What's new

Secure standalone router, Ubiquiti EdgeRouter ER-X?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

beigecat

New Around Here
I'm looking for a good secure standalone router,
would Ubiquiti Edgerouter ER-X be a good choice?
I need it to front face the Internet, and separate VLANs. Is it ideal to place another firewall in front of it? I could learn pfsense or opnsense, I'm a programmer.
I've been using old Asus routers and recently got hacked, front facing Openwrt to the internet.. I need something more secure.
I tried the ER605 but the firewall setup is terrible. It doesn't follow the rules I set exactly, and it doesn't even have command line access to enter in the rules, everything is GUI only, So I have to return it. This is the Canadian version anyway, I think some US versions can access SSH and call 'iptables' but not mine.
Thanks in advance.
 
I'm looking for a good secure standalone router,
would Ubiquiti Edgerouter ER-X be a good choice?
I need it to front face the Internet, and separate VLANs. Is it ideal to place another firewall in front of it? I could learn pfsense or opnsense, I'm a programmer.
I've been using old Asus routers and recently got hacked, front facing Openwrt to the internet.. I need something more secure.
I tried the ER605 but the firewall setup is terrible. It doesn't follow the rules I set exactly, and it doesn't even have command line access to enter in the rules, everything is GUI only, So I have to return it. This is the Canadian version anyway, I think some US versions can access SSH and call 'iptables' but not mine.
Thanks in advance.

The ER are nice boxes, but they are older and starting to lack support. Ubiquiti is moving away from them. But they are cheap and powerful. If you're going to use PFSense no need for an ER - that would be your router and firewall. You can run it on Raspberry Pi or a cheap x86 based box.

People seem to be liking firewalla these days but depending on the performance you need, they can get a bit pricey.

@Tech9 plays with this stuff a lot, probably has some good suggestions, and he's your neighbor :D
 
would Ubiquiti Edgerouter ER-X be a good choice?

Ubiquiti ER-X router is in unofficial EoL state. I recommend it for Dual WAN management sometimes because of the low cost... if you can find one. TP-Link ER605 is the cheapest Omada SDN compatible router - good for low cost home setup with not too many bells and whistles. Another similar product is MikroTik hEX... if you have the patience to understand their RouterOS. If you can deal with pfSense on x86 - this is the way to go. Popular enterprise level OS and wide hardware choice of mini-PCs on the market with hardware good enough for years ahead. Some like OPNsense, but less support available.

You can run it on Raspberry Pi

pfSense doesn't run on Raspberry Pi.
 
Just losing your mind...

lost-mind.gif
 
ER-X is comparable to the hEX line of mikrotik routers.
You can try one of these if you don't want to spend a lot of money and have time to learn RouterOS.
 
I have several ER-X's and quite like them ... but as already mentioned upthread, Ubiquiti's continued support seems in doubt. Also, they are a little underpowered by current standards --- they can handle 1Gbps throughput as long as the CPU doesn't have to get involved, but if you turn on any fancy filtering features (beyond iptables-like routing) the throughput drops quite a bit. If you want something as a cheap short-term solution, and can find one at a non-scalper price, then maybe get an ER-X. Running pfSense or the like on cheap x86 hardware seems preferable in the long run, though you'll spend a bit more $ on the hardware and more time on getting it set up.
 
Ubiquiti ER-X router is in unofficial EoL state. I recommend it for Dual WAN management sometimes because of the low cost... if you can find one. TP-Link ER605 is the cheapest Omada SDN compatible router - good for low cost home setup with not too many bells and whistles. Another similar product is MikroTik hEX... if you have the patience to understand their RouterOS. If you can deal with pfSense on x86 - this is the way to go. Popular enterprise level OS and wide hardware choice of mini-PCs on the market with hardware good enough for years ahead. Some like OPNsense, but less support available.



pfSense doesn't run on Raspberry Pi.
ERX is very cheap on Amazon and can run OpenWrt although I am having trouble trusting OpenWrt.
I may have compromised devices on the LAN, and attacks from the WAN side. I need to separate them from each other and I will use firewall rules to block them from accessing any open router ports.
Would Protectli FW2B be a good option for pfSense?

Say I have a T95 Android box with malware, would pfSense be the best for possibly detecting that?..
thanks!
 
I have several ER-X's and quite like them ... but as already mentioned upthread, Ubiquiti's continued support seems in doubt. Also, they are a little underpowered by current standards --- they can handle 1Gbps throughput as long as the CPU doesn't have to get involved, but if you turn on any fancy filtering features (beyond iptables-like routing) the throughput drops quite a bit. If you want something as a cheap short-term solution, and can find one at a non-scalper price, then maybe get an ER-X. Running pfSense or the like on cheap x86 hardware seems preferable in the long run, though you'll spend a bit more $ on the hardware and more time on getting it set up.
Sounds like it would do for isolating vlans, for the short term anyway. I will order one to try..
 
What i don't like about Ubiquiti is that you cannot configure everything via the GUI and some features are overly complicated to set up. I also never understood why Ubiquiti doesn't follow the 802.3af/at POE standard. With RouterOS from Mikrotik you can do everything via the GUI but again, some features are also overly complicated to set up. This is what i like so much with pfSense which is also much feature richer. You may not need them but it made me go away from my RB3011 which was overall a better experience than the Edgerouter.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top