 

[Thomas01]

If you want more visibility ditch the sense idea and roll Linux.

What OS do you recommend? From a very quick search dd wrt and Tomato look like they might be good options.

specs of your box you're planning on using

I ordered this one from Amazon yesterday https://a.co/d/2Kuj2QA